352-001 Question #774: Real Exam Question with Answer & Explanation

The correct answer is A: DHCP snooping. DHCP snooping is the switch-level security feature that prevents rogue DHCP servers from distributing incorrect IP configuration - including DNS server addresses - to client devices.

Question

A customer requests a design that ensures that client devices are not dynamically configured with incorrect DNS information, which security technology must be configured on the switches when finalizing the network design?

Options

ADHCP snooping
BDNS snooping
CRoot guard
DIGMP snooping

Explanation

DHCP snooping is the switch-level security feature that prevents rogue DHCP servers from distributing incorrect IP configuration - including DNS server addresses - to client devices.

Common mistakes.

B. DNS snooping is not a recognized Cisco or IEEE switch security feature - it does not exist as a configurable technology on network switches.
C. Root guard is a Spanning Tree Protocol feature that prevents an unauthorized switch from becoming the root bridge, and has no relationship to DHCP or DNS configuration.
D. IGMP snooping is a multicast optimization that constrains Layer 2 multicast traffic to only the ports with interested receivers, completely unrelated to IP address or DNS assignment.

Concept tested. DHCP snooping to block rogue DHCP servers

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/xe-16/dhcp-xe-16-book/config-dhcp-snooping.html

Community Discussion

No community discussion yet for this question.

Full 352-001 Practice