Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cisco Exam 200-301 Topic 2 Question 75 Discussion

Actual exam question for Cisco's 200-301 exam
Question #: 75
Topic #: 2
[All 200-301 Questions]

What is used to identify spurious DHCP servers?

Show Suggested Answer Hide Answer
Suggested Answer: D

DHCPOFFER is used to identify spurious DHCP servers. A spurious DHCP server is any device that is configured to act as a DHCP server without the network administrator's knowledge or permission. A spurious DHCP server can cause network problems by assigning incorrect or duplicate IP addresses to clients, or by redirecting traffic to malicious gateways.To prevent such attacks, the DHCP snooping feature can be enabled on switches to filter out invalid or unauthorized DHCP messages from untrusted sources1.

DHCP snooping works by intercepting and validating DHCP messages on a per-VLAN basis.The switch maintains a DHCP snooping binding database that contains information about the trusted hosts with leased IP addresses, such as MAC address, IP address, lease time, binding type, VLAN number, and interface information2. The switch also classifies its ports as trusted or untrusted. Trusted ports are those that connect to authorized DHCP servers or other trusted switches. Untrusted ports are those that connect to untrusted hosts or devices.The switch only allows DHCP messages from trusted ports, and drops any DHCP messages from untrusted ports that do not match the information in the binding database3.

The switch uses DHCPOFFER messages to identify spurious DHCP servers. A DHCPOFFER message is a response from a DHCP server to a client's request for an IP address.The message contains the offered IP address, subnet mask, default gateway, and other configuration parameters for the client4. When the switch receives a DHCPOFFER message from an untrusted port, it compares the source MAC address and the offered IP address with the binding database. If there is no match, the switch considers the message as coming from a spurious DHCP server and drops it.The switch also logs an error message and increments a counter for the number of dropped messages5.


1: Configuring DHCP Snooping - Cisco

2: Catalyst 6500 Release 12.2SX Software Configuration Guide - DHCP Snooping Binding Database

3: What is DHCP Snooping? - IONOS

4: Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) Parameters

5: Configuring DHCP Snooping - Cisco

by Dominque at Nov 21, 2023, 11:26 PM

Limited Time Offer

25%

Off

Get Premium 200-301 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Georgiana
11 days ago
Haha, you guys are really overthinking this. It's gotta be DHCPOFFER - that's the message the servers send out offering an IP address. If the client gets offers from more than one, it knows something fishy is going on!
upvoted 0 times
...
Mayra
12 days ago
Ah, I see where you're both coming from. But what about DHCPACK? Isn't that the message the server sends back to confirm the IP address allocation? If the client gets multiple DHCPACK responses, that would definitely flag some rogue DHCP servers, right?
upvoted 0 times
...
Suzan
13 days ago
Hmm, I'm not so sure. DHCPDISCOVER might work, but I was thinking DHCPREQUEST would be a better option. When the client requests an IP address, it could compare the responses and identify any servers that aren't the legitimate one.
upvoted 0 times
...
Shawn
14 days ago
This question seems pretty straightforward. I think the answer is DHCPDISCOVER. That's the message a client sends out to find available DHCP servers, so if it gets responses from multiple servers, that would identify them as potentially spurious.
upvoted 0 times
...

Save Cancel