The IPv6 network is under attack by an unknown source that is neither in the binding table nor learned through neighbor discovery. Which feature helps prevent the attack?
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-src-guard.pdf
IPv6 Prefix Guard prevents home-node sourcing traffic outside of the authorized and delegated traffic.
...often used when IPv6 prefixes are delegated to devices using DHCP prefix delegation.
The feature discovers ranges of addresses assigned to the link and blocks any traffic sourced with an address outside this range.
Not "A".
https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2022/pdf/BRKENT-3002.pdf
Destination Guard
Drops packets for destinations without a binding entry
B is correct.The IPv6 Prefix Guard feature works within the IPv6 Source Guard feature and enables a device to reject traffic originating from addresses that are topologically incorrect.
Did someone take the time to study from the official certification guide? It lists all the defense mechanisms, and this scenario has nothing to do with Prefix Guard.
IPv6 Prefix Guard is a security feature that helps protect IPv6 networks against attacks related to the improper assignment of IPv6 prefixes. This mechanism is designed to prevent malicious or misconfigured devices from injecting or advertising unauthorized IPv6 prefixes into the network, which could cause routing issues, traffic diversion, or service disruption.
try the official cisco documentation: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-src-guard.pdf
The correct answer is D.
IPv6 Snooping learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables and analyzes ND messages in order to build a trusted binding table. IPv6 ND messages that do not have valid bindings are dropped.
100 % option B :
team please look this:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-e/ip6f-15-e-book/ip6f-15-e-book_chapter_0110.pdf
I would vote answer D.
To protect unknown source and ND attack.
Cisco Document (Page 2):https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16-10/ip6f-xe-16-10-book/ip6-snooping.pdf
This section is not available anymore. Please use the main Exam Page.300-410 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HungarianDish_111
Highly Voted 1 year, 11 months agosasasan12345
Highly Voted 2 years, 1 month agotubirubs
Most Recent 8 months, 2 weeks agoCiscoTerminator
3 months ago[Removed]
9 months, 1 week ago[Removed]
9 months, 2 weeks agosiyamak
1 year, 8 months agointeldarvid
1 year, 9 months agosteve_lee
1 year, 11 months agoMalasxd
1 year, 11 months agoLilienen
2 years, 2 months ago