Implementing and Operating Cisco Data Center Core Technologies (DCCOR) — Question 439

An engineer must implement a solution that prevents untrusted DHCP servers from compromising the network. The feature must be configured on a Cisco Nexus
7000 Series Switch and applied to VLAN 10. The legitimate DHCP servers are connected to interface Ethernet 2/4. Which configuration set must be used to meet these requirements?

Answer options

• A. n7k-1(config)# ip dhcp snooping vlan 10 n7k-1(config)# interface Ethernet2/4 n7k-1(config-if)# ip dhcp snooping verify vlan 10
• B. n7k-1(config)# ip dhcp snooping verify n7k-1(config)# interface Ethernet2/4 n7k-1(config-if)# ip dhcp snooping verify vlan 10
• C. n7k-1(config)# ip dhcp snooping vlan 10 n7k-1(config)# interface Ethernet2/4 n7k-1(config-if)# ip dhcp snooping trust
• D. n7k-1(config)# ip dhcp snooping verify n7k-1(config)# vlan configuration 10 n7k-1(config-vlan)# ip dhcp snooping trust

Correct answer: C

Explanation

The correct answer, C, configures the switch to trust the DHCP server connected to Ethernet 2/4 and enables DHCP snooping on VLAN 10, thereby preventing untrusted servers from sending DHCP offers. Option A incorrectly includes the verify command, which is not necessary for this configuration. Option B is also incorrect as it uses the verify command without setting the trust feature. Option D fails to specify the correct interface configuration for trusting the DHCP server.