CAS-003 Question #557: Real Exam Question with Answer & Explanation

The correct answer is A: ARP spoofing. ARP (Address Resolution Protocol) spoofing involves an attacker sending forged or gratuitous ARP reply packets on a local network segment to associate their MAC address with a legitimate IP address (such as a gateway). In a packet capture, this manifests as multiple ARP replies c

Question

A cybersecurity analyst is conducting packet analysis on the following: Which of the following is occurring in the given packet capture?

Exhibit

Options

AARP spoofing
BBroadcast storm
CSmurf attack
DNetwork enurneration
EZero-day exploit

Explanation

ARP (Address Resolution Protocol) spoofing involves an attacker sending forged or gratuitous ARP reply packets on a local network segment to associate their MAC address with a legitimate IP address (such as a gateway). In a packet capture, this manifests as multiple ARP replies claiming the same IP address is mapped to different MAC addresses-or a host repeatedly broadcasting unsolicited ARP replies. This poisons the ARP caches of other hosts, enabling man-in-the-middle interception of traffic. The other options involve different traffic patterns: a broadcast storm shows exponentially growing broadcast frames, a Smurf attack uses ICMP echo requests to broadcast addresses, network enumeration shows systematic probing of ports/addresses, and a zero-day exploit would involve specific vulnerability exploitation traffic.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice