ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 400-007 All Questions

View all questions & answers for the 400-007 exam
Go to Exam

Exam 400-007 topic 1 question 87 discussion

Actual exam question from Cisco's 400-007
Question #: 87
Topic #: 1
[All 400-007 Questions]

Company XYZ is designing the network for IPv6 security and they have these design requirements:
* A switch or router must deny access to traffic from sources with addresses that are correct, but are topologically incorrect.
* Devices must block Neighbor Discovery Protocol resolutions for destination addresses that are not found in the binding table.
Which two IPv6 security features are recommended for this company? (Choose two.)

  • A. IPv6 RA Guard
  • B. IPv6 Destination Guard
  • C. IPv6 Prefix Guard
  • D. IPv6 Source Guard
  • E. IPv6 DHCP Guard
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by tnobutoki at Nov. 10, 2022, 7:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pestman
Highly Voted 2 years, 1 month ago
I say B & C The IPv6 Destination Guard feature works with IPv6 neighbor discovery to ensure that the device performs address resolution only for those addresses that are known to be active on the link. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ipv6-dest-guard.html The IPv6 Prefix Guard feature works within the IPv6 Source Guard feature, enabling the device to deny traffic originated from nontopologically correct addresses. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-src-guard.html
upvoted 8 times
...
Arsenal16
Highly Voted 2 years, 1 month ago
Selected Answer: BC
based on https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ipv6-dest-guard.html B,C should be correct
upvoted 5 times
...
Nery
Most Recent 1 week, 6 days ago
Selected Answer: CD
The correct answers are D. IPv6 Source Guard and C. IPv6 Prefix Guard.
upvoted 1 times
...
Redrum702
8 months, 3 weeks ago
Answer BD: B. IPv6 Destination Guard D. IPv6 Source Guard Explanation: IPv6 Destination Guard: This feature blocks Neighbor Discovery Protocol (NDP) resolutions for destination addresses that are not found in the binding table. It ensures that NDP requests and responses are only allowed for addresses that have valid entries in the binding table, preventing malicious attempts to spoof or hijack IPv6 addresses. IPv6 Source Guard: This feature denies access to traffic from sources with addresses that are correct in format but are topologically incorrect. IPv6 Source Guard verifies the source IP address of incoming packets against a binding table, ensuring that the address is legitimate and correctly associated with the interface from which it is received.
upvoted 1 times
i9t6
6 months ago
Second bullet states "For destination addresses"
upvoted 1 times
...
...
XalaGyan
1 year, 2 months ago
Selected Answer: AD
Source Guard RA Guard
upvoted 1 times
...
gcpengineer
2 years, 1 month ago
answer can be BD
upvoted 1 times
...
gcpengineer
2 years, 1 month ago
AB. RA guard for stoping wrong topo and dest guard for incorrect dest addr binding
upvoted 1 times
...
Pal68
2 years, 2 months ago
BC is correct. Question asks about destination being in table and not source.
upvoted 2 times
...
Johnny_Stellmar
2 years, 2 months ago
CD is correct
upvoted 3 times
...
Johnny_Stellmar
2 years, 2 months ago
IPV6 Source Guard : IPv6 source guard is an interface feature between the populated binding table and data traffic filtering. This feature enables the device to deny traffic when it is originated from an address that is not stored in the binding table
upvoted 1 times
...
tnobutoki
2 years, 5 months ago
https://www.cisco.com/c/dam/global/ja_jp/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book.pdf
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago