A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac . What is the purpose of this configuration command?
- to check the destination MAC address in the Ethernet header against the MAC address table
- to check the destination MAC address in the Ethernet header against the user-configured ARP ACLs
- to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body
- to check the destination MAC address in the Ethernet header against the source MAC address in the ARP body
Explanation: DAI can be configured to check for both destination or source MAC and IP addresses:
Destination MAC – Checks the destination MAC address in the Ethernet header against the target MAC address in the ARP body.
Source MAC – Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
IP address – Checks the ARP body for invalid and unexpected IP addresses including addresses 0.0.0.0, 255.255.255.255, and all IP multicast addresses.
Exam with this question: Network Security ( Version 1) - Network Security 1.0 Modules 13-14: Layer 2 and Endpoint Security Group Exam
Exam with this question: 11.6.4 Module Quiz - Switch Security Configuration Answers
Please login or Register to submit your answer