IP Source Guard Questions
Question 1
Explanation
IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host’s IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports.
Question 2
Question 3
Question 4
Question 5
Question 6
Q2 – Clearly the correct answer is “BPDU Guard” which will errdisable a portfast port if you connect a switch to it. IP Source guard only prevents spoofing.
Q2
“prevent users from connecting unauthorized equipment to a production network”, bpdu guard will only work on bpdu packets. It should be ip source guard will be more trusted method because it will ensure that no fraud device will be connected.
Q4 Q6 conflict ” It should be enabled in globally to all interfaces.”?
Q4 is wrong. Right answers are A and B (maybe some other variant), but not C.
IP Source Guard doesn’t activate globally, only on interface config mode. On mode (config)# you can only create static IP source binding. From book “300-115 Official Cert Guide”:
“For the hosts that do not use DHCP, you can configure a static IP source binding with the
following configuration command:
Switch(config)# ip source binding mac-address vlan vlan-id ip-address interface
type member/module/number”
Options A and B are contradicting each other
Hello all, has anyone taken the exam today? If so what was in the exam?
Go to “Share your SWITCH v2.0 Experience”