Answer the displayed drag-and-drop mapping is the technically correct selection. DHCP snooping builds a trusted binding table from legitimate DHCP exchanges. Trusted ports face valid DHCP servers, untrusted ports face clients, and the binding database becomes the source of truth for features such as Dynamic ARP Inspection and IP Source Guard. This aligns with Cisco CCNA 200-301 v1.1 because the exam blueprint requires engineers to recognize operational behaviour from configuration symptoms and topology requirements. Ordinary MAC learning does not validate DHCP messages, and trunking or STP alone cannot prevent a rogue DHCP server from handing out false gateways. Treat the distractors carefully: most are real Cisco terms, but they solve a different problem or operate at a different layer. The selected answer is the one that would be used by an engineer on the device or in the design to produce the outcome stated in the question.