Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your private IaaS cloud hosts several VMware ESXi clusters. Each hypervisor is attached to a pair of Cisco access switches that provide VLAN trunking toward the data-center core, where the organization's only authorized DHCP servers reside. After onboarding a new customer, multiple tenants report that their VMs suddenly receive the wrong IP address and default-gateway information, breaking north-south connectivity. A span capture on one ESXi host's access port shows unsolicited DHCP OFFER frames with a source MAC address belonging to the new tenant's virtual machine.

You need to stop any rogue DHCP server messages from leaving tenant-facing switch ports while still permitting DHCP DISCOVER and REQUEST messages from clients to reach the legitimate upstream servers. Which Cisco switch feature should you configure on the access switches?

  • Configure broadcast storm control on all tenant access ports.

  • Enable DHCP snooping on the access switches and mark the uplink ports as trusted.

  • Enable BPDU Guard on every tenant access port.

  • Set up a port-mirroring session toward an intrusion-detection appliance.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot