nerdexam
(ISC)2

CISSP-ISSAP · Question #69

Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide? Each correct answer represents a complete solution. Choose two.

The correct answer is B. MAC spoofing C. IP spoofing attack. MAC spoofing (B) and IP spoofing (C) both work by forging a device's identity - MAC spoofing replaces the hardware address to bypass Layer 2 ACLs and blend in with trusted devices on the local network, while IP spoofing forges the source IP address to evade Layer 3/router ACLs an

Infrastructure Security

Question

Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide? Each correct answer represents a complete solution. Choose two.

Options

  • ADNS cache poisoning
  • BMAC spoofing
  • CIP spoofing attack
  • DDDoS attack

How the community answered

(35 responses)
  • A
    20% (7)
  • B
    69% (24)
  • D
    11% (4)

Explanation

MAC spoofing (B) and IP spoofing (C) both work by forging a device's identity - MAC spoofing replaces the hardware address to bypass Layer 2 ACLs and blend in with trusted devices on the local network, while IP spoofing forges the source IP address to evade Layer 3/router ACLs and obscure the attacker's true origin. Both techniques directly manipulate the identifiers that access control lists rely on, making the attacker appear as a legitimate or trusted host.

DNS cache poisoning (A) is wrong because it redirects traffic by corrupting DNS records - it doesn't forge device identities or bypass ACLs; it manipulates name resolution instead. DDoS (D) is wrong because it overwhelms a target with traffic volume; it's a disruption attack, not an identity-masking or ACL-bypass technique.

Memory tip: Think "spoofing = hiding" - both B and C have "spoof" in concept (faking an identity), which maps directly to bypassing access controls and concealing the attacker. If the answer involves impersonation, it's a spoofing attack.

Topics

#MAC spoofing#IP spoofing#Access Control Lists#Network attacks

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice