CompTIA Network+ (N10-008) — Question 876

An attack is redirecting traffic from network hosts by changing their assigned DNS server. None of the hosts have static IP addresses, and the rogue DNS server was assigned automatically during the hosts' lease renewal for the network configuration. Which of the following should be implemented to prevent this type of attack from occurring again?

Answer options

• A. DHCP snooping
• B. Port security
• C. 802.1X authentication
• D. MAC filtering

Correct answer: A

Explanation

DHCP snooping is the correct answer because it helps to ensure that only authorized DHCP servers can assign IP addresses and DNS settings, preventing rogue servers from being used. Port security, 802.1X authentication, and MAC filtering do not specifically address the issue of unauthorized DHCP servers and their ability to alter DNS settings.