300-410 Question #48: Real Exam Question with Answer & Explanation

Question

Which statement about IPv6 inspection is true?

Options

• AIt learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.
• BIt learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.
• CIt learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.
• DIt learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.

Explanation

IPv6 inspection learns and secures the bindings between stateless autoconfiguration IPv6 addresses and their corresponding Layer 2 MAC addresses. This process stores these mappings in the device's Layer 2 neighbor table, enhancing security against address spoofing.

Common mistakes.

• A. IPv6 inspection for SLAAC primarily focuses on Layer 2 bindings (IPv6 to MAC address) rather than Layer 3 neighbor tables, which typically refer to routing table entries or next-hop information.
• C. IPv6 inspection mechanisms like NDI are primarily concerned with securing stateless autoconfiguration (SLAAC) addresses, not stateful addresses which are typically assigned by a DHCPv6 server and have different security considerations.
• D. IPv6 inspection secures stateless autoconfiguration (SLAAC) addresses, not stateful addresses, in Layer 2 neighbor tables.

Concept tested. IPv6 Neighbor Discovery Inspection

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/security/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_0100.html

No community discussion yet for this question.