nerdexam
Exams400-007Questions#23
Cisco

400-007 · Question #23

400-007 Question #23: Real Exam Question with Answer & Explanation

The correct answer is A: DAI. DAI and IP Source Guard are both data plane security features that validate traffic at the Layer 2/3 boundary, protecting against ARP spoofing and IP address spoofing respectively.

Question

Company XYZ wants to secure the data plane of their network. Which two technologies can be included in the security design? (Choose two)

Options

  • ADAI
  • BIP Source Guard
  • CBEEP
  • DCPPr
  • EMPP

Explanation

DAI and IP Source Guard are both data plane security features that validate traffic at the Layer 2/3 boundary, protecting against ARP spoofing and IP address spoofing respectively.

Common mistakes.

  • C. BEEP (Blocks Extensible Exchange Protocol) is an application-layer framework for network messaging and is not a recognized data plane security technology.
  • D. CPPr (Control Plane Policing - refined) protects the control plane by rate-limiting traffic destined to the router's CPU, not the data plane that forwards transit traffic.
  • E. MPP (Management Plane Protection) restricts management access to specific interfaces and protocols, which is a management plane security feature, not a data plane security feature.

Concept tested. Data plane security with DAI and IP Source Guard

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-9/configuration_guide/sec/b_179_sec_9300_cg/configuring_dynamic_arp_inspection.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 400-007 Practice