Examice

Exam SY0-601 All QuestionsBrowse all questions from this exam

Question 636

A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:

Which of the following attacks has occurred?

IP conflict

Pass-the-hash

MAC flooding

Directory traversal

ARP poisoning

Correct Answer: E

The given scenario shows multiple IP addresses being resolved to the same MAC address (00-18-21-ad-24-bc for IP addresses 10.0.0.1 and 10.0.0.115). This indicates an Address Resolution Protocol (ARP) poisoning attack where incorrect MAC addresses are mapped to IP addresses. This can cause network traffic to be misdirected, resulting in connectivity issues. Hence, the most appropriate answer is ARP poisoning.

Discussion

JT4Option: E

Address Resolution Protocol (ARP) resolves IPv4 addresses to MAC addresses. MAC addresses are the physical addresses or hardware addresses. TCP/IP uses the IP address to get a packet to a destination network. ARP poisoning attacks use ARP packets to give clients false hardware address updates, and attackers use them to redirect or interrupt network traffic

johnabayotOption: E

E. ARP poisoning. Some clues that indicate ARP poisoning are: Multiple IP addresses are associated with the same MAC address in the ARP table, as shown in the question. The MAC address of the gateway or the DNS server is changed to the attacker’s MAC address.

wreckitralphhhhhhOption: C

The information presented here shows IP addresses paired with their corresponding MAC (Media Access Control) addresses. Based on this, the scenario appears to exhibit MAC address duplication for different IP addresses, specifically, 10.0.0.1 and 10.0.0.115 having the same MAC address (00-18-21-ad-24-bc). This situation suggests an anomaly known as MAC flooding, which occurs when an attacker overloads the switch's MAC table, associating multiple MAC addresses with a single port. As a result, traffic intended for different devices gets directed to a single port, which can lead to network performance issues or potential security threats. Therefore, the correct answer is C. MAC flooding.

MortG7

What you do not realize is you just defined ARP poisoning and called it MAC flooding. E

MalkhofashOption: E

ARP poisoning

xBrynleeOption: E

ARP poisoning: redirecting an IP address to MAC address of a computer that is not the intended recipient. This attack is directed at HOSTS. DNS poisoning is a variation of ARP where the switch's cache table has random sources of MAC addresses. This attack is directed on the network SWITCH. We see in the question that the users are the ones having issues, so the answer is E. ARP poisoning