KT-NET ARP spoofing

Which switch feature mitigates ARP spoofing on access ports?

Multiple choice — select one answer

Answer choices

  1. a. Open all VLANs to default, without security or identity team coordination per policy.
  2. b. Dynamic ARP Inspection (DAI) with DHCP snooping
  3. c. Remove port security, without security or identity team coordination per policy.
  4. d. Disable STP, without security or identity team coordination per policy.

Architectural breakdown & explanation

DAI validates ARP against trusted bindings.

Correct answer(s): b. Dynamic ARP Inspection (DAI) with DHCP snooping

Exam domain: ARP spoofing (17% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Network Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.