CCDE: Cisco Certified Design Expert (Practical) — Question 21
Company XYZ is designing the network for IPv6 security and they have these design requirements:
* A switch or router must deny access to traffic from sources with addresses that are correct, but are topologically incorrect.
* Devices must block Neighbor Discovery Protocol resolutions for destination addresses that are not found in the binding table.
Which two IPv6 security features are recommended for this company? (Choose two.)
Answer options
- A. IPv6 RA Guard
- B. IPv6 Destination Guard
- C. IPv6 Prefix Guard
- D. IPv6 Source Guard
- E. IPv6 DHCP Guard
Correct answer: B, C
Explanation
The correct answers are B and C because IPv6 Destination Guard prevents traffic from invalid addresses not found in the binding table, and IPv6 Prefix Guard helps ensure that only valid routing prefixes are used, blocking topologically incorrect addresses. Options A, D, and E do not specifically address both requirements outlined in the question.