Exam 312-50v11 topic 1 question 114 discussion

What is DHCP snooping database? DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities: • Validates DHCP messages received from untrusted sources and filters out invalid messages. • Overview of Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. This capability protects the network from certain “man-in-the-middle” attacks.

Defend Against ARP Poisoning Implement Dynamic ARP Inspection(DAI) Using DHCP Snooping Binding Table. To validate the ARP packet, the DAI performs IP-address-to-MAC-address binding inspection stored in the DHCP snooping database before forwarding the packet to its destination. If any invalid IP address binds a MAC address, the DAI will discard the ARP packet. (P.1149/1133)

DHCP Snooping is a layer 2 security technology incorporated into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. DHCP Snooping prevents unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.????

pg 1151-3 official doc . So B

DHCP snooping must be enabled before enabling DAI. ergo DAI needs(leverages) DHCP snooping.

when cisco was born - network problems appear!)))

correct