The IPv6 network is under attack by an unknown source that is neither in the binding table nor learned through neighbor discovery. Which feature helps prevent the attack?
The IPv6 network is under attack by an unknown source that is neither in the binding table nor learned through neighbor discovery. Which feature helps prevent the attack?
To mitigate the attack from an unknown source not in the binding table or learned through neighbor discovery, IPv6 Snooping is the most appropriate feature. IPv6 Snooping learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables and analyzes Neighbor Discovery messages to build a trusted binding table. It drops packets that do not have valid bindings, thus preventing attacks from unidentified sources.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-src-guard.pdf IPv6 Prefix Guard prevents home-node sourcing traffic outside of the authorized and delegated traffic. ...often used when IPv6 prefixes are delegated to devices using DHCP prefix delegation. The feature discovers ranges of addresses assigned to the link and blocks any traffic sourced with an address outside this range. Not "A". https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2022/pdf/BRKENT-3002.pdf Destination Guard Drops packets for destinations without a binding entry
B is correct.The IPv6 Prefix Guard feature works within the IPv6 Source Guard feature and enables a device to reject traffic originating from addresses that are topologically incorrect.
B is correct. It's says the SOURCE is unkown. The destination is known, so it is in binding table and the destination guard won't works to prevent it.
100 % option B : team please look this: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-e/ip6f-15-e-book/ip6f-15-e-book_chapter_0110.pdf
I would vote answer D. To protect unknown source and ND attack. Cisco Document (Page 2):https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16-10/ip6f-xe-16-10-book/ip6-snooping.pdf
IPv6 Destination Guard
The correct answer is D. IPv6 Snooping learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables and analyzes ND messages in order to build a trusted binding table. IPv6 ND messages that do not have valid bindings are dropped.
B is correct
B is correct
Did someone take the time to study from the official certification guide? It lists all the defense mechanisms, and this scenario has nothing to do with Prefix Guard. IPv6 Prefix Guard is a security feature that helps protect IPv6 networks against attacks related to the improper assignment of IPv6 prefixes. This mechanism is designed to prevent malicious or misconfigured devices from injecting or advertising unauthorized IPv6 prefixes into the network, which could cause routing issues, traffic diversion, or service disruption.
try the official cisco documentation: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-src-guard.pdf