Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 647

A network administrator has configured DHCP snooping on a Cisco switch to prevent unauthorized DHCP servers from assigning IP addresses. During configuration, a device with MAC address 04:66:96:79:0:AB received an IP address from an unauthorized DHCP server. Which configuration step must the network administrator take to accomplish the requirement?

Answer options

• A. Apply DHCP option 82 to identify the trusted DHCP server.
• B. Configure each device on the network to use authorize DHCP server manually.
• C. Configure an access control list to only allow DHCP traffic from trusted DHCP server.
• D. Implement DHCP option 82 to relay DHCP requests to the trusted DHCP server.

Correct answer: C

Explanation

The correct answer is C because configuring an access control list ensures that only DHCP traffic from authorized servers is allowed, thus preventing unauthorized servers from assigning IP addresses. Options A and D are related to DHCP relay functionality but do not directly address the issue of preventing unauthorized DHCP servers. Option B is not practical as it requires manual configuration on every device, which is not scalable.