JNCIS-ENT: Juniper Networks Certified Specialist – Enterprise Routing and Switching (2025) — Question 50

You are concerned about spoofed MAC addresses on your LAN.
Which two Layer 2 security features should you enable to minimize this concern? (Choose two.)

Answer options

• A. dynamic ARP inspection
• B. IP source guard
• C. DHCP snooping
• D. static ARP

Correct answer: A, C

Explanation

Dynamic ARP inspection (A) helps prevent ARP spoofing by ensuring that only valid ARP requests and responses are relayed. DHCP snooping (C) also contributes to network security by filtering untrusted DHCP messages, making it harder for an attacker to impersonate a device. IP source guard (B) and static ARP (D) do not directly address the issue of spoofed MAC addresses in the same way.