Given answer is correct per cisco book page 864.
IPv6 Neighbor Discovery Inspection/IPv6 Snooping
IPv6 neighbor discovery inspection/snooping is a feature that learns and populates the binding
table for stateless autoconfiguration addresses. It analyzes ND (neighbor discovery) messages
and places valid bindings in the binding table and drops all messages that do not have
valid bindings. A valid ND message is one where the IPv6-to-MAC mapping can be verified.
A: Obviously it doesn't inspect OSPF packets. Any type of layer 3 pakets are DHCP packets. FALSE
B:No it doesn't. This isn't the point of IPv6 snooping, it's for IPv6 security on the switch.
C: According to the link I provided C is false (see below)
D: By capturing any type of user traffic: ND packets, DHCP packets, and some data packets I guess this is the answer.
You also stated: “IPv6 Snooping is tightly integrated in the various IPv6 guard features (e.g. DHCPv6 guard and RA guard) as explained above.” While this is true in general you unfortunately just picked the two exceptions from this general rule: For DHCPv6 guard and RA guard this is not true, because both features are operating independent from IPv6 snooping and don’t rely on the binding table, which is only needed for other IPv6 FHS features like source guard, destination guard, IPv6 device tracking or optimization features like RA throttler or ND multicast suppress.
https://insinuator.net/2014/01/configuring-ipv6-snooping-and-dhcpv6-guard-on-cisco-ios/#:~:text=This%20is%20the%20default%20option,Reply
The data traffic relates to destination guard:
IPv6 Destination Guard
11. If an attacker attempts to spoof many IPv6 destinations in a short time, the router can get overwhelmed while trying to store temporary cache entries for each destination. The ______________feature blocks data traffic from an unknown source and filters IPv6 traffic based on the destination address. It populates all active destinations into the IPv6 first-hop security binding table, and it blocks data traffic when the destination is not identified.
IPv6 Destination Guard
https://quizlet.com/533167094/chapter-6-infrastructure-security-flash-cards/
IPv6 Snooping Enabled: IPv6 RA Guard relies on IPv6 snooping to inspect and filter IPv6 Router Advertisement (RA) messages received on Layer 2 interfaces. Therefore, IPv6 snooping must be enabled on the switch where RA Guard is configured.
It captures DHCP, ND packets, and some data traffic (I believe the data traffic is related to source guard, and I'm not sure how this actually relates to populating the binding table)
D: correct
IPv6 Snooping
IPv6 snooping captures the IPv6 traffic and helps in populating the binding table. It gathers addresses in control messages such as Neighbor Discovery Protocol (NDP) or Dynamic Host Configuration Protocol (DHCP) packets. Depending on the security level, it blocks unwanted messages such as Router Advertisements (RA) or DHCP replies. This feature is a pre-requisite to the remaining security features mentioned here.
https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/IPv6_Security.html
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.300-410 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Brahim90
1 month, 3 weeks agobk989
8 months, 1 week agobk989
8 months, 1 week agobk989
8 months, 1 week agobk989
8 months, 1 week ago[Removed]
9 months ago[Removed]
9 months agoamir_lotfy
9 months, 2 weeks agobk989
7 months, 4 weeks agoPietjeplukgeluk
9 months, 2 weeks agobk989
8 months, 1 week agobk989
9 months, 1 week agodapardo
10 months, 1 week agoTonyTe0
10 months, 1 week ago