Free EC-Council 312-50V13 CEH V13 Actual Exam Questions - Question 12 Discussion

Option B also makes sense because DAI directly uses DHCP snooping info to block ARP spoofing.

Maybe B makes the most sense since Dynamic ARP Inspection uses the DHCP snooping database directly to validate ARP messages and block spoofing attempts, which fits this scenario better than the others.

That’s a solid point about DAI checking ARP packets against DHCP snooping info. Also, you can rule out spanning tree (A) because it’s all about loop prevention, not DHCP or ARP protection. Port security (C) limits MAC addresses per port but doesn’t interact with DHCP snooping data. LAPP (D) sounds like a red herring—it’s not a standard Cisco feature or widely recognized term. So yeah, B fits best since it actively uses the DHCP snooping database to prevent man-in-the-middle via ARP spoofing.

B imo, since DAI specifically cross-checks ARP packets against the DHCP snooping data, it’s the only one that actively stops spoofed ARP that could lead to man-in-the-middle attacks. The others just don’t use that info.

B/D? DAI is definitely tied to DHCP snooping info, but LAPP sounds like it could also be aimed at Layer 2 threats. Still, LAPP isn’t as commonly referenced, so B seems safer based on real-world use.

Actually, DAI (B) makes sense because it uses the DHCP snooping info to verify ARP messages and stop MITM attacks. The other options don’t tie directly into DHCP snooping or ARP validation like DAI does.

I get why everyone’s picking B here, and I agree. DAI (B) is the only feature that specifically checks ARP packets against the DHCP snooping database to block spoofed ARP replies, which is exactly what stops man-in-the-middle attacks. Spanning tree (A) and port security (C) don’t really use the DHCP snooping info for anything like that. D sounds made up or irrelevant in this context. So yeah, B fits perfectly with how DHCP snooping info is used for security beyond just blocking rogue DHCP servers.

B/C? I’m with those saying B because DAI checks ARP packets against the DHCP snooping database, which helps stop MITM. Port security (C) limits MACs but doesn’t really tie into DHCP snooping data directly.

Maybe D is a trick option since I haven’t heard of Layer 2 Attack Prevention Protocol being a real thing or related to DHCP snooping. Spanning tree (A) is definitely about loops, so it’s out. Port security (C) just limits MAC addresses on ports but doesn’t tie into DHCP snooping. DAI (B) is the one that actually uses the DHCP snooping info to block fake ARP packets and prevent man-in-the-middle attacks, so B makes the most sense here based on what I know.

B tbh, Dynamic ARP Inspection is the one that actually uses the DHCP snooping database to validate ARP packets. It stops attackers from sending fake ARP replies by verifying IP-to-MAC bindings learned from DHCP snooping. The others don't really fit—port security is more about limiting MAC addresses, and LAPP isn’t a standard feature. So yeah, B makes the most sense here.

A looks wrong since STP deals with loops, not DHCP. B sounds right because ARP inspection uses the DHCP snooping table. Anyone else think it’s B too?