DHCP Snooping Flashcards
A Cisco Catalyst switch that is prone to reboots continues to rebuild the DHCP snooping database. What is the solution to avoid the snooping database from being rebuilt after every device reboot?
A. A DHCP snooping database agent should be configured.
B. Enable DHCP snooping for all VLANs that are associated with the switch.
C. Disable Option 82 for DHCP data insertion.
D. Use IP Source Guard to protect the DHCP binding table entries from being lost upon
rebooting.
E. Apply ip dhcp snooping trust on all interfaces with dynamic addresses.
A. A DHCP snooping database agent should be configured.
A server with a statically assigned IP address is attached to a switch that is provisioned for DHCP snooping. For more protection against malicious attacks, the network team is considering enabling dynamic ARP inspection alongside DHCP snooping. Which solution ensures that the server maintains network reachability in the future?
A. Disable DHCP snooping information option.
B. Configure a static DHCP snooping binding entry on the switch.
C. Trust the interface that is connected to the server with the ip dhcp snooping trust command.
D. Verify the source MAC address of all untrusted interfaces with ip dhcp snooping verify mac-address command.
B. Configure a static DHCP snooping binding entry on the switch.
DHCP snooping and IP Source Guard have been configured on a switch that connects to several client workstations. The IP address of one of the workstations does not match any entries found in the DHCP binding database. Which statement describes the outcome of this scenario?
A. Packets from the workstation will be rate limited according to the default values set on the switch.
B. The interface that is connected to the workstation in question will be put into the errdisabled state.
C. Traffic will pass accordingly after the new IP address is populated into the binding database.
D. The packets originating from the workstation are assumed to be spoofed and will be discarded.
D. The packets originating from the workstation are assumed to be spoofed and will be discarded.
A DHCP configured router is connected directly to a switch that has been provisioned with DHCP snooping. IP Source Guard with the ip verify source port-security command is configured under the interfaces that connect to all DHCP clients on the switch. However,
clients are not receiving an IP address via the DHCP server. Which option is the cause of this issue?
A. The DHCP server does not support information option 82.
B. The DHCP client interfaces have storm control configured.
C. Static DHCP bindings are not configured on the switch.
D. DHCP snooping must be enabled on all VLANs, even if they are not utilized for dynamic address allocation.
A. The DHCP server does not support information option 82.
A switch is added into the production network to increase port capacity. A network engineer is configuring the switch for DHCP snooping and IP Source Guard, but is unable to configure ip verify source under several of the interfaces. Which option is the cause of the problem?
A. The local DHCP server is disabled prior to enabling IP Source Guard.
B. The interfaces are configured as Layer 3 using the no switchport command.
C. No VLANs exist on the switch and/or the switch is configured in VTP transparent mode.
D. The switch is configured for sdm prefer routing as the switched database management template.
E. The configured SVIs on the switch have been removed for the associated interfaces.
B. The interfaces are configured as Layer 3 using the no switchport command.
Which type of information does the DHCP snooping binding database contain?
A. untrusted hosts with leased IP addresses
B. trusted hosts with leased IP addresses
C. untrusted hosts with available IP addresses
D. trusted hosts with available IP addresses
A. untrusted hosts with leased IP addresses
Which command is needed to enable DHCP snooping if a switchport is connected to a DHCP server? A. ip dhcp snooping trust B. ip dhcp snooping C. ip dhcp trust D. ip dhcp snooping information
A. ip dhcp snooping trust
Which database is used to determine the validity of an ARP packet based on a valid IP-to-MAC address binding? A. DHCP snooping database B. dynamic ARP database C. dynamic routing database D. static ARP database
A. DHCP snooping database
When IP Source Guard with source IP filtering is enabled on an interface, which feature must be enabled on the access VLAN for that interface? A. DHCP snooping B. storm control C. spanning-tree portfast D. private VLAN
A. DHCP snooping
Which switch feature determines validity based on IP-to-MAC address bindings that are stored in a trusted database? A. Dynamic ARP Inspection B. storm control C. VTP pruning D. DHCP snooping
A. Dynamic ARP Inspection
Which option is the minimum number of bindings that the DHCP snooping database can store? A. 1000 bindings B. 2000 bindings C. 5000 bindings D. 8000 bindings
D. 8000 bindings
If a switch with DHCP snooping and IP source guard enabled globally, what does the switch do when it receives a packet with option 82?
A. Drop
B. Remove 82 and forward
C. Proxy arp
B. Remove 82 and forward
Which two functions of DHCP snooping are true? (Choose two)
A. It rate-limits DHCP traffic from trusted and untrusted sources.
B. It listens to multicast messages between senders and receiver.
C. It helps build the route table.
D. It filters invalid messages from untrusted sources.
E. It correlates IP address to hostnames.
A. It rate-limits DHCP traffic from trusted and untrusted sources.
D. It filters invalid messages from untrusted sources.
Which of the following commands are valid to configure DHCP snooping with Dynamic ARP Inspection for a VLAN? (Choose four)
A. (config)# ip dhcp snooping vlan arp trust
B. (config)# ip dhcp snooping
C. (config)# ip dhcp snooping vlan 10
D. (config)# ip arp inspection vlan 10
E. (config)# interface ethernet 0/0
(config-if)# ip dhcp snooping trust
(config-if)# ip arp inspection trust
F. (config)# interface ethernet 0/0
(config-if)# ip dhcp arp inspect-snoop trust
B. (config)# ip dhcp snooping C. (config)# ip dhcp snooping vlan 10 D. (config)# ip arp inspection vlan 10 E. (config)# interface ethernet 0/0 (config-if)# ip dhcp snooping trust (config-if)# ip arp inspection trust
Which type of packet does DHCP snooping continuously check in a production network? A. DHCP Snooping B. DHCP Relay C. DHCP Request D. DHCP Acknowledge E. DHCP Reply F. DHCP Allow
D. DHCP Acknowledge