DHCP Snooping Flashcards

1
Q

A Cisco Catalyst switch that is prone to reboots continues to rebuild the DHCP snooping database. What is the solution to avoid the snooping database from being rebuilt after every device reboot?
A. A DHCP snooping database agent should be configured.
B. Enable DHCP snooping for all VLANs that are associated with the switch.
C. Disable Option 82 for DHCP data insertion.
D. Use IP Source Guard to protect the DHCP binding table entries from being lost upon
rebooting.
E. Apply ip dhcp snooping trust on all interfaces with dynamic addresses.

A

A. A DHCP snooping database agent should be configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A server with a statically assigned IP address is attached to a switch that is provisioned for DHCP snooping. For more protection against malicious attacks, the network team is considering enabling dynamic ARP inspection alongside DHCP snooping. Which solution ensures that the server maintains network reachability in the future?
A. Disable DHCP snooping information option.
B. Configure a static DHCP snooping binding entry on the switch.
C. Trust the interface that is connected to the server with the ip dhcp snooping trust command.
D. Verify the source MAC address of all untrusted interfaces with ip dhcp snooping verify mac-address command.

A

B. Configure a static DHCP snooping binding entry on the switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DHCP snooping and IP Source Guard have been configured on a switch that connects to several client workstations. The IP address of one of the workstations does not match any entries found in the DHCP binding database. Which statement describes the outcome of this scenario?
A. Packets from the workstation will be rate limited according to the default values set on the switch.
B. The interface that is connected to the workstation in question will be put into the errdisabled state.
C. Traffic will pass accordingly after the new IP address is populated into the binding database.
D. The packets originating from the workstation are assumed to be spoofed and will be discarded.

A

D. The packets originating from the workstation are assumed to be spoofed and will be discarded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A DHCP configured router is connected directly to a switch that has been provisioned with DHCP snooping. IP Source Guard with the ip verify source port-security command is configured under the interfaces that connect to all DHCP clients on the switch. However,
clients are not receiving an IP address via the DHCP server. Which option is the cause of this issue?
A. The DHCP server does not support information option 82.
B. The DHCP client interfaces have storm control configured.
C. Static DHCP bindings are not configured on the switch.
D. DHCP snooping must be enabled on all VLANs, even if they are not utilized for dynamic address allocation.

A

A. The DHCP server does not support information option 82.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A switch is added into the production network to increase port capacity. A network engineer is configuring the switch for DHCP snooping and IP Source Guard, but is unable to configure ip verify source under several of the interfaces. Which option is the cause of the problem?
A. The local DHCP server is disabled prior to enabling IP Source Guard.
B. The interfaces are configured as Layer 3 using the no switchport command.
C. No VLANs exist on the switch and/or the switch is configured in VTP transparent mode.
D. The switch is configured for sdm prefer routing as the switched database management template.
E. The configured SVIs on the switch have been removed for the associated interfaces.

A

B. The interfaces are configured as Layer 3 using the no switchport command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which type of information does the DHCP snooping binding database contain?
A. untrusted hosts with leased IP addresses
B. trusted hosts with leased IP addresses
C. untrusted hosts with available IP addresses
D. trusted hosts with available IP addresses

A

A. untrusted hosts with leased IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
Which command is needed to enable DHCP snooping if a switchport is connected to a DHCP server?
A. ip dhcp snooping trust
B. ip dhcp snooping
C. ip dhcp trust
D. ip dhcp snooping information
A

A. ip dhcp snooping trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
Which database is used to determine the validity of an ARP packet based on a valid IP-to-MAC address binding?
A. DHCP snooping database
B. dynamic ARP database
C. dynamic routing database
D. static ARP database
A

A. DHCP snooping database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
When IP Source Guard with source IP filtering is enabled on an interface, which feature must be enabled on the access VLAN for that interface?
A. DHCP snooping
B. storm control
C. spanning-tree portfast
D. private VLAN
A

A. DHCP snooping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Which switch feature determines validity based on IP-to-MAC address bindings that are stored in a trusted database?
A. Dynamic ARP Inspection
B. storm control
C. VTP pruning
D. DHCP snooping
A

A. Dynamic ARP Inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
Which option is the minimum number of bindings that the DHCP snooping database can store?
A. 1000 bindings
B. 2000 bindings
C. 5000 bindings
D. 8000 bindings
A

D. 8000 bindings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If a switch with DHCP snooping and IP source guard enabled globally, what does the switch do when it receives a packet with option 82?
A. Drop
B. Remove 82 and forward
C. Proxy arp

A

B. Remove 82 and forward

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which two functions of DHCP snooping are true? (Choose two)
A. It rate-limits DHCP traffic from trusted and untrusted sources.
B. It listens to multicast messages between senders and receiver.
C. It helps build the route table.
D. It filters invalid messages from untrusted sources.
E. It correlates IP address to hostnames.

