A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?

IT Questions BankCategory: CCNA SecurityA network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?

Question:
A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?

  • It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs.
  • It checks the source MAC address in the Ethernet header against the MAC address table.
  • It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
  • It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body.

Explanation:

DAI can be configured to check for both destination or source MAC and IP addresses:

  • Destination MAC - Checks the destination MAC address in the Ethernet header against the target MAC address in the ARP body.
  • Source MAC - Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
  • IP address - Checks the ARP body for invalid and unexpected IP addresses including addresses 0.0.0.0, 255.255.255.255, and all IP multicast addresses.

Exam with this question: Modules 10 – 13: L2 Security and WLANs Exam Answers
Exam with this question: Module 14: Quiz – Layer 2 Security Considerations Network Security

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments