A network administrator configures DHCP snooping on VLAN 2. How does the switch handle DHCP traffic that arrives in this VLAN on an untrusted interface?
A. It accepts packets from a DHCP server, but drops client packets.
B. It drops all DHCP traffic and logs a security event.
C. It accepts both client and server packets as long as they match the DHCP binding table.
D. It accepts client packets, but drops packets from a DHCP server.
Answer is D.
DHCP snooping only allows DHCP client traffic on an untrusted interface.
By default when DHCP snooping is enabled on a VLAN, all untagged VLANs that are on that port are set as untrusted.
Whole point of DHCP snooping is to prevent malicious users acting as a ‘real’ DHCP server!