Which security feature restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which security feature restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database?

Explanation:
IP Source Guard uses the DHCP snooping binding database to validate the source of traffic on untrusted Layer 2 ports. The binding database links each MAC address to its approved IP address, VLAN, and port as learned from DHCP. When a frame arrives on an untrusted port, IP Source Guard checks that the source IP and MAC match the binding for that port; if they don’t, the frame is dropped. This prevents IP spoofing by attackers trying to send traffic with someone else’s IP on a switch port that hasn’t been whitelisted. DHCP Snooping is what builds this binding database in the first place, and Dynamic ARP Inspection uses that same data to verify ARP messages to prevent ARP spoofing. Port Security focuses on restricting MAC addresses learned on a port, not on validating IP sources against the DHCP bindings, so it doesn’t provide this specific IP-based protection.

IP Source Guard uses the DHCP snooping binding database to validate the source of traffic on untrusted Layer 2 ports. The binding database links each MAC address to its approved IP address, VLAN, and port as learned from DHCP. When a frame arrives on an untrusted port, IP Source Guard checks that the source IP and MAC match the binding for that port; if they don’t, the frame is dropped. This prevents IP spoofing by attackers trying to send traffic with someone else’s IP on a switch port that hasn’t been whitelisted.

DHCP Snooping is what builds this binding database in the first place, and Dynamic ARP Inspection uses that same data to verify ARP messages to prevent ARP spoofing. Port Security focuses on restricting MAC addresses learned on a port, not on validating IP sources against the DHCP bindings, so it doesn’t provide this specific IP-based protection.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy