CCNP Switch FAQ: Preventing Spoofing Attacks
Q1. DHCP snooping helps mitigate which one of the following spoofed parameters?
a. Subnet mask
b. Gateway address
c. DNS address
d. DHCP request
Q2. With DHCP snooping, an untrusted port filters out which one of the following?
a. DHCP replies from legitimate DHCP servers
b. DHCP replies from rogue DHCP servers
c. DHCP requests from legitimate clients
d. DHCP requests from rogue clients
3. Which two of the following methods does a switch use to detect spoofed addresses when IP Source Guard is enabled?
a. ARP entries
b. DHCP database
c. DHCP snooping database
d. Static IP source binding entries
e. Reverse path-forwarding entries
4. Which one of the following commands should you use to enable IP Source Guard on a switch interface?
a. ip source-guard
b. ip guard source
c. ip verify source
d. ip source spoof
5. Dynamic ARP Inspection helps mitigate an attack based on which one of the following parameters within an ARP reply packet?
a. Source IP address
b. MAC address
c. Destination IP address
d. Sequence number
Answer: B
6. Which one of the following should be configured as a trusted port for dynamic ARP inspection?
a. The port where the ARP server is located.
b. The port where an end-user host is located.
c. The port where another switch is located.
d. None; all ports are untrusted.
More Resources