nerdexam
EC-Council

312-50V13 · Question #212

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process. Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than

The correct answer is D. STP attack. STP Attack Explanation Why D is Correct: Robin is performing an STP (Spanning Tree Protocol) attack. By plugging in a rogue switch with a lower priority value (which means higher precedence in STP), Robin manipulates the network into electing his malicious switch as the root brid

Submitted by haruto_sh· Mar 6, 2026Sniffing

Question

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process. Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network. What is the attack performed by Robin in the above scenario?

Options

  • AARP spoofing attack
  • BVLAN hopping attack
  • CDNS poisoning attack
  • DSTP attack

How the community answered

(29 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    10% (3)
  • D
    83% (24)

Explanation

STP Attack Explanation

Why D is Correct: Robin is performing an STP (Spanning Tree Protocol) attack. By plugging in a rogue switch with a lower priority value (which means higher precedence in STP), Robin manipulates the network into electing his malicious switch as the root bridge, forcing all network traffic to flow through it - enabling full traffic sniffing.

Why the Distractors Are Wrong:

  • A (ARP Spoofing): Involves sending fake ARP messages to link the attacker's MAC address to a legitimate IP - no rogue switches or STP manipulation involved.
  • B (VLAN Hopping): Exploits VLAN configurations (via switch spoofing or double tagging) to access traffic across VLANs - unrelated to root bridge manipulation.
  • C (DNS Poisoning): Corrupts DNS cache entries to redirect users to malicious websites - operates at a completely different layer with no physical switch involvement.

Memory Tip: Think "STP = Sneaky Tree Position" - the attacker lowers their switch priority to win the root bridge election and sit at the top of the spanning tree, just like cheating in an election to gain control. If you see "rogue switch" + "root bridge" + "priority", it's always an STP attack.

Topics

#STP attack#Rogue switch#Root bridge#Network sniffing

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice