nerdexam
EC-Council

312-50V13 · Question #520

A large corporate network is being subjected to repeated sniffing attacks. To increase security, the company's IT department decides to implement a combination of several security measures. They perma

The correct answer is B. Implement network scanning and monitoring tools. Explanation Implementing network scanning and monitoring tools (Option B) is the logical next step because, despite the existing countermeasures, active surveillance is needed to detect and respond to sniffing attempts in real time - tools like intrusion detection systems (IDS) a

Submitted by saadiq_pk· Mar 6, 2026Sniffing

Question

A large corporate network is being subjected to repeated sniffing attacks. To increase security, the company's IT department decides to implement a combination of several security measures. They permanently add theMAC address of the gateway to the ARP cache, switch to using IPv6 instead of IPv4, implement the use of encrypted sessions such as SSH instead of Telnet, and use Secure File Transfer Protocol instead of FTP. However, they are still faced with the threat of sniffing. Considering the countermeasures, what should be their next step to enhance network security?

Options

  • AUse HTTP instead of HTTPS for protecting usernames and passwords
  • BImplement network scanning and monitoring tools
  • CEnable network identification broadcasts
  • DRetrieve MAC addresses from the OS

How the community answered

(47 responses)
  • A
    13% (6)
  • B
    77% (36)
  • C
    6% (3)
  • D
    4% (2)

Explanation

Explanation

Implementing network scanning and monitoring tools (Option B) is the logical next step because, despite the existing countermeasures, active surveillance is needed to detect and respond to sniffing attempts in real time - tools like intrusion detection systems (IDS) and network analyzers can identify suspicious traffic patterns, unauthorized devices, or anomalous behavior that static defenses alone cannot catch.

Why the distractors are wrong:

  • Option A is completely counterproductive - HTTP transmits data in plaintext, making sniffing easier, whereas HTTPS encrypts traffic; this is the exact opposite of a security enhancement.
  • Option C enabling network identification broadcasts actually increases the attack surface by advertising network information to potential attackers, aiding reconnaissance rather than preventing it.
  • Option D retrieving MAC addresses from the OS is a technique used by attackers to perform MAC spoofing and is not a defensive countermeasure.

Memory Tip: Think of the existing measures as building a secure house (locks, better materials, encrypted communications) - but you still need a security camera system (monitoring tools) to catch anyone trying to break in. When static defenses are in place but threats persist, the answer is almost always active monitoring.

Topics

#Sniffing countermeasures#Network monitoring#Threat detection

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice