Which type of attack can be mitigated by dynamic ARP inspection?
A.
worm
B.
malware
C.
DDoS
D.
man-in-the-middle
The Answer Is:
D
This question includes an explanation.
Explanation:
Dynamic ARP Inspection mitigates man-in-the-middle attacks that rely on ARP spoofing or ARP poisoning. In an ARP poisoning attack, the attacker sends false ARP messages so victims associate the attacker ' s MAC address with a legitimate IP address, such as the default gateway. Traffic is then redirected through the attacker. DAI counters this by validating ARP packets, usually against the DHCP snooping binding database, and dropping invalid ARP messages on untrusted ports. It is not a worm, malware scanner, or DDoS control. Cisco CCNA 200-301 v1.1 Security Fundamentals tests DAI as a campus access-layer protection because ARP itself has no built-in authentication. The mitigation works best when DHCP snooping is enabled and trusted ports are limited to infrastructure links. The attack category that best fits ARP spoofing is man-in-the-middle, since the attacker positions itself between communicating devices. Therefore, D is correct.
200-301 PDF/Engine
Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions
Get 65% Discount on All Products,
Use Coupon: "ac4s65"