PrepAway - Latest Free Exam Questions & Answers

Which of the following could be utilized to provide protection from this type of attack?

A security administrator is notified that users attached to a particular switch are having intermittent
connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing
attack. Which of the following could be utilized to provide protection from this type of attack?

PrepAway - Latest Free Exam Questions & Answers

A.
Configure MAC filtering on the switch.

B.
Configure loop protection on the switch.

C.
Configure flood guards on the switch.

D.
Configure 802.1x authentication on the switch.

Explanation:
ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address
Resolution Protocol) messages over a local area network. This results in the linking of an
attacker’s MAC address with the IP address of a legitimate computer or server on the network.
Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin
receiving any data that is intended for that IP address. ARP spoofing can enable malicious parties
to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area
networks that utilize the Address Resolution Protocol.
To perform ARP spoofing the attacker floods the network with spoofed ARP packets. As other
hosts on the LAN cache the spoofed ARP packets, data that those hosts send to the victim will go
to the attacker instead. From here, the attacker can steal data or launch a more sophisticated
follow-up attack.
A flood guard configured on the network switch will block the flood of spoofed ARP packets.


Leave a Reply