nerdexam
EC-Council

312-50V10 · Question #61

What is the least important information when you analyze a public IP address in a security alert?

The correct answer is A. ARP. ARP is the least useful tool when analyzing a public IP address because ARP operates only within a local Layer 2 broadcast domain and cannot reach public IPs.

Footprinting and Reconnaissance

Question

What is the least important information when you analyze a public IP address in a security alert?

Options

  • AARP
  • BWhois
  • CDNS
  • DGeolocation

How the community answered

(20 responses)
  • A
    90% (18)
  • B
    5% (1)
  • C
    5% (1)

Why each option

ARP is the least useful tool when analyzing a public IP address because ARP operates only within a local Layer 2 broadcast domain and cannot reach public IPs.

AARPCorrect

ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses strictly within a local network segment and has no ability to interact with or return information about public IP addresses. Because a public IP is outside the local broadcast domain, an ARP request for it will never receive a response. Whois, DNS, and Geolocation are all capable of returning meaningful threat intelligence about a public IP, making ARP the only inapplicable option.

BWhois

Whois queries return registration, ownership, and abuse contact information for a public IP block, which is directly useful in a security investigation.

CDNS

Reverse DNS lookups on a public IP can reveal associated hostnames and infrastructure, providing valuable context during alert triage.

DGeolocation

Geolocation maps a public IP to an approximate physical location and ASN, which helps analysts assess the geographic origin of a potential threat.

Concept tested: ARP scope limitation versus public IP analysis

Source: https://datatracker.ietf.org/doc/html/rfc826

Topics

#IP analysis#ARP#Whois#security alerts

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice