Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 272

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?

Answer options

• A. It drops the packet after validation by using the IP & MAC Binding Table.
• B. It forwards the packet without validation.
• C. It forwards the packet after validation by using the IP & MAC Binding Table.
• D. It drops the packet without validation.

Correct answer: B

Explanation

The correct answer is B because a switch with Dynamic ARP Inspection enabled treats trusted interfaces differently, allowing packets to be forwarded without validation. Options A, C, and D suggest that the packet would be discarded or validated, which contradicts the behavior of trusted interfaces under Dynamic ARP Inspection.