CompTIA CASP+ (CAS-003) — Question 207

A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Choose two.)

Answer options

• A. Use an internal firewall to block UDP port 3544.
• B. Disable network discovery protocol on all company routers.
• C. Block IP protocol 41 using Layer 3 switches.
• D. Disable the DHCPv6 service from all routers.
• E. Drop traffic for ::/0 at the edge firewall.
• F. Implement a 6in4 proxy server.

Correct answer: A, C

Explanation

The correct choices are A and C because blocking UDP port 3544 prevents Teredo tunneling, which allows IPv6 packets to be sent over IPv4 networks, and restricting IP protocol 41 helps to prevent IPv6-in-IPv4 tunneling. Options B, D, E, and F do not effectively isolate IPv4 from IPv6 traffic between network segments.