nerdexam
Exams400-007Questions#2
Cisco

400-007 · Question #2

400-007 Question #2: Real Exam Question with Answer & Explanation

The correct answer is C: IPv6 Destination Guard. IPv6 source guard is an interface feature between the populated binding table and data traffic filtering. This feature enables the device to deny traffic when it is originated from an address that is not stored in the binding table. The IPv6 Destination Guard feature works with I

Question

Company XYZ is designing the network for IPv6 security and they have these design requirements: - A switch or router must deny access to traffic from sources with addresses that are correct, but are topologically incorrect - Devices must block Neighbor Discovery Protocol resolution for destination addresses that are not found in the binding table. Which two IPv4 security features are recommended for this company? (Choose two)

Options

  • AIPv6 DHCP Guard
  • BIPv6 Source Guard
  • CIPv6 Destination Guard
  • DIPv6 Prefix Guard
  • EIPv6 RA Guard

Explanation

IPv6 source guard is an interface feature between the populated binding table and data traffic filtering. This feature enables the device to deny traffic when it is originated from an address that is not stored in the binding table. The IPv6 Destination Guard feature works with IPv6 neighbor discovery to ensure that the device performs address resolution only for those addresses that are known to be active on the link. It relies on the address glean functionality to populate all destinations active on the link into the binding table and then blocks resolutions before they happen when the destination is not found in the binding table. The IPv6 Prefix Guard feature works within the IPv6 Source Guard feature, enabling the device to deny traffic originated from nontopologically correct addresses. book/ip6-src-guard.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 400-007 Practice