How can DHCP spoofing attacks be mitigated?
- by disabling DTP negotiations on nontrunking ports
- by implementing port security
- by the application of the ip verify source command to untrusted ports
- by implementing DHCP snooping on trusted ports
Explanation: One of the procedures to prevent a VLAN hopping attack is to disable DTP (auto trunking) negotiations on nontrunking ports. DHCP spoofing attacks can be mitigated by using DHCP snooping on trusted ports. The ip verify source interface configuration command is used to enable IP Source Guard on untrusted ports to protect against MAC and IP address spoofing.
Exam with this question: CCNA Security Practice Final Exam Answers
Exam with this question: Modules 13 - 14: Layer 2 and Endpoint Security Group Exam Answers
Please login or Register to submit your answer