What is the default role of an interface in IPv6 Neighbor Discovery Inspection when no policy is explicitly applied?
The default role is untrusted, so ND messages are inspected.
Why this answer
In IPv6 Neighbor Discovery Inspection (NDI), an interface is considered untrusted by default when no policy is explicitly applied. This default ensures that all incoming Neighbor Discovery (ND) messages are subject to validation against the binding table, preventing attacks such as Neighbor Advertisement spoofing and Duplicate Address Detection (DAD) exploitation. Only interfaces explicitly configured with a trust policy bypass this inspection.
Exam trap
Cisco often tests the misconception that all interfaces start as trusted or that a 'host' or 'server' role exists, when in fact the default is untrusted and only two roles (untrusted and trusted) are defined for NDI.
How to eliminate wrong answers
Option B is wrong because a trusted interface would bypass ND inspection entirely, which is not the default behavior; trust must be explicitly configured. Option C is wrong because 'Server' is not a valid role for an interface in IPv6 NDI; it refers to a DHCPv6 server role in other contexts. Option D is wrong because 'Host' is not a defined interface role in IPv6 NDI; the roles are only untrusted (default) and trusted (explicit).