Preventing Incorrect DNS Configuration on Client Devices

B.

Of the four options listed, the option that would help ensure that client devices are not dynamically configured with incorrect DNS information is "DNS snooping." Therefore, the correct answer is D.

DNS snooping is a security feature that can be configured on switches to prevent DNS spoofing attacks. DNS spoofing is a type of attack where an attacker sends fake DNS responses to redirect users to malicious websites or to intercept their communication. DNS snooping mitigates this by monitoring DNS traffic and verifying that the DNS responses received from DNS servers are legitimate.

When DNS snooping is enabled, the switch intercepts DNS queries from client devices and forwards them to configured DNS servers. The switch then examines the DNS responses received from the DNS servers, looking for any discrepancies or inconsistencies, such as incorrect IP addresses. If the switch detects a mismatch, it will drop the DNS response and prevent it from being forwarded to the client device. This prevents the client device from being configured with incorrect DNS information.

IGMP snooping is a security feature that can be used to filter out multicast traffic on a switch, ensuring that it is only sent to ports that have requested it. It is not directly related to DNS security.

DHCP snooping is a security feature that can be used to prevent rogue DHCP servers from issuing IP addresses to clients. It does not directly address the issue of incorrect DNS information.

Root guard is a feature that can be used to prevent rogue switches from becoming the root bridge in a spanning tree network. It is not directly related to DNS security.

In summary, DNS snooping is the most appropriate option to configure on switches to ensure that client devices are not dynamically configured with incorrect DNS information.