nerdexam
Exams312-50V10Questions#337
EC-Council

312-50V10 · Question #337

312-50V10 Question #337: Real Exam Question with Answer & Explanation

The correct answer is B: MAC Flood. A MAC Flood attack overwhelms a switch's CAM table, causing it to fail open and broadcast all traffic to every port, which allows a sniffer to capture packets in a switched environment.

Sniffing

Question

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?

Options

  • AFraggle
  • BMAC Flood
  • CSmurf
  • DTear Drop

Explanation

A MAC Flood attack overwhelms a switch's CAM table, causing it to fail open and broadcast all traffic to every port, which allows a sniffer to capture packets in a switched environment.

Common mistakes.

  • A. Fraggle is a UDP-based amplification denial-of-service attack that floods a target with UDP echo replies; it does not enable packet sniffing on a switched network.
  • C. Smurf is an ICMP-based amplification DDoS attack that floods a victim with ping replies; it is not a technique for capturing traffic in a switched environment.
  • D. Tear Drop is an IP fragmentation attack that sends malformed overlapping packet fragments to crash vulnerable operating systems; it does not enable traffic sniffing.

Concept tested. MAC flood attack to bypass switch traffic isolation

Reference. https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10556-56.html

Topics

#MAC flooding#switched network#sniffing#ARP attack

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V10 Practice