5.2.a Implement and troubleshoot switch security features

5.2.a [v] Dynamic ARP inspection

ARP spoofing attacks and ARP cache poisoning can occur because ARP allows a gratuitous reply from a host even if an ARP request was not received. After the attack, all traffic from the device under attack flows through the attacker’s computer and then to the router, switch, or host. An ARP spoofing attack can target hosts, switches, and routers connected to your Layer 2 network by poisoning the ARP caches of systems connected to the subnet and by intercepting traffic intended for other hosts on the subnet

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Location 5224).  . Kindle Edition. .
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dynarp.html