Which countermeasures can mitigate ARP spoofing attacks?

seenagapeMay 14, 2017

Which countermeasures can mitigate ARP spoofing attacks? (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
Port security

B.
DHCP snooping

C.
IP source guard

D.
Dynamic ARP inspection

Explanation:
BD
+ ARP spoofing attacks and ARP cache poisoning can occur because ARP allows a gratuitous reply from a
host even if an ARP request was not received.
+ DAI is a security feature that validates ARP packets in a network. DAI intercepts, logs, and discards ARP
packets with invalid IP-to-MAC address bindings. This capability protects the network from some man-in-themiddle attacks.
+ DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted
database, the DHCP snooping binding database.
Source: Cisco Official Certification Guide, Dynamic ARP Inspection, p.254

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

Cisco Exam Questions

Free Cisco Study Guide

Which countermeasures can mitigate ARP spoofing attacks?

Leave a Reply Cancel reply