A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac . What is the purpose of this configuration command?

A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac . What is the purpose of this configuration command?

• to check the destination MAC address in the Ethernet header against the MAC address table
• to check the destination MAC address in the Ethernet header against the user-configured ARP ACLs
• to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body
• to check the destination MAC address in the Ethernet header against the source MAC address in the ARP body

Explanation: DAI can be configured to check for both destination or source MAC and IP addresses:
Destination MAC – Checks the destination MAC address in the Ethernet header against the target MAC address in the ARP body.
Source MAC – Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
IP address – Checks the ARP body for invalid and unexpected IP addresses including addresses 0.0.0.0, 255.255.255.255, and all IP multicast addresses.

Exam with this question: Network Security ( Version 1) - Network Security 1.0 Modules 13-14: Layer 2 and Endpoint Security Group Exam
Exam with this question: 11.6.4 Module Quiz - Switch Security Configuration Answers