HPE Aruba Certified Professional (ACP) – SD-WAN — Question 60

A small company with one CX-6300 switch, with hostname switch1, has implemented ARP inspection to prevent MITM attacks. They are implementing a new hypervisor with host address 10.100.100.10 and MAC address F4-6D-3F-24-76-51, connected to switch1’s port 1/1/20. This new server will host many VMs.
What will help prevent false positives with ARP inspection?

Answer options

• A. Enable ARP inspection trust for interface 1/1/20.
• B. Enable ARP inspection trust for MAC F4-6D-3F-24-76-51 at the VLAN interface context.
• C. Enable ARP inspection trust 10.100.100.10 at VLAN interface level context.
• D. Enable ARP inspection trust IP 10.100.100.10 MAC F4-6D-3F-24-76-51 in the global context.

Correct answer: A

Explanation

Enabling ARP inspection trust for interface 1/1/20 is correct because it allows the devices connected to that port to send ARP packets without being scrutinized, thus reducing the chances of false positives. The other options are less effective as they either target specific MAC or IP addresses without addressing the trust level of the entire interface, which is crucial for the new hypervisor hosting multiple VMs.