DRAG DROP
Drag the security description on the left to the appropriate security feature on the right.
Answer: 
Explanation:
IP Source guard: IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a
malicious host from impersonating a legitimate host by assuming the legitimate host’s IP address.
The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts
on untrusted Layer 2 access ports.
Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives
an IP address from the DHCP server, or after static IP source binding is configured by the
administrator, all traffic with that IP source address is permitted from that client. Traffic from other
hosts is denied. This filtering limits a host’s ability to attack the network by claiming a neighbor
host’s IP address. IP Source Guard is a port-based feature that automatically creates an implicit port
access control list (PACL).
CoPP: Control Plane Policing (CoPP) introduced the concept of early rate-limiting protocol specific
traffic destined to the processor by applying QoS policies to the aggregate control-plane interface.
Control Plane Protection extends this control plane functionality by providing three additional
control-plane subinterfaces under the top-level (aggregate) control-plane interface. Each
subinterface receives and processes a specific type of control-plane traffic.
Dynamic Arp Inspection: Dynamic ARP inspection is a security feature that validates ARP packets in a
network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This
capability protects the network from certain man-in-the-middle attacks.
Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed. The switch
performs these activities:
• Intercepts all ARP requests and responses on untrusted ports
• Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before
updating the local ARP cache or before forwarding the packet to the appropriate destination
• Drops invalid ARP packets
Unicast RPF: The Unicast RPF feature reduces problems that are caused by the introduction of
malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack
a verifiable IP source address. For example, a number of common types of Denial-of-Service (DoS)
attacks, including Smurf and Tribal Flood Network (TFN) attacks, can take advantage of forged or
rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the
attacks. Unicast RPF deflects attacks by forwarding only the packets that have source addresses that
are valid and consistent with the IP routing table.
When you enable Unicast RPF on an interface, the device examines all ingress packets received on
that interface to ensure that the source address and source interface appear in the routing table and
match the interface on which the packet was received. This examination of source addresses relies
on the Forwarding Information Base (FIB).
Traffic Storm Control: A traffic storm occurs when packets flood the LAN, creating excessive traffic
and degrading network performance. You can use the traffic storm control feature to prevent
disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic storm on physical interfaces.Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming
broadcast, multicast, and unicast traffic over a 1-second interval. During this interval, the traffic
level, which is a percentage of the total available bandwidth of the port, is compared with the traffic
storm control level that you configured. When the ingress traffic reaches the traffic storm control
level that is configured on the port, traffic storm control drops the traffic until the interval ends.