Implementing Cisco Application Centric Infrastructure (DCACI) — Question 241

A Cisco ACI fabric is integrated with VMware VDS. The fabric must apply a security policy to check the integrity of traffic out of the network adapter. Which action must be taken to drop the packet when the ESXi host discovers a mismatch between the actual source MAC address transmitted by the guest operating system and the effective MAC address of the virtual machine adapter?

Answer options

• A. Reject MAC changes.
• B. Reject forged transmits.
• C. Accept MAC changes.
• D. Accept forged transmits.

Correct answer: B

Explanation

The correct action is to 'Reject forged transmits', as this setting ensures that any packets with a source MAC address that does not match the virtual machine's effective MAC address are discarded. The other options either allow changes that could lead to security vulnerabilities or do not enforce the necessary integrity checks required in this scenario.