Examice

Exam 300-410 All QuestionsBrowse all questions from this exam

Go to Exam

Question 130

Which statement about IPv6 ND inspection is true?

It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.

It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.

It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.

It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.

Correct Answer: B

IPv6 Neighbor Discovery (ND) inspection primarily focuses on learning and securing bindings for stateless autoconfiguration addresses. These bindings are maintained in Layer 2 neighbor tables. This inspection process ensures that IPv6-to-MAC address mappings are verified, thus enhancing network security by preventing various types of attacks on the neighbor discovery mechanism, such as those targeting duplicate address detection, address resolution, and device discovery.

Discussion

Hurk2Option: B

B is correct https://www.cisco.com/en/US/docs/ios-xml/ios/15-0se/features/ip6-snooping.html#GUID-5B40C0D5-3F0D-49FE-AA97-297F1B174BA9

NetworkingguyOption: B

IPv6 ND inspection learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables. IPv6 ND inspection analyzes neighbor discovery messages in order to build a trusted binding table database, and IPv6 neighbor discovery messages that do not have valid bindings are dropped. A neighbor discovery message is considered trustworthy if its IPv6-to-MAC mapping is verifiable. This feature mitigates some of the inherent vulnerabilities for the neighbor discovery mechanism, such as attacks on duplicate address detection (DAD), address resolution, device discovery, and the neighbor cache. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f-15-s-book/ip6-snooping.pdf

Networkingguy

IPv6 ND inspection operates at Layer 2, or between Layer 2 and Layer 3, to provide IPv6 functions with security and scalability. Your software release may not support all the features documented in this module.

SeMo0o0o0Option: B

B is correct

inteldarvidOption: B

Option B: https://www.exam-answer.com/ipv6-nd-inspection-cisco-300-410-enarsi

inteldarvidOption: B

Option B is correct: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-sy/ip6-nd-inspect.html IPv6 ND Inspection IPv6 ND inspection learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables. IPv6 ND inspection analyzes neighbor discovery messages in order to build a trusted binding table database, and IPv6 neighbor discovery messages that do not have valid bindings are dropped. A neighbor discovery message is considered trustworthy if its IPv6-to-MAC mapping is verifiable. This feature mitigates some of the inherent vulnerabilities for the neighbor discovery mechanism, such as attacks on duplicate address detection (DAD), address resolution, device discovery, and the neighbor cache.

wts

ND 2001:DB8:0:12::2 0017.5AED.7AF0 Gi0/2 1 0005 15s REACHABLE 288 s - is this a Layer2 or Layer3 entry? They will be independent of DHCP or SLAAC.

examShark

The given answer is correct