200-301 Question #397: Real Exam Question with Answer & Explanation

Submitted by yuriko_h· Mar 5, 2026The correct arrangement maps as follows - Trusted ports: associate with the legitimate DHCP server and the trusted designation; Untrusted ports: associate with spurious DHCP server (rogue) and the untrusted designation; and the snooping binding database is the mechanism that records validated DHCP leases. This tests Cisco CCNA/CCNP domain objectives around Infrastructure Security and Layer 2 threat mitigation, specifically DHCP snooping operation and port trust classification.

Question

Drag and Drop Question Drag and drop the characteristics of network architectures from the left onto the type of architecture on the right. Answer:

Explanation

DHCP snooping classifies switch ports as either trusted or untrusted. Trusted ports are connected to legitimate DHCP servers and are allowed to send DHCP offer/ack messages, while untrusted ports connect to end-user devices or rogue servers and are restricted from sending server-side DHCP messages. The snooping binding database tracks IP-to-MAC mappings learned from DHCP exchanges on untrusted ports, and a spurious (rogue) DHCP server represents the threat that untrusted ports are designed to block.

Topics

#DHCP Snooping#Network Security#Layer 2 Security#Switch Port Trust

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions