Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack?

– by 1

Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack?
A. DHCP snooping
B. Port security
C. Source Guard
D. Rate Limiting

cisco-exams

One thought on “Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack?

  1. ANSWER: C

    Example DHCP Starvation Attack Mitigation CatIOS(config)# ip dhcp snooping

    CatlOS (config)# ip dhcp snooping vlan number [number]

    CatlOS (config)# ip verify source vlan dhcp-snooping port-security

    CatlOS (config)# switchport port-security limit rate invalid-source-MAC rate

    CatlOS (config)# ip source binding ip-address MAC-address vlan vlan-id interface interface !Finally trust the interfaces with the following command CatlOS (config-if)# ip dhcp snooping trust

    Example enables DHCP snooping and ensures that any other IP traffic with a source address other than the addresses in the binding will be filtered and dropped immediately.

    IP source guard can provide additional defense against IP spoofing, but it is not conclusive for DHCP starvation attack.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.