An attacker is launching a DoS attack with a public domain hacking tool that is used to exhaust the IP address space available from the DHCP servers for a period of time. Which procedure would best defend against this type of attack? Select the best response.
A.
Configure only untrusted interfaces with root guard.
B.
Configure only trusted interfaces with root guard.
C.
Configure DHCP spoofing on all ports that connect untrusted clients.
D.
Configure DHCP snooping only on ports that connect trusted DHCP servers.
E.
Implement private VLANs (PVLANs) to carry only DHCP traffic.
F.
Implement private VLANs (PVLANs) to carry only user traffic.
Why “Configure DHCP snooping only on ports that connect trusted DHCP servers.”
1. DHCP snooping will prevent a rogue DHCP server on a network.
2. DHCP snooping is configured globally, not on specific ports.
I would say all answers are wrong.
I think the same