CCNP Switch FAQ: Preventing Spoofing Attacks

CCNP Switch FAQ: Preventing Spoofing Attacks

Q1. DHCP snooping helps mitigate which one of the following spoofed parameters?
a. Subnet mask
b. Gateway address
c. DNS address
d. DHCP request

Answer: B

Q2. With DHCP snooping, an untrusted port filters out which one of the following?
a. DHCP replies from legitimate DHCP servers
b. DHCP replies from rogue DHCP servers
c. DHCP requests from legitimate clients
d. DHCP requests from rogue clients

Answer: B

3. Which two of the following methods does a switch use to detect spoofed addresses when IP Source Guard is enabled?
a. ARP entries
b. DHCP database
c. DHCP snooping database
d. Static IP source binding entries
e. Reverse path-forwarding entries

Answer: C, D
Figure: Using a Spoofed Address Within a Subne

4. Which one of the following commands should you use to enable IP Source Guard on a switch interface?
a. ip source-guard
b. ip guard source
c. ip verify source
d. ip source spoof

Answer: C

5. Dynamic ARP Inspection helps mitigate an attack based on which one of the following parameters within an ARP reply packet?
a. Source IP address
b. MAC address
c. Destination IP address
d. Sequence number

Answer: B

6. Which one of the following should be configured as a trusted port for dynamic ARP inspection?
a. The port where the ARP server is located.
b. The port where an end-user host is located.
c. The port where another switch is located.
d. None; all ports are untrusted.

Answer: C

More Resources

About the author

Prasanna

Leave a Comment