Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 114

What is a characteristic of Dynamic ARP Inspection?

Answer options

• A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
• B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.
• C. DAI associates a trust state with each switch.
• D. DAI intercepts all ARP requests and responses on trusted ports only.

Correct answer: A

Explanation

The correct answer, A, explains that Dynamic ARP Inspection (DAI) checks ARP packets against the DHCP snooping binding database to ensure they are valid. Options B and C discuss trust states but do not accurately describe DAI's function. Option D is incorrect because DAI inspects ARP packets on both trusted and untrusted ports, not just trusted ones.