Examice

Exam PT0-002 All QuestionsBrowse all questions from this exam

Question 214

A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache. The attacker machine has the following:

IP Address: 192.168.1.63 -

Physical Address: 60-36-dd-a6-c5-33

Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

tcpdump -i eth01 arp and arp[6:2] == 2

arp -s 192.168.1.63 60-36-DD-A6-C5-33

ipconfig /all findstr /v 00-00-00 | findstr Physical

route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1

Correct Answer: B

To establish a static ARP entry, the arp command is used. The specific command 'arp -s 192.168.1.63 60-36-DD-A6-C5-33' associates the IP address 192.168.1.63 with the MAC address 60-36-DD-A6-C5-33 in the local ARP cache. This ensures that any traffic destined for 192.168.1.63 is sent to the specified MAC address without requiring ARP resolution.

Discussion

2FishOption: B

B, is correct. https://www.xmodulo.com/how-to-add-or-remove-static-arp-entry-on-linux.html

cy_analystOption: B

This command creates a static ARP entry that associates the IP address 192.168.1.63 with the physical address 60-36-DD-A6-C5-33. This means that any traffic destined for 192.168.1.63 will be sent directly to the specified physical address, without the need for ARP resolution.

Etc_Shadow28000Option: B

B. arp -s 192.168.1.63 60-36-DD-A6-C5-33 Explanation: The arp command is used to manipulate the ARP cache. The -s flag allows you to add a static ARP entry. This command associates the IP address 192.168.1.63 with the physical (MAC) address 60-36-DD-A6-C5-33 in the ARP cache.

pepguaOption: B

The MOST likely command for the penetration tester to use is: B. arp -s 192.168.1.63 60-36-DD-A6-C5-33 The arp -s command is specifically designed for setting static ARP entries. Here's a breakdown of the arguments: arp: The command itself to manipulate the ARP cache. -s: Flag to specify setting a static ARP entry. 192.168.1.63: The IP address of the attacker's machine. 60-36-DD-A6-C5-33: The MAC address of the attacker's machine. By running this command, the penetration tester creates a static ARP entry in the local ARP cache, associating the attacker's IP address (192.168.1.63) with its MAC address (60-36-DD-A6-C5-33). This can potentially help the attacker maintain a connection within VLAN 200 by ensuring network packets are routed correctly based on the spoofed MAC address.