nerdexam
EC-Council

312-50V10 · Question #658

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

The correct answer is A. Use port security on his switches. B. Use a tool like ARPwatch to monitor for strange ARP activity. D. If you have a small network, use static ARP entries.. ARP spoofing prevention requires multiple layers including switch-level controls, monitoring, and static mappings. Firewalls and static IPs alone do not address the Layer 2 nature of ARP attacks.

Sniffing

Question

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Options

  • AUse port security on his switches.
  • BUse a tool like ARPwatch to monitor for strange ARP activity.
  • CUse a firewall between all LAN segments.
  • DIf you have a small network, use static ARP entries.
  • EUse only static IP addresses on all PC's.

How the community answered

(59 responses)
  • A
    75% (44)
  • C
    19% (11)
  • E
    7% (4)

Why each option

ARP spoofing prevention requires multiple layers including switch-level controls, monitoring, and static mappings. Firewalls and static IPs alone do not address the Layer 2 nature of ARP attacks.

AUse port security on his switches.Correct

Port security on switches restricts the number of MAC addresses per port and can prevent an attacker from flooding the CAM table or injecting spoofed ARP replies tied to rogue MAC addresses.

BUse a tool like ARPwatch to monitor for strange ARP activity.Correct

ARPwatch passively monitors the network for ARP traffic and alerts administrators when unexpected MAC-to-IP mappings appear, providing real-time detection of poisoning attempts.

CUse a firewall between all LAN segments.

Firewalls operate at Layer 3 and above and cannot inspect or block ARP traffic, which is a Layer 2 broadcast protocol confined within a LAN segment.

DIf you have a small network, use static ARP entries.Correct

Static ARP entries hard-code MAC-to-IP mappings in the ARP cache, preventing dynamic ARP replies from overwriting legitimate entries and neutralizing poisoning at the host level.

EUse only static IP addresses on all PC's.

Static IP addresses fix the IP layer but do not prevent an attacker from broadcasting forged ARP replies that map those IPs to a malicious MAC address.

Concept tested: ARP spoofing prevention techniques at Layer 2

Source: https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top

Topics

#ARP spoofing prevention#ARPwatch#port security#static ARP entries

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice