ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam
Go to Exam

Exam 350-701 topic 1 question 462 discussion

Actual exam question from Cisco's 350-701
Question #: 462
Topic #: 1
[All 350-701 Questions]

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?

  • A. It drops the packet after validation by using the IP & MAC Binding Table.
  • B. It forwards the packet without validation.
  • C. It forwards the packet after validation by using the IP & MAC Binding Table.
  • D. It drops the packet without validation.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by hous90 at Nov. 26, 2022, 7:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hous90
Highly Voted 1 year, 5 months ago
Selected Answer: B
Correct The switch forwards ARP packets that it receives on a trusted interface, but does not check them. https://www.cisco.com/en/US/docs/general/Test/dwerblo/broken_guide/dynarp.html
upvoted 7 times
...
robber_chan
Most Recent 10 months, 2 weeks ago
DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid. so B is correct!!!
upvoted 1 times
...
bmayer
1 year, 3 months ago
B is correct ...DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.
upvoted 3 times
...
sull3y
1 year, 3 months ago
A Dynamic ARP Inspection (DAI) is a security feature that helps protect against ARP spoofing attacks by validating ARP packets against an IP-to-MAC address binding table. When a switch receives a spoofed ARP response on a trusted interface, it will check the IP-to-MAC address binding table to see if the source IP address and source MAC address match. If they do not match, the switch will drop the packet as it is determined to be a spoofed packet. This helps to protect the network from man-in-the-middle attacks and other ARP spoofing-based attacks.
upvoted 1 times
sull3y
1 year, 3 months ago
sorry,the answer should be B..as per below Packets arriving on trusted interfaces bypass all DAI validation checks and are forwarded without validation by the switch
upvoted 6 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago