DHCP snooping on Cisco Nexus 1000V Series Switches acts like a firewall between untrusted hosts and trusted DHCP servers by doing which of these? ()A、 validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP serversB、 intercepts all ARP requests and responses on untrusted portsC、 builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addressesD、 uses the DHCP snooping binding database to validate subsequent requests from untrusted hostsE、 limits IP traffic on an interface to only those sources that have an IP-MAC address binding table entry or static IP source entry

DHCP snooping on Cisco Nexus 1000V Series Switches acts like a firewall between untrusted hosts and trusted DHCP servers by doing which of these? ()

  • A、 validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP servers
  • B、 intercepts all ARP requests and responses on untrusted ports
  • C、 builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses
  • D、 uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts
  • E、 limits IP traffic on an interface to only those sources that have an IP-MAC address binding table entry or static IP source entry

相关考题:

中间人攻击或IP/MAC Spoofing攻击都会导致信息泄露等危害,且在内网中比较常见。为了防止中间人攻击或IP/MAC Spoofing攻击,可以采取的配置方法有:() A.配置Trusted/Untrusted接口。B.限制交换机接口上允许学习到的最多MAC地址数目。C.开启DHCP snooping检查DHCP REQUEST报文中CHADDR字段的功能。D.在交换机上配置DHCP snooping与DAI或IPSG进行联动。

对于此段配置描述错误的是() A.配置GigabitEthernet0/0/1接口为信任接口。B.如果GigabitEthernet0/0/1接口收到的DHCF请求报文中,没有OPTION82的SUBOPTION1信息,则设备会生成OPTION82,并插入到报文中C.开启DHCP Snooping配置可以用来防止DHCP server仿冒者攻击。D.开启DHCP Snooping配置可以用来防止ARP欺骗攻击

SX700系列交换机使能以下()功能可以防止DCP服务器私接。 A.MAC学习速率限制B. DHCP Snooping信任端口C.DHCP速率限制D.ARP速率限制

As a network administrator, you issue the interface auto qos voip cisco-phone command on a port in an edge network. It is possible for a Cisco Catalyst switch to check if a Cisco IP Phone is directly attached to that port by:()A. using DHCP snoopingB. snooping the incoming 802.1Q VLAN tagC. using CDPD. snooping the CoS marking on the incoming frames

DHCP Snooping是一种DHCP的安全特性,关于DHCP Snooping的说法,以下正确的是()。 A.DHCP Snooping绑定表分为动态绑定表和静态绑定表B.DHCP Snooping区分信任端口和非信任端口,对非信任端口,不处理DHCP Reply报文C.静态绑定表在报文入端口手工输入,也可以手工设置表项老化时间D.在二层上应用DHCP Snooping时,不配置Option82功能也可以获得绑定表所需的接口信息

阅读以下说明,回答问题1~3,将解答填入答题纸的对应栏内。某公司的网络拓扑结构如图3-1所示。其中的DHCP server安装的Linux系统。【问题2】(6分)若内部网络PC1上用户私自安装了dhcp服务器,则可能导致内网的用户无法获得正确的地址。要解决这个问题,可以在交换机上开启 (6) 功能,通过这种方式将交换机的(7)即接口设置为(8)接口。(6)备选答案:A、dhcp snooping B、dhcp relay C、dhcp discover D、dhcp unicast(8)备选答案:A、trust B、untrust C、dmz D、snooping

ARP-CHECK功能检查ARP报文合法性的来源有()A、IP+MAC的端口安全B、DHCP Snooping+IP SourceguardC、dot1x授权D、DHCP Snooping表

Which is the result of enabling IP Source Guard on an untrusted switch port that does not have DHCP snooping enabled?()A、DHCP requests will be switched in the software, which may result in lengthy response times.B、The switch will run out of ACL hardware resources.C、All DHCP requests will pass through the switch untested.D、The DHCP server reply will be dropped and the client will not be able to obtain an IP address.

Which of the following types of attacks does DHCP snooping prevent?(Choose all that apply.)()A、Attacker sends multiple DHCP requests flooding DHCP serverB、Attacker connects rogue server initiating DHCP requestsC、Attacker connects rogue server replying to DHCP requestsD、Attacker sends DHCP jam signal causing DHCP server to crashE、Attacker sends gratuitous ARP replies, thereby jamming the DHCP serverF、Attacker sends unsolicited DHCP replies, thereby jamming the DHCP server

When you enter the interface command auto qos voip cisco-phone on a port at the edge of a network,how does the Cisco Catalyst switch detect if a Cisco IP Phone is connected to the port?()A、by snooping the CoS marking on the incoming framesB、by using RTP hello messages between the switch port and the Cisco IP PhoneC、by using CDPD、by using DHCP snoopingE、by snooping the incoming 802.1Q VLAN tag

The Company is concerned about Layer 2 security threats.  Which statement is true about these  threats? ()A、 MAC spoofing attacks allow an attacking device to receive frames intended for a different  network host.B、 Port scanners are the most effective defense against dynamic ARP inspection.C、 MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable  attack points.D、 Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP  snooping attacks.E、 DHCP snooping sends unauthorized replies to DHCP queries.F、 ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G、 None of the other alternatives apply.

As a network administrator, you issue the interface auto qos voip cisco-phone command on a port in an edge network. It is possible for a Cisco Catalyst switch to check if a Cisco IP Phone is directly attached to that port by:()A、using DHCP snoopingB、snooping the incoming 802.1Q VLAN tagC、using CDPD、snooping the CoS marking on the incoming frames

Which three statements are true about DAI?()A、DAI intercept all ARP packets on untrusted portsB、DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP Snooping database.C、DAI is used to prevent against a DHCP Snooping attack.D、DAI forwards all ARP packets received on a trusted interface without any checks.E、DAI forwards all ARP packets on untrusted ports.F、DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.

