Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco Exam 200-301 Topic 2 Question 75 Discussion

Actual exam question for Cisco's 200-301 exam
Question #: 75
Topic #: 2
[All 200-301 Questions]

What is used to identify spurious DHCP servers?

Show Suggested Answer Hide Answer
Suggested Answer: D

DHCPOFFER is used to identify spurious DHCP servers. A spurious DHCP server is any device that is configured to act as a DHCP server without the network administrator's knowledge or permission. A spurious DHCP server can cause network problems by assigning incorrect or duplicate IP addresses to clients, or by redirecting traffic to malicious gateways.To prevent such attacks, the DHCP snooping feature can be enabled on switches to filter out invalid or unauthorized DHCP messages from untrusted sources1.

DHCP snooping works by intercepting and validating DHCP messages on a per-VLAN basis.The switch maintains a DHCP snooping binding database that contains information about the trusted hosts with leased IP addresses, such as MAC address, IP address, lease time, binding type, VLAN number, and interface information2. The switch also classifies its ports as trusted or untrusted. Trusted ports are those that connect to authorized DHCP servers or other trusted switches. Untrusted ports are those that connect to untrusted hosts or devices.The switch only allows DHCP messages from trusted ports, and drops any DHCP messages from untrusted ports that do not match the information in the binding database3.

The switch uses DHCPOFFER messages to identify spurious DHCP servers. A DHCPOFFER message is a response from a DHCP server to a client's request for an IP address.The message contains the offered IP address, subnet mask, default gateway, and other configuration parameters for the client4. When the switch receives a DHCPOFFER message from an untrusted port, it compares the source MAC address and the offered IP address with the binding database. If there is no match, the switch considers the message as coming from a spurious DHCP server and drops it.The switch also logs an error message and increments a counter for the number of dropped messages5.


1: Configuring DHCP Snooping - Cisco

2: Catalyst 6500 Release 12.2SX Software Configuration Guide - DHCP Snooping Binding Database

3: What is DHCP Snooping? - IONOS

4: Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) Parameters

5: Configuring DHCP Snooping - Cisco

Contribute your Thoughts:

Georgiana
8 months ago
Haha, you guys are really overthinking this. It's gotta be DHCPOFFER - that's the message the servers send out offering an IP address. If the client gets offers from more than one, it knows something fishy is going on!
upvoted 0 times
Filiberto
8 months ago
Correct!
upvoted 0 times
...
Bulah
8 months ago
Got it. So, the answer is B) DHCPDISCOVER, not DHCPOFFER.
upvoted 0 times
...
Clorinda
8 months ago
By checking the offers it receives. If it gets offers from multiple servers, it means there might be a rogue server.
upvoted 0 times
...
Cyril
8 months ago
Hmm, I see. So, how does the client know if there's a spurious DHCP server?
upvoted 0 times
...
Carolynn
8 months ago
B) DHCPDISCOVER
upvoted 0 times
...
Alpha
8 months ago
Actually, it's not DHCPOFFER. It's B) DHCPDISCOVER. That's the message the client sends out looking for an IP address.
upvoted 0 times
...
Jacklyn
8 months ago
D) DHCPOFFER
upvoted 0 times
...
...
Mayra
8 months ago
Ah, I see where you're both coming from. But what about DHCPACK? Isn't that the message the server sends back to confirm the IP address allocation? If the client gets multiple DHCPACK responses, that would definitely flag some rogue DHCP servers, right?
upvoted 0 times
...
Suzan
8 months ago
Hmm, I'm not so sure. DHCPDISCOVER might work, but I was thinking DHCPREQUEST would be a better option. When the client requests an IP address, it could compare the responses and identify any servers that aren't the legitimate one.
upvoted 0 times
...
Shawn
8 months ago
This question seems pretty straightforward. I think the answer is DHCPDISCOVER. That's the message a client sends out to find available DHCP servers, so if it gets responses from multiple servers, that would identify them as potentially spurious.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77