136.
MAC spoofing applies a legitimate MAC address to an unauthenticated host, which
allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?
- A.The MAC address doesn’t map to a manufacturer.
- B.The MAC address is two digits too long.
- C.A reverse ARP request maps to two hosts.
- D.The host is receiving its own traffic.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| MAC spoofing results in duplicate MAC addresses on a network unless the compromised client has been bumped from its connection. Two IP addresses mapping to one MAC indicates a bogus client. |
137.
Bob is attempting to sniff a wired network in his first pen test contract. He sees only
traffic from the segment he is connected to. What can Bob do to gather all switch
traffic?
- A.MAC flooding
- B.MAC spoofing
- C.IP spoofing
- D.DOS attack
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Bob can launch a MAC flooding attack against the switch, thereby converting the switch into a large hub. If successful, this will allow Bob to sniff all traffic passing through the switch. |
138.
What technique funnels all traffic back to a single client, allowing sniffing from all
connected hosts?
- A.ARP redirection
- B.ARP poisoning
- C.ARP flooding
- D.ARP partitioning
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| ARP poisoning alters ARP table mappings to align all traffic to the attacker’s interface before traveling to the proper destination. This allows the attacker to capture all traffic on the network and provides a jumping-off point for future attacks. |
139.
Which Wireshark filter displays only traffic from 192.168.1.1?
- A.ip.addr =! 192.168.1.1
- B.ip.addr ne 192.168.1.1
- C.ip.addr == 192.168.1.1
- D.ip.addr – 192.168.1.1
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The Wireshark operator == means equal to. In this scenario, using the == operator filters down to 192.168.1.1 as the specific host to be displayed. |
140.
What common tool can be used for launching an ARP poisoning attack?
- A.Cain & Abel
- B.Nmap
- C.Scooter
- D.Tcpdump
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Cain & Abel is a well-known suite of tools used for various pen-testing functions such as sniffing, password cracking, and ARP poisoning. |
- Pages
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
|
|
||||||||||||||||||||||||||||
