Exam JN0-348 topic 1 question 17 discussion

i think the answer should be A, C because the question is only upto the DHCP process.

The DORA process to obtain an ip address is a broadcast all the way, so there is no ARP involved. the device sends a broadcast request : src ip 0.0.0.0 , dest ip 255.255.255.255 , src MAC is the device`s MAC, and the dest MAC is ff.ff.ff.ff.ff.ff. the DHCP answers with an offer src ip DHCP`s ip addr and dest ip 255.255.255.255. So no ARP involved and the answer should be A, D .

Trunk ports are *EXEMPT* from DAI :: https://supportportal.juniper.net/s/article/What-is-Dynamic-Arp-Inspection-DAI-and-how-to-configure-it-on-EX-switches?language=en_US

The fact that the ports are part of a trunk and therefore trusted, together with the fact that the configuration is set to the default parameters, makes me think that the snooping db will be bypassed. The IP address has to be assigned by the DHCP server in any case.

Trunk port is trusted by default, so no inspection

JUNOS for EX-series software uses DAI for ARP packets received on access ports, because these ports are, by default, untrusted . By default, Trunk ports are trusted , so ARP packets bypass DAI on them. Ans- A and C https://kb.juniper.net/InfoCenter/index?page=content&id=KB10960

From Juniper website "By default, all trunk ports on the switch are trusted". So the ARP request will be "exempt" Correct Answer A and C

A and C are the correct answers. Trunk ports are *EXEMPT* from DAI

I think everyone is missing the point and focusing on certain words and not really what the question is asking. This question in my opinion is about the device acquiring an IP from the DHCP server. It's asking when a device is connected to the network and the DHCP server is on the other side of a Trunk link, and configuration settings are default what will happen, so the answer is A and B. Will the device get an IP address? YES Will DAI validate the information against the DHCP table? YES What is in the DHCP binding DB? The MAC and the IP addresses assigned to the device, which DAI uses.

"DAI inspects ARP packets received on untrusted interfaces. Access ports are untrusted by default but can be changed to trusted ports through user configuration. ARP packets bypass DAI on trusted interfaces. Trunk ports are trusted by default."

In my opinion it should be valid A y C trunk port->By default, all trunk ports on the switch are trusted 'Packets arriving on trusted interfaces bypass all DAI validation checks' 'If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks'

B is incorrect, only ARP packets received on untrusted ports are validated against the DHCP snooping database to prevent ARP spoofing.

The Answer is A & D. The Trunk is trusted, so the DHCP request will be passed on, and the DHCP server will (in all likelihood) respond with an IP address. Once this address is passed on , the switch will add the entry to the DHCP snooping DB. ARP inspection shouldn't be involved at this point, as there is no IP address assigned to the server yet. See Link: https://www.juniper.net/documentation/en_US/junos/topics/concept/port-security-dhcp-snooping-els.html

Answer is CD, Trunk ports are trusted by default From Juniper Website: Junos OS for EX Series switches and the QFX Series uses DAI for ARP packets received on access ports because these ports are untrusted by default. Trunk ports are trusted by default, and therefore ARP packets bypass DAI on them.