312-50V13 Question #146: Real Exam Question with Answer & Explanation

Question

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?

Options

• AThe switches will drop into hub mode if the ARP cache is successfully flooded.
• BIf the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to
• CDepending on the switch manufacturer, the device will either delete every entry in its ARP cache
• DThe switches will route all traffic to the broadcast address created collisions.

Explanation

When a switch's MAC address table is successfully flooded using tools like Macof, the switch often reverts to acting like a network hub by forwarding all unknown unicast traffic out of all ports.

Common mistakes.

• B. 'Pix mode' is not a recognized operational mode for a network switch, and MAC flooding makes a switch more susceptible to attacks, not less.
• C. While some advanced switches have mitigation techniques, the immediate and primary effect of a successful MAC table flood on typical switches is table overflow and hub-like behavior, not the deletion of all entries.
• D. Switches operate at Layer 2 (MAC addresses) and do not route (Layer 3) traffic; the behavior is flooding unknown unicast frames to all ports, not routing to a broadcast address, and while it can increase network traffic, it's not primarily about creating collisions.

Concept tested. MAC flooding attack and switch behavior

Reference. https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-series-xl-switches/24362-158.html

No community discussion yet for this question.