nerdexam
EC-Council

312-50V13 · Question #112

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

The correct answer is A. Use port security on his switches. B. Use a tool like ARPwatch to monitor for strange ARP activity. D. If you have a small network, use static ARP entries.. To prevent ARP spoofing or poisoning, a network administrator can implement measures such as securing switch ports, monitoring ARP activity, and configuring static ARP entries.

Submitted by akirajp· Mar 6, 2026Sniffing

Question

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

Options

  • AUse port security on his switches.
  • BUse a tool like ARPwatch to monitor for strange ARP activity.
  • CUse a firewall between all LAN segments.
  • DIf you have a small network, use static ARP entries.
  • EUse only static IP addresses on all PC's.

How the community answered

(63 responses)
  • A
    79% (50)
  • C
    6% (4)
  • E
    14% (9)

Why each option

To prevent ARP spoofing or poisoning, a network administrator can implement measures such as securing switch ports, monitoring ARP activity, and configuring static ARP entries.

AUse port security on his switches.Correct

Port security on switches allows administrators to limit the number of MAC addresses learned on a port or bind specific MAC addresses to a port, preventing unauthorized devices (including spoofed ones) from communicating.

BUse a tool like ARPwatch to monitor for strange ARP activity.Correct

Tools like ARPwatch continuously monitor ARP traffic for suspicious activity, such as changes in MAC-to-IP mappings, and alert administrators to potential ARP spoofing attempts.

CUse a firewall between all LAN segments.

While firewalls provide segmentation and control traffic at Layers 3 and 4, ARP spoofing is a Layer 2 attack that occurs within a local network segment, which a typical firewall does not directly prevent.

DIf you have a small network, use static ARP entries.Correct

For small networks, configuring static ARP entries manually on devices prevents them from dynamically learning ARP information, thus making it significantly harder for an attacker to spoof ARP responses.

EUse only static IP addresses on all PC's.

Using only static IP addresses does not prevent ARP spoofing; devices still need to resolve IP addresses to MAC addresses via ARP, making them vulnerable to ARP cache poisoning.

Concept tested: ARP spoofing prevention methods

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swprtsec.html

Topics

#ARP spoofing mitigation#port security#ARPwatch#static ARP

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice