C. DHCPOFFER is the correct answer because it is the message sent by both legitimate and rogue DHCP servers in response to a DHCPDISCOVER, allowing for identification of spurious DHCP servers.
By Dhendup Dukpa
For all you that said D is the answer , I have one question to you : what is the anatomy of the DHCPDiscover message? it's a broadcast layer 2 and layer 3 and nothing more in the Discover then when the DHCP server see's that he picks a IP from the pool , makes a ARP entery (MAC from Source Discovery message + IP that the DHCP server wants to Assign ) in he's table and sends the OFFER . So in the OFFER we have some relevant information not in the Discover message.
My logic was good but after reading more about other ppls point of view I know it's DHPCDiscover, it is a layer 2 broadcast but you are right all DHCP servers reply to our Discover and the we can see who is giving us false information . Correct is D.
it´s D
DHCPDISCOVER message is sent by the clients out to all servers, then they listen for the DHCPOFFER responses from DHCP servers to indicate if there´s a spurious DHCP server.
Another question you may find interessting:
Which DHCP message do servers use to respond to a client's DHCPDISCOVER message?
DHCPOFFER
To identify spurious DHCP servers, you can use D. DHCPDISCOVER packets. By sending out dummy DHCPDISCOVER packets, a network device can listen for DHCPOFFER responses from DHCP servers. If a response is received from an unexpected source, it could indicate the presence of a spurious or rogue DHCP server on the network12. This is part of the DHCP snooping feature that helps to ensure network security by validating DHCP messages and filtering out invalid ones from untrusted sources
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.pdf
"You can detect spurious DHCP servers by sending dummy DHCPDISCOVER packets out to all of the DHCP servers so that a response is sent back to the switch."
Ref: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-4SY/config_guide/sup6T/15_3_sy_swcg_6T/dhcp_snooping.html
Under Section: Trusted and Untrusted Sources
D is correct
Guys, pay attention to "What is used to IDENTIFY spurious DHCP servers?" The keyword is "IDENTIFY," and the message used for identification is the DHCPOFFER.
i get where you are coming from, but you cannot use a DHCPOFFER, you have to receive it, which means you have to issue a DHCPDISCOVER
the spurrious server will not identify itself with a DHCPOFFER on its own, you must induce it.
D. is the correct answer.
https://medium.com/@aita.official10/dhcp-snooping-binding-database-ff9464bfd539#:~:text=You%20can%20detect%20spurious%20DHCP,sent%20back%20to%20the%20switch.
You can detect spurious DHCP servers by sending dummy DHCPDISCOVER packets out to all of the DHCP servers so that a response is sent back to the switch.
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
3040636
4 months agomatass_md
5 months, 3 weeks agomatass_md
5 months, 1 week agoschmidt97
5 months, 2 weeks ago[Removed]
9 months, 2 weeks agolmmujsi
10 months agocedc60e
1 year agokenkari
1 year agobezkin
3 months, 3 weeks agoNmk3216
1 year, 2 months agoJunsK1e
1 year, 2 months ago[Removed]
1 year, 3 months agognaix
1 year, 3 months agopartali
1 year, 3 months ago