nerdexam
Exams200-301Questions#18
CiscoCisco

200-301 · Question #18

200-301 Question #18: Real Exam Question with Answer & Explanation

The correct arrangement maps each mitigation technique to its specific threat: VACLs (VLAN Access Control Lists) filter traffic within a VLAN to mitigate inter-VLAN or intra-VLAN attacks such as MAC/CAM table overflow or unauthorized access. Dynamic ARP Inspection (DAI) validates

Submitted by certguy· Mar 5, 2026Infrastructure Security / LAN Security and Threat Mitigation (Cisco CCNA/CCNP - Network Security or Enterprise)

Question

Drag and Drop Question Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right. Answer:

Explanation

The correct arrangement maps each mitigation technique to its specific threat: VACLs (VLAN Access Control Lists) filter traffic within a VLAN to mitigate inter-VLAN or intra-VLAN attacks such as MAC/CAM table overflow or unauthorized access. Dynamic ARP Inspection (DAI) validates ARP packets against a DHCP snooping binding table to prevent ARP spoofing/poisoning attacks. Root Guard prevents unauthorized switches from becoming the STP root bridge, mitigating root bridge takeover attacks. BPDU Guard protects against rogue switches or loops by disabling a port that receives unexpected BPDU frames, typically on PortFast-enabled access ports.

Topics

#Layer 2 Security#STP Security#ARP Inspection#VLAN Security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-301 PracticeBrowse All 200-301 Questions