CISSP-ISSAP · Question #69
Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide? Each correct answer represents a complete solution. Choose two.
The correct answer is B. MAC spoofing C. IP spoofing attack. MAC spoofing (B) and IP spoofing (C) both work by forging a device's identity - MAC spoofing replaces the hardware address to bypass Layer 2 ACLs and blend in with trusted devices on the local network, while IP spoofing forges the source IP address to evade Layer 3/router ACLs an
Question
Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide? Each correct answer represents a complete solution. Choose two.
Options
- ADNS cache poisoning
- BMAC spoofing
- CIP spoofing attack
- DDDoS attack
How the community answered
(35 responses)- A20% (7)
- B69% (24)
- D11% (4)
Explanation
MAC spoofing (B) and IP spoofing (C) both work by forging a device's identity - MAC spoofing replaces the hardware address to bypass Layer 2 ACLs and blend in with trusted devices on the local network, while IP spoofing forges the source IP address to evade Layer 3/router ACLs and obscure the attacker's true origin. Both techniques directly manipulate the identifiers that access control lists rely on, making the attacker appear as a legitimate or trusted host.
DNS cache poisoning (A) is wrong because it redirects traffic by corrupting DNS records - it doesn't forge device identities or bypass ACLs; it manipulates name resolution instead. DDoS (D) is wrong because it overwhelms a target with traffic volume; it's a disruption attack, not an identity-masking or ACL-bypass technique.
Memory tip: Think "spoofing = hiding" - both B and C have "spoof" in concept (faking an identity), which maps directly to bypassing access controls and concealing the attacker. If the answer involves impersonation, it's a spoofing attack.
Topics
Community Discussion
No community discussion yet for this question.