Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 598

An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?

Answer options

• A. Configure Dynamic ARP inspection and add entries in the DHCP snooping database.
• B. Configure DHCP snooping and set trusted interfaces for all client connections.
• C. Configure Dynamic ARP inspection and antispoofing ACLs in the DHCP snooping database.
• D. Configure DHCP snooping and set a trusted interface for the DHCP server.

Correct answer: D

Explanation

The correct answer is D because configuring DHCP snooping along with a trusted interface for the DHCP server ensures that the server can send legitimate DHCP messages while blocking rogue messages from untrusted sources. The other options either do not directly address the need for a trusted interface for the DHCP server or involve unnecessary configurations that do not prevent malicious traffic effectively.