CISSP · Question #767
An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the or
The correct answer is D. Implement logical network segmentation at the switches. Once a sniffer is installed on an internal host, network segmentation limits the scope of traffic the attacker can capture by confining broadcast domains and restricting lateral visibility across the network.
Question
Options
- AImplement packet filtering on the network firewalls
- BRequire strong authentication for administrators
- CInstall Host Based Intrusion Detection Systems (HIDS)
- DImplement logical network segmentation at the switches
How the community answered
(27 responses)- A4% (1)
- B7% (2)
- C22% (6)
- D67% (18)
Why each option
Once a sniffer is installed on an internal host, network segmentation limits the scope of traffic the attacker can capture by confining broadcast domains and restricting lateral visibility across the network.
Packet filtering on firewalls controls traffic entering or leaving the network perimeter but does not restrict what a sniffer can see on internal LAN segments where the compromised host already resides.
Strong authentication for administrators protects against unauthorized access to systems but does not prevent a sniffer already installed on an internal host from capturing plaintext or broadcast traffic on the local network.
A Host-Based Intrusion Detection System monitors activity on individual hosts and may detect the sniffer after installation, but it is a detective control rather than a preventive one and does not limit the attacker's ability to capture network traffic from other hosts.
Logical network segmentation using VLANs at the switch layer divides the network into isolated broadcast domains, meaning a sniffer on one segment can only capture traffic within that VLAN rather than traffic traversing the entire network. This directly limits the attacker's ability to passively collect credentials, session tokens, or sensitive data from other network segments. Segmentation is the most effective mitigation because it architecturally restricts the reach of a passive eavesdropping tool regardless of other controls.
Concept tested: Network segmentation to limit internal sniffing scope
Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-1/configuration_guide/vlan/b_171_vlan_9300_cg/configuring_vlans.html
Topics
Community Discussion
No community discussion yet for this question.