Which statement is true about Layer 2 security threats?
A.
MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure
against reconnaissance attacks that use Dynamic ARP Inspection to determine vulnerable attack
points.
B.
DHCP snooping sends unauthorized replies to DHCP queries.
C.
ARP spoofing can be used to redirect traffic to counter Dynamic ARP Inspection.
D.
Dynamic ARP Inspection in conjunction with ARP spoofing can be used to counter DHCP
snooping attacks.
E.
MAC spoofing attacks allow an attacking device to receive frames intended for a different
network host.
F.
Port scanners are the most effective defense against Dynamic ARP Inspection.
Explanation:
First of all, MAC spoofing is not an effective counter-measure against any reconnaissance attack;
it IS an attack! Furthermore, reconnaissance attacks don’t use dynamic ARP inspection (DAI); DAI
is a switch feature used to prevent attacks.
Reference: Layer 2 Security Features on Cisco Catalyst Layer 3 Fixed Configuration SwitchesConfiguration Example
(http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example0918
6a00807c4101.shtml)