nerdexam
Exams300-320Questions#252
Cisco

300-320 · Question #252

300-320 Question #252: Real Exam Question with Answer & Explanation

The correct answer is A: uRPF. uRPF (Unicast Reverse Path Forwarding) is designed specifically to prevent IP source address spoofing. It works by checking whether the source IP address of an incoming packet is reachable via the same interface it arrived on (strict mode) or via any interface in the routing tabl

Question

Which security feature can help prevent spoofed packets on the network?

Options

  • AuRPF
  • BACLs
  • CDAI
  • DDHCP spoofing

Explanation

uRPF (Unicast Reverse Path Forwarding) is designed specifically to prevent IP source address spoofing. It works by checking whether the source IP address of an incoming packet is reachable via the same interface it arrived on (strict mode) or via any interface in the routing table (loose mode). If the source IP is not reachable through a valid path, the packet is dropped as potentially spoofed. Option B (ACLs) can filter known bad addresses but require manual maintenance and cannot dynamically validate return paths. Option C (DAI - Dynamic ARP Inspection) prevents ARP spoofing/poisoning attacks, not IP packet spoofing. Option D ('DHCP spoofing') is an attack vector, not a security feature.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-320 Practice