JNCIS-ENT: Juniper Networks Certified Specialist – Enterprise Routing and Switching (2024) — Question 37

Which two situations would cause dynamic ARP inspection to drop traffic? (Choose two.)

Answer options

• A. if no IP-to-MAC address entry exists in the DHCP snooping database
• B. if the IP address in the ARP packet is deemed invalid
• C. if the requested MAC address exceeds the configured limit on the port
• D. if the ARP packet comes from a port that has been configured as trusted

Correct answer: A, B

Explanation

The correct answers are A and B because dynamic ARP inspection relies on the DHCP snooping database to validate ARP packets; if there's no entry, the traffic is dropped. Similarly, if the IP address in the ARP packet is invalid, it cannot be trusted. Options C and D do not trigger drops since exceeding MAC address limits or coming from a trusted port doesn't inherently invalidate the ARP request.