nerdexam
EC-Council

312-50V11 · Question #1024

Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?

The correct answer is C. MAC flooding. MAC flooding exhausts a switch's CAM table with spoofed MAC addresses, forcing the switch to broadcast all frames out every port like a hub.

Sniffing

Question

Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?

Options

  • AEvil twin attack
  • BDNS cache flooding
  • CMAC flooding
  • DDDoS attack

How the community answered

(28 responses)
  • A
    7% (2)
  • B
    4% (1)
  • C
    89% (25)

Why each option

MAC flooding exhausts a switch's CAM table with spoofed MAC addresses, forcing the switch to broadcast all frames out every port like a hub.

AEvil twin attack

An evil twin attack creates a rogue wireless access point that mimics a legitimate SSID to intercept Wi-Fi clients, and has no relationship to Ethernet switch CAM tables.

BDNS cache flooding

DNS cache flooding targets DNS resolver caches with fraudulent records to enable poisoning, not the address-mapping memory of Layer 2 switches.

CMAC floodingCorrect

MAC flooding sends a massive volume of Ethernet frames with randomly spoofed source MAC addresses, quickly filling the CAM table's finite capacity. Once the table is full, the switch enters fail-open mode and broadcasts all incoming frames out every port, allowing an attacker to passively capture traffic intended for other hosts.

DDDoS attack

A DDoS attack overwhelms a target service or network link with high-volume traffic from distributed sources, not the MAC address table of a switch.

Concept tested: CAM table overflow via MAC flooding attack

Source: https://www.cisco.com/c/en/us/support/docs/lan-switching/8021q/24067-port-security.html

Topics

#MAC flooding#CAM table overflow#Layer 2 attack#switch security

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice