312-50V13 · Question #112
A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.
The correct answer is A. Use port security on his switches. B. Use a tool like ARPwatch to monitor for strange ARP activity. D. If you have a small network, use static ARP entries.. To prevent ARP spoofing or poisoning, a network administrator can implement measures such as securing switch ports, monitoring ARP activity, and configuring static ARP entries.
Question
Options
- AUse port security on his switches.
- BUse a tool like ARPwatch to monitor for strange ARP activity.
- CUse a firewall between all LAN segments.
- DIf you have a small network, use static ARP entries.
- EUse only static IP addresses on all PC's.
How the community answered
(63 responses)- A79% (50)
- C6% (4)
- E14% (9)
Why each option
To prevent ARP spoofing or poisoning, a network administrator can implement measures such as securing switch ports, monitoring ARP activity, and configuring static ARP entries.
Port security on switches allows administrators to limit the number of MAC addresses learned on a port or bind specific MAC addresses to a port, preventing unauthorized devices (including spoofed ones) from communicating.
Tools like ARPwatch continuously monitor ARP traffic for suspicious activity, such as changes in MAC-to-IP mappings, and alert administrators to potential ARP spoofing attempts.
While firewalls provide segmentation and control traffic at Layers 3 and 4, ARP spoofing is a Layer 2 attack that occurs within a local network segment, which a typical firewall does not directly prevent.
For small networks, configuring static ARP entries manually on devices prevents them from dynamically learning ARP information, thus making it significantly harder for an attacker to spoof ARP responses.
Using only static IP addresses does not prevent ARP spoofing; devices still need to resolve IP addresses to MAC addresses via ARP, making them vulnerable to ARP cache poisoning.
Concept tested: ARP spoofing prevention methods
Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swprtsec.html
Topics
Community Discussion
No community discussion yet for this question.