In the event that two devices need access to a common server, but they cannot communicate witheach other, which security feature should be configured to mitigate attacks between thesedevices?()A、private VLANsB、port securityC、BPDU guardD、dynamic ARP inspectionE、DHCP snooping

Which three statements about the DHCP snooping feature on Cisco Nexus switches are true? ()A、 DHCP snooping commands are not available until the feature is enabled with the feature dhcp- snooping command.B、 When you enable the DHCP snooping feature, the switch begins building and maintaining the DHCP snooping binding database.C、 The switch will not validate DHCP messages received or use the DHCP snooping binding database to validate subsequent requests from untrusted hosts until DHCP snooping is enabled globally and for each specific VLAN.D、 Globally disabling DHCP snooping removes all DHCP snooping configuration on the switch.E、 Globally disabling DHCP snooping does not remove any DHCP snooping configuration or the configuration of other features that are dependent upon the DHCP snooping feature.

下面哪项不是防范ARP攻击的有效方法()。A、IP-MAC静态绑定B、使用类似port security的功能C、加强用户权限控制D、DHCP Snooping+DAI技术

多选题Which of the following types of attacks does DHCP snooping prevent?(Choose all that apply.)()AAttacker sends multiple DHCP requests flooding DHCP serverBAttacker connects rogue server initiating DHCP requestsCAttacker connects rogue server replying to DHCP requestsDAttacker sends DHCP jam signal causing DHCP server to crashEAttacker sends gratuitous ARP replies, thereby jamming the DHCP serverFAttacker sends unsolicited DHCP replies, thereby jamming the DHCP server

单选题Which is the result of enabling IP Source Guard on an untrusted switch port that does not have DHCP snooping enabled?()ADHCP requests will be switched in the software, which may result in lengthy response times.BThe switch will run out of ACL hardware resources.CAll DHCP requests will pass through the switch untested.DThe DHCP server reply will be dropped and the client will not be able to obtain an IP address.

单选题DHCP Snooping是一种DHCP的安全特性,关于DHCP Snooping的说法,下列描述错误的是()ADHCP Snooping绑定表分为动态绑定表和静态绑定表BDHCP Snooping区分信任端口和非信任端口,对非信任端口,不处理DHCPReply报文C静态绑定表在报文入端口手工输入,也可以手工设置表项老化时间D在二层上应用DHCP Snooping,不配置Option82功能也可以获得绑定表所需的接门信息

多选题DHCP Snooping是一种DHCP安全特性,可以用于防御一些攻击,下列哪些是DHCP Snooping能够防御的攻击()。A防御改变CHADDR值的饿死攻击B防御DHCP仿冒者攻击C防御TCP flag攻击D防御中间人攻击和IP/MAC Spoofing攻击

多选题DHCP Snooping是一种DHCP的安全特性,关于DHCP Snooping的说法,以下正确的是()。ADHCP Snooping绑定表分为动态绑定表和静态绑定表BDHCP Snooping区分信任端口和非信任端口,对非信任端口,不处理DHCP Reply报文C静态绑定表在报文入端口手工输入,也可以手工设置表项老化时间D在二层上应用DHCP Snooping时,不配置Option82功能也可以获得绑定表所需的接口信息

单选题The Company is concerned about Layer 2 security threats.  Which statement is true about these  threats? ()A MAC spoofing attacks allow an attacking device to receive frames intended for a different  network host.B Port scanners are the most effective defense against dynamic ARP inspection.C MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable  attack points.D Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP  snooping attacks.E DHCP snooping sends unauthorized replies to DHCP queries.F ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G None of the other alternatives apply.

多选题As the network technician at Company, you need to configure DHCP snooping on a new switch.   Which three steps are required? ()AConfigure the switch to insert and remove DHCP relay information (option-82 field) in forwarded  DHCP request messages.BConfigure DHCP snooping globally.CConfigure the switch as a DHCP server.DConfigure DHCP snooping on an interface.EConfigure all interfaces as DHCP snooping trusted interfaces.FConfigure DHCP snooping on a VLAN or range of VLANs.

多选题Which three statements are true about DAI?()ADAI intercept all ARP packets on untrusted portsBDAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP Snooping database.CDAI is used to prevent against a DHCP Snooping attack.DDAI forwards all ARP packets received on a trusted interface without any checks.EDAI forwards all ARP packets on untrusted ports.FDAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.

单选题When you enter the interface command auto qos voip cisco-phone on a port at the edge of a network, how does the Cisco Catalyst switch detect if a Cisco IP Phone is connected to the port? ()Aby snooping the CoS marking on the incoming framesBby using RTP hello messages between the switch port and the Cisco IP PhoneCby using CDPDby using DHCP snoopingEby snooping the incoming 802.1Q VLAN tag

多选题DHCP Snooping是一种DHCP安全特性,可以用于防御多种攻击,其中包括()A防御改变CHADOR值的饿死攻击B防御DHCP仿冒者攻击C防御TCpflag攻击D防御中间人攻击和IP/MACSpoofing攻击

多选题Which three statements about the DHCP snooping feature on Cisco Nexus switches are true? ()ADHCP snooping commands are not available until the feature is enabled with the feature dhcp- snooping command.BWhen you enable the DHCP snooping feature, the switch begins building and maintaining the DHCP snooping binding database.CThe switch will not validate DHCP messages received or use the DHCP snooping binding database to validate subsequent requests from untrusted hosts until DHCP snooping is enabled globally and for each specific VLAN.DGlobally disabling DHCP snooping removes all DHCP snooping configuration on the switch.EGlobally disabling DHCP snooping does not remove any DHCP snooping configuration or the configuration of other features that are dependent upon the DHCP snooping feature.