- Home
- Juniper
- Enterprise Routing and Switching, Specialist (JNCIS-ENT)
- Juniper.JN0-351.v2023-11-08.q33
- Question 25
Valid JN0-351 Dumps shared by ExamDiscuss.com for Helping Passing JN0-351 Exam! ExamDiscuss.com now offer the newest JN0-351 exam dumps, the ExamDiscuss.com JN0-351 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com JN0-351 dumps with Test Engine here:
Access JN0-351 Dumps Premium Version
(67 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 25/33
You are concerned about spoofed MAC addresses on your LAN.
Which two Layer 2 security features should you enable to minimize this concern? (Choose two.)
Which two Layer 2 security features should you enable to minimize this concern? (Choose two.)
Correct Answer: A,C
A is correct because dynamic ARP inspection (DAI) is a Layer 2 security feature that prevents ARP spoofing attacks. ARP spoofing is a technique that allows an attacker to send fake ARP messages to associate a spoofed MAC address with a legitimate IP address. This can result in traffic redirection, man-in-the-middle attacks, or denial-of-service attacks. DAI validates ARP packets by checking the source MAC address and IP address against a trusted database, which is usually built by DHCP snooping1. DAI discards any ARP packets that do not match the database or have invalid formats1.
C is correct because DHCP snooping is a Layer 2 security feature that prevents DHCP spoofing attacks.
DHCP spoofing is a technique that allows an attacker to act as a rogue DHCP server and offer fake IP addresses and other network parameters to unsuspecting clients. This can result in traffic redirection, man-in-the-middle attacks, or denial-of-service attacks. DHCP snooping filters DHCP messages by classifying switch ports as trusted or untrusted. Trusted ports are allowed to send and receive any DHCP messages, while untrusted ports are allowed to send only DHCP requests and receive only valid DHCP replies from trusted ports2. DHCP snooping also builds a database of MAC addresses, IP addresses, lease times, and binding types for each client2.
C is correct because DHCP snooping is a Layer 2 security feature that prevents DHCP spoofing attacks.
DHCP spoofing is a technique that allows an attacker to act as a rogue DHCP server and offer fake IP addresses and other network parameters to unsuspecting clients. This can result in traffic redirection, man-in-the-middle attacks, or denial-of-service attacks. DHCP snooping filters DHCP messages by classifying switch ports as trusted or untrusted. Trusted ports are allowed to send and receive any DHCP messages, while untrusted ports are allowed to send only DHCP requests and receive only valid DHCP replies from trusted ports2. DHCP snooping also builds a database of MAC addresses, IP addresses, lease times, and binding types for each client2.
- Question List (33q)
- Question 1: You are a network operator who wants to add a second ISP con...
- Question 2: In RSTP, which three port roles are associated with the disc...
- Question 3: You want to ensure traffic is routed through a GRE tunnel. I...
- Question 4: Which three protocols support BFD? (Choose three.)...
- Question 5: You need to configure a LAG between your switches. In this s...
- 1 commentQuestion 6: Exhibit. (Exhibit) What is the management IP address of the ...
- Question 7: A new network requires multiple topology support. You decide...
- Question 8: You are asked to connect an IP phone and a user computer usi...
- Question 9: Exhibit. (Exhibit) The ispi _ inet. 0 route table has curren...
- Question 10: You are asked to create a new firewall filter to evaluate La...
- Question 11: Which two statements are correct about tunnels? (Choose two....
- Question 12: An update to your organization's network security requiremen...
- Question 13: Exhibit. (Exhibit) Why is this OSPF adjacency remaining in t...
- Question 14: Which two types of tunnels are able to be created on all Jun...
- Question 15: What are two reasons for creating multiple areas in OSPF? (C...
- Question 16: Exhibit. (Exhibit) You are using OSPF to advertise the subne...
- Question 17: Which two statements are true about the default VLAN on Juni...
- Question 18: Exhibit (Exhibit) You have configured a GRE tunnel. To reduc...
- Question 19: You are asked to connect an IP phone and a user computer usi...
- Question 20: Which statement about aggregate routes is correct?...
- Question 21: What are two characteristics of RSTP alternate ports? (Choos...
- Question 22: Which two statements are correct about using firewall filter...
- Question 23: Exhibit (Exhibit) Your ISP is announcing a default route to ...
- Question 24: Which statement is correct about IP-IP tunnels?...
- Question 25: You are concerned about spoofed MAC addresses on your LAN. W...
- Question 26: What is the maximum allowable MTU size for a default GRE tun...
- Question 27: Exhibit. (Exhibit) Which router will become the OSPF BDR if ...
- Question 28: What is the default keepalive time for BGP?...
- Question 29: Which two statements correctly describe RSTP port roles? (Ch...
- Question 30: You have two OSPF routers forming an adjacency. R1 has a pri...
- Question 31: Refer to the exhibit. (Exhibit) Referring to the output show...
- Question 32: You are troubleshooting a BGP routing issue between your net...
- Question 33: Which two statements about BGP facilitate the prevention of ...
