Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 502

An engineer is configuring DHCP on a Cisco switch and wants to ensure that a DHCP packet will be dropped. Under which condition will this occur?

Answer options

• A. A packet from a DHCP server is received from inside the network or firewall.
• B. All packets are dropped until the administrator manually enters the approved servers into the DHCP snooping database.
• C. A packet is received on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match.
• D. A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0.

Correct answer: C

Explanation

The correct answer is C because a DHCP packet will be dropped if it is received on an untrusted interface and the source MAC and client hardware addresses do not align, indicating a potential security issue. Option A does not trigger a drop since packets from inside are generally trusted. Option B describes a state of rejection but does not specify the conditions under which a packet would be specifically dropped. Option D refers to a situation involving a relay agent but does not directly relate to dropping packets based on interface trust levels.