312-50V11 · Question #1024
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?
The correct answer is C. MAC flooding. MAC flooding exhausts a switch's CAM table with spoofed MAC addresses, forcing the switch to broadcast all frames out every port like a hub.
Question
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?
Options
- AEvil twin attack
- BDNS cache flooding
- CMAC flooding
- DDDoS attack
How the community answered
(28 responses)- A7% (2)
- B4% (1)
- C89% (25)
Why each option
MAC flooding exhausts a switch's CAM table with spoofed MAC addresses, forcing the switch to broadcast all frames out every port like a hub.
An evil twin attack creates a rogue wireless access point that mimics a legitimate SSID to intercept Wi-Fi clients, and has no relationship to Ethernet switch CAM tables.
DNS cache flooding targets DNS resolver caches with fraudulent records to enable poisoning, not the address-mapping memory of Layer 2 switches.
MAC flooding sends a massive volume of Ethernet frames with randomly spoofed source MAC addresses, quickly filling the CAM table's finite capacity. Once the table is full, the switch enters fail-open mode and broadcasts all incoming frames out every port, allowing an attacker to passively capture traffic intended for other hosts.
A DDoS attack overwhelms a target service or network link with high-volume traffic from distributed sources, not the MAC address table of a switch.
Concept tested: CAM table overflow via MAC flooding attack
Source: https://www.cisco.com/c/en/us/support/docs/lan-switching/8021q/24067-port-security.html
Topics
Community Discussion
No community discussion yet for this question.