Before you enable dynamic IP lockdown on an 5400 zl switch, which feature must be enabled
first?

A.
connection-rate filtering

B.
DHCP snooping

C.
ARP protection

D.
port security with eavesdropping protection

Explanation:
DHCP Snooping must be enabled on any vlan that you intend to implement IP
Lockdown.
Note: Dynamic IP Lockdown is a new feature that provides IP address level port based security to
protect against IP spoofing attacks. Malicious users often spoof their IP address to circumvent
security controls and to avoid being tracked. This can range from applications that authenticate via
source IP address to Access Control List (ACL) that permit traffic based on source IP
address.
Reference: Technical brief, Network Hardening: Access Control Switch Features