The document discusses several security features of the Nexus 1000v virtual switch: - It supports features like IGMP snooping, DHCP snooping, Dynamic ARP inspection, IP Source Guard, and ACLs to provide layer 2 security for virtual machines. - These features work similarly to physical switches, protecting the layer 2 network from unmanaged VMs, but they are configured through the virtual Ethernet module interfaces. - Dynamic ARP inspection and IP Source Guard rely on entries in the DHCP snooping binding database to validate IP-MAC bindings and filter invalid traffic from untrusted ports.