A security administrator is trying to prevent incorrect IP addresses from being assigned to clients on the network. Which of the following would MOST likely prevent this and allow the network to continue to operate?
A.
Configuring DHCP snooping on the switch
B.
Preventing broadcast messages leaving the client network
Configuring DHCP snooping on the switch would MOST likely prevent incorrect IP addresses from being assigned to clients on the network while allowing the network to continue to operate.
DHCP snooping is a security feature that can be enabled on a switch to prevent unauthorized DHCP servers from providing IP addresses to clients on the network. With DHCP snooping enabled, the switch monitors DHCP traffic and only allows DHCP responses from trusted servers. DHCP snooping can also prevent IP address spoofing by tracking the IP addresses assigned to clients and dropping DHCP traffic with conflicting information.
Ohh I want to select port security for the sake of principals. If port security is not there I can connect my device to another port and get an IP address from another VLAN.
But I guess in the exam, I will select something else, maybe
To prevent incorrect IP addresses from being assigned to clients on the network and allow the network to continue to operate, the security administrator should consider configuring DHCP (Dynamic Host Configuration Protocol) snooping on the switch.
DHCP snooping is a security feature that is used to prevent unauthorized DHCP servers from operating on a network. It works by allowing the switch to monitor and validate DHCP traffic on the network, ensuring that only legitimate DHCP messages are forwarded to clients. This can help to prevent incorrect IP addresses from being assigned to clients, as it ensures that only authorized DHCP servers are able to provide IP addresses to clients on the network.
In computer networking, DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure.
DHCP servers allocate IP addresses to clients on a LAN. DHCP snooping can be configured on LAN switches to exclude rogue DHCP servers and remove malicious or malformed DHCP traffic. In addition, information on hosts which have successfully completed a DHCP transaction is accrued in a database of bindings which may then be used by other security or accounting features.
Other features may use DHCP snooping database information to ensure IP integrity on a Layer 2 switched domain. This information enables a network to:
Track the physical location of IP addresses when combined with AAA accounting or SNMP.
Ensure that hosts only use the IP addresses assigned to them when combined with source-guard a.k.a. source-lockdown
Sanitize ARP requests when combined with arp-inspection a.k.a. arp-protect
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.N10-008 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
StellarSteve
Highly Voted 7 months, 3 weeks agofamco
Most Recent 6 months, 3 weeks agofamco
6 months, 3 weeks agoJakeCharles
10 months, 4 weeks agoDano000
1 year ago