Company XYZ is designing the network for IPv6 security and they have these design requirements:
•A switch or router must deny access to traffic from sources with addresses that are correct, but are topologically incorrect.
•Devices must block Neighbor Discovery Protocol resolutions for destination addresses that are not found in the binding table.
Which two IPv6 security features are recommended for this company? (Choose two.)
- IPv6 RA Guard
- IPv6 Destination Guard
- IPv6 Prefix Guard
- IPv6 Source Guard
- IPv6 DHCP Guard
Answer(s): B,C
Explanation:
The IPv6 Destination Guard feature works with IPv6 neighbor discovery to ensure that the device performs address resolution only for those addresses that are known to be active on the link.
The IPv6 Prefix Guard feature works within the IPv6 Source Guard feature, enabling the device to deny traffic originated from nontopologically correct addresses.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-src-guard.html
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ipv6-dest-guard.html
Reveal Solution Next Question