Which statement about IPv6 ND inspection is true?
Which statement about IPv6 ND inspection is true?
A . It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.
B . It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.
C . It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.
D . It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.
Answer: B
Explanation:
IPv6 ND inspection learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables. IPv6 ND inspection analyzes neighbor discovery messages in order to build a trusted binding table database, and IPv6 neighbor discovery messages that do not have valid bindings are dropped. A neighbor discovery message is considered trustworthy if its IPv6-to-MAC mapping is verifiable.
This feature mitigates some of the inherent vulnerabilities for the neighbor discovery mechanism, such as attacks on duplicate address detection (DAD), address resolution, device discovery, and the neighbor cache.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f-15-s-book/ip6-snooping.pdf
Latest 300-410 Dumps Valid Version with 213 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund