Certified Ethical Hacker (CEH v11) — Question 179

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Answer options

• A. Spanning tree
• B. Dynamic ARP Inspection (DAI)
• C. Port security
• D. Layer 2 Attack Prevention Protocol (LAPP)

Correct answer: B

Explanation

The correct answer is B, as Dynamic ARP Inspection (DAI) uses the DHCP snooping database to verify ARP requests and responses, thus preventing man-in-the-middle attacks. Option A, Spanning Tree, is focused on preventing loops in network topology, while C, Port security, restricts access based on MAC addresses, and D, Layer 2 Attack Prevention Protocol (LAPP), is not a widely recognized standard in this context.