A

A. It rate-limits DHCP traffic from trusted and untrusted sources.
D. It filters invalid messages from untrusted sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following commands are valid to configure DHCP snooping with Dynamic ARP Inspection for a VLAN? (Choose four)
A. (config)# ip dhcp snooping vlan arp trust
B. (config)# ip dhcp snooping
C. (config)# ip dhcp snooping vlan 10
D. (config)# ip arp inspection vlan 10
E. (config)# interface ethernet 0/0
(config-if)# ip dhcp snooping trust
(config-if)# ip arp inspection trust
F. (config)# interface ethernet 0/0
(config-if)# ip dhcp arp inspect-snoop trust

A
B. (config)# ip dhcp snooping
C. (config)# ip dhcp snooping vlan 10
D. (config)# ip arp inspection vlan 10
E. (config)# interface ethernet 0/0
    (config-if)# ip dhcp snooping trust
    (config-if)# ip arp inspection trust
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Which type of packet does DHCP snooping continuously check in a production network?
A. DHCP Snooping
B. DHCP Relay
C. DHCP Request
D. DHCP Acknowledge
E. DHCP Reply
F. DHCP Allow
A

D. DHCP Acknowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
Which feature rate-limits DHCP traffic?
A. DHCP Snooping
B. DHCP Acknowledge
C. DHCP Request
D. DHCP Spoofing
A

A. DHCP Snooping

17
Q
Which feature actively validates DHCP messages and drops invalid messages?
A. CGMP binding
B. IGMP Snooping
C. ARP Inspection
D. DHCP Snooping
E. DHCP Inspection
F. Dynamic ARP inspection
A

D. DHCP Snooping

18
Q

Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?
A. SW1(config-vlan)# ip arp inspection vlan 15
B. SW1(config-vlan)# ip arp inspection trust
C. SW1(config-if)# ip arp-inspection trust
D. SW1(config)# ip arp inspection vlan 15

A

D. SW1(config)# ip arp inspection vlan 15

19
Q

Which two methods are used to configure an untrusted port with option 82? (Choose two)
A. (config)# ip dhcp snooping information option
(config)# ip dhcp snooping information option allow-untrusted
B. (config-if)# ip dhcp snooping information option allow-untrusted
C. (config)# ip dhcp untrusted-allow information
D. (config-if)# ip dhcp snooping trust-allow information
E. (config)# dhcp allow-untrusted option information

A

A. (config)# ip dhcp snooping information option
(config)# ip dhcp snooping information option allow-untrusted
B. (config-if)# ip dhcp snooping information option allow-untrusted

20
Q

Which of the following commands to configure a DHCP trust is valid?
A. (config)# interface FastEthernet 0/1
(config-if)# ip dhcp snooping trust
(config-if)# do show ip dhcp snooping | begin pps

A

A. (config)# interface FastEthernet 0/1
(config-if)# ip dhcp snooping trust
(config-if)# do show ip dhcp snooping | begin pps

21
Q

What would happen if a switch gets a packet with Option 82 with the IP address of 192.168.1.254?
A. Drop it
B. Forward it
C. Stop the Option 82 and replace the source MAC address, and forward it (with its own source MAC address).
D. Stop the Option 82 and replace the source IP address to the switch management IP address and forward it.
E. Stop the Option 82 and forward it.
F. Stop the Option 82 and make an proxy ARP request for the IP address 192.168.1.254.

A

B. Forward it

22
Q

Which command is used to configure DHCP snooping for Option 82?
A. dhcp snooping trust
B. dhcp snooping information option untrust
C. ip dhcp snooping option replace
D. ip dhcp snooping information option allow-untrusted

A

D. ip dhcp snooping information option allow-untrusted

23
Q

Which three commands are valid to configure DHCP snooping for Option 82? (Choose three)
A. On the interface configuration mode;
(config-if)# ip dhcp snooping trust
B. On the global configuration mode;
(config)# ip dhcp snooping information option allow-untrusted
C. On the interface configuration mode;
(config-if)# ip dhcp snooping information option allow-untrusted

A

A. On the interface configuration mode;
(config-if)# ip dhcp snooping trust
B. On the global configuration mode;
(config)# ip dhcp snooping information option allow-untrusted
C. On the interface configuration mode;
(config-if)# ip dhcp snooping information option allow-untrusted

24
Q

Which two ports are default or should set as untrusted ports (DHCP Snooping/IP Source
Guard) in an ISP environment? (Choose two)
A. Provider edge port
B. Customer edge port
C. ?
D. ?
E. Customer facing provider edge port

A

B. Customer edge port

E. Customer facing provider edge port

25
Q
Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two)
A. end host devices
B. customer edge services/devices
C. user-facing provider edge devices
D. provider edge devices
E. provider devices
A

A. end host devices

B. customer edge services/devices