CISSP · Question #1499
CISSP Question #1499: Real Exam Question with Answer & Explanation
The correct answer is A: Blind spoofing. Hardening an internet-facing router by applying approved baseline configurations closes unnecessary services, enforces strict routing controls, and implements anti-spoofing measures like uRPF, directly mitigating blind spoofing attacks.
Question
Before implementing an internet-facing router, a network administrator ensures that the equipment is baselined/hardened according to approved configurations and settings. This action provides protection against which of the following attacks?
Options
- ABlind spoofing
- BMedia Access Control (MAC) flooding
- CSQL injection (SQLI)
- DRansomware
Explanation
Hardening an internet-facing router by applying approved baseline configurations closes unnecessary services, enforces strict routing controls, and implements anti-spoofing measures like uRPF, directly mitigating blind spoofing attacks.
Common mistakes.
- B. MAC flooding targets network switches by overwhelming the MAC address table to force broadcast behavior, which is a Layer 2 attack not mitigated by router hardening configurations.
- C. SQL injection is an application-layer attack targeting web application input fields and databases, which is outside the scope of router hardening and baseline configuration.
- D. Ransomware is a type of malware delivered through phishing, malicious downloads, or vulnerable endpoints - router hardening does not directly prevent ransomware infection or execution.
Concept tested. Router hardening and anti-spoofing baseline configuration
Reference. https://www.cisco.com/c/en/us/support/docs/ip/unicast-reverse-path-forwarding/13786-timesavr.html
Topics
Community Discussion
No community discussion yet for this question.