Which of the following security features rejects invalid and malicious ARP packets and prevents a class of man-in-the-middle attacks?

(A) DoS
(B) DAI
(C) Packet secure
(D) ARP protect

DAI is the correct answer.

The Dynamic ARP Inspection (DAI) feature on a switch examines incoming ARP messages on untrusted ports to filter those it believes to be part of an attack. DAI’s core feature compares incoming ARP messages with two sources of data: the DHCP Snooping binding table and any configured ARP ACLs.

DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a bindings database of valid tuples (MAC address, IP address, VLAN interface).