What mitigation technique prevents rogue servers from supplying false IP configuration parameters?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the CCNA 2 Switching, Routing, and Wireless Essentials V7.0 Test. Explore multiple choice questions with hints and explanations to enhance your knowledge. Prepare flawlessly for your exam!

Multiple Choice

What mitigation technique prevents rogue servers from supplying false IP configuration parameters?

Explanation:
Turning on DHCP snooping is the correct response to mitigate the risk of rogue servers providing false IP configuration parameters. DHCP snooping is a security feature that acts as a firewall between untrusted hosts and trusted DHCP servers. When enabled, it allows the switch to monitor DHCP messages between clients and servers. It builds and maintains a binding table that records which IP addresses are assigned to which MAC addresses and the ports from which those assignments were made. This mechanism helps prevent unauthorized DHCP servers from sending invalid or malicious DHCP offers to clients. By allowing only specific configured ports to relay DHCP messages and filtering out any requests or acknowledgments from untrusted sources, DHCP snooping ensures that clients receive legitimate IP configuration parameters only from authorized DHCP servers. The other options, while relevant to network security, do not specifically address the issue of rogue DHCP servers supplying incorrect configurations. For example, port security primarily protects against MAC address flooding and unauthorized devices connecting to the network but does not filter DHCP messages. Configuring static IP addresses eliminates the need for DHCP altogether, thus sidestepping the issue but not providing a dynamic IP address solution for devices that require it. Enabling ARP inspection focuses on preventing ARP spoofing and doesn't directly mitigate rogue DHCP servers.

Turning on DHCP snooping is the correct response to mitigate the risk of rogue servers providing false IP configuration parameters. DHCP snooping is a security feature that acts as a firewall between untrusted hosts and trusted DHCP servers. When enabled, it allows the switch to monitor DHCP messages between clients and servers. It builds and maintains a binding table that records which IP addresses are assigned to which MAC addresses and the ports from which those assignments were made.

This mechanism helps prevent unauthorized DHCP servers from sending invalid or malicious DHCP offers to clients. By allowing only specific configured ports to relay DHCP messages and filtering out any requests or acknowledgments from untrusted sources, DHCP snooping ensures that clients receive legitimate IP configuration parameters only from authorized DHCP servers.

The other options, while relevant to network security, do not specifically address the issue of rogue DHCP servers supplying incorrect configurations. For example, port security primarily protects against MAC address flooding and unauthorized devices connecting to the network but does not filter DHCP messages. Configuring static IP addresses eliminates the need for DHCP altogether, thus sidestepping the issue but not providing a dynamic IP address solution for devices that require it. Enabling ARP inspection focuses on preventing ARP spoofing and doesn't directly mitigate rogue DHCP servers.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy