Which two statements about DHCP snooping enabled on a FortiSwitch VLAN are true? (Choose two.)
Options:
A.
Enabling DHCP snooping on a FortiSwitch VLAN ensures requests and replies are seen by all DHCP servers.
B.
switch-controller-dhcp-snooping-verify-mac verifies the destination MAC address to protect against DHCP exhaustion attacks.
C.
By default, all FortiSwitch ports are set to forward client DHCP requests to untrusted ports.
D.
Settings related to DHCP option 82 are only configurable through the CLI
Answer:
B, D
Explanation:
Explanation:
Switch-controller-dhcp-snooping-verify-mac verifies the destination MAC address to protect against DHCP exhaustion attacks (B): This feature of DHCP snooping helps prevent DHCP exhaustion attacks by ensuring that the destination MAC addresses in DHCP packets match the MAC addresses learned by the switch. This check helps prevent attackers from overwhelming the DHCP server with requests from spoofed MAC addresses.
Settings related to DHCP option 82 are only configurable through the CLI (D): DHCP Option 82 is used for "agent information," and it's typically used in network environments where additional information between DHCP clients and servers is necessary for policy and billing purposes. Configuration of these settings in FortiSwitch is only available through the Command Line Interface (CLI), not the Graphical User Interface (GUI).
