Question 18 - Cisco CCNA 200-301 Real Exam Questions [Feb 2026 Update]

Q: 18

Which type of attack can be mitigated by dynamic ARP inspection?

Options

Correct Answer:

Explanation

Dynamic ARP Inspection (DAI) is a Layer 2 security feature that mitigates ARP-based attacks. A common man-in-the-middle (MITM) attack on a local network is ARP poisoning (or spoofing), where an attacker sends falsified ARP messages to associate their MAC address with the IP address of a legitimate host, like the default gateway. This redirects traffic through the attacker's machine. DAI prevents this by intercepting all ARP packets on untrusted ports and verifying them against a trusted database of IP-to-MAC address bindings, typically built by DHCP snooping. If an ARP packet contains an invalid binding, it is dropped, thwarting the MITM attack.

Why Incorrect

A. worm: A worm is self-replicating malware. DAI does not inspect or prevent the execution of malicious code; it only validates Layer 2 ARP packets.

B. malware: This is a broad term for malicious software. DAI is not an anti-malware solution; it is a specific network security feature for ARP validation.

C. DDoS: A Distributed Denial of Service attack overwhelms a target with traffic. DAI operates at Layer 2 to validate addresses, not to mitigate high-volume traffic attacks.

References

1. Cisco Systems

Inc. (2023). Security Configuration Guide

Cisco IOS XE Bengaluru 17.6.x (Catalyst 9300 Switches). "Information About Dynamic ARP Inspection" section. The document states

"Dynamic ARP inspection is a security feature that validates Address Resolution Protocol (ARP) packets in a network. [...] Dynamic ARP inspection prevents malicious users from exploiting the insecure nature of the ARP protocol." It further details how this prevents man-in-the-middle attacks.

2. Odom

W. (2019). CCNA 200-301 Official Cert Guide

Volume 1. Cisco Press. Chapter 13

"Switch Security Configuration

" in the section "Preventing ARP Poisoning with Dynamic ARP Inspection

" it is explained: "The specific attack is called ARP poisoning... The goal of the attack is to create a man-in-the-middle (MITM) attack." (p. 398).

3. Carnegie Mellon University

Software Engineering Institute. (2010). CERT® Oracle® Secure Coding Standard for Java™. Addison-Wesley. In the section "ENV03-J. Do not rely on the default behavior of standard input

output

and error streams

" the text mentions ARP spoofing as a classic example of a man-in-the-middle attack that can be used to intercept network traffic. While not about DAI directly

it authoritatively classifies ARP spoofing as a MITM attack.

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE