Certified Ethical Hacker (CEH v10) — Question 150

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Answer options

• A. Spanning tree
• B. Dynamic ARP Inspection (DAI)
• C. Port security
• D. Layer 2 Attack Prevention Protocol (LAPP)

Correct answer: B

Explanation

Dynamic ARP Inspection (DAI) utilizes the DHCP snooping database to verify ARP packets and prevent man-in-the-middle attacks by ensuring that only valid ARP responses are processed. The other options, such as Spanning Tree, Port Security, and Layer 2 Attack Prevention Protocol (LAPP), do not specifically utilize the DHCP snooping database to address ARP-related vulnerabilities.