During a security review you discover that rogue laptops periodically send forged ARP replies, redirecting traffic so they can sniff credentials on the internal VLAN. The network team wants a switch-level countermeasure that blocks such packets without requiring any configuration on end hosts. Which feature meets this goal?
Enable Dynamic ARP Inspection on the access switches
Configure private VLAN edge (protected ports) within the VLAN
Deploy 802.1X port-based authentication for all user ports
Apply port security with sticky MAC address learning on each switchport
Dynamic ARP Inspection (DAI) intercepts every ARP packet received on an access switch, checks each request or reply against the trusted DHCP-snooping binding table or static mappings, and discards any packet with mismatching IP-to-MAC information. Because the validation happens inside the switch, no changes are necessary on servers or workstations. 802.1X authenticates devices at link-up but does not inspect subsequent ARP traffic, so a compromised or unauthenticated host could still poison caches. Private VLAN edge simply blocks direct host-to-host Layer-2 traffic and cannot stop forged ARP replies sent to the default gateway. Port security with sticky or static MAC addresses limits the number of addresses per port but does not verify that ARP messages advertise legitimate IP-MAC bindings. Therefore, only Dynamic ARP Inspection directly prevents the described sniffing technique.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Dynamic ARP Inspection (DAI)?
Open an interactive chat with Bash
How does DHCP snooping integrate with DAI?
Open an interactive chat with Bash
Why doesn’t port security or 802.1X stop ARP spoofing?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .