What should you create to prevent spoofing of the internal network?

TheCCST Cybersecurity Study Guidestates thatAccess Control Lists (ACLs)can be used to filter traffic based on IP addresses and block packets that appear to originate from the internal network but arrive from external interfaces (IP spoofing).

"ACLs can prevent spoofing by dropping traffic from external sources that claim to have an internal source address. Configuring ACLs on the perimeter firewall or router is a common countermeasure for IP spoofing."

(CCST Cybersecurity,Basic Network Security Concepts, ACLs and Traffic Filtering section, Cisco Networking Academy)

A(NAT rule) changes IP addresses but does not inherently prevent spoofing.

B(ACL) is correct because it can enforce anti-spoofing filters.

C(host file) only affects name resolution locally.

D(DNS record) is for domain mapping, not spoofing prevention.