GCIH Question #143: Real Exam Question with Answer & Explanation

The correct answer is D. MAC spoofing. MAC spoofing changes a network adapter's hardware address to impersonate another device or bypass MAC-based access controls on servers and routers.

Reconnaissance, Scanning, and Enumeration

Question

Which of the following attacking methods allows the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer by changing the Media Access Control address?

Options

AIP address spoofing
BVLAN hoping
CARP spoofing
DMAC spoofing

Explanation

MAC spoofing changes a network adapter's hardware address to impersonate another device or bypass MAC-based access controls on servers and routers.

Common mistakes.

A. IP address spoofing falsifies the source IP address in packet headers to impersonate another host at the network layer, not the data-link layer MAC address used in ACL filtering.
B. VLAN hopping is an attack that allows traffic from one VLAN to reach another unauthorized VLAN by exploiting switch trunk port negotiation or double-tagging, not by changing a MAC address.
C. ARP spoofing sends forged ARP reply messages to associate an attacker's MAC address with a legitimate IP address in victims' ARP caches to intercept traffic, which is a different mechanism from changing the adapter's own MAC address.

Concept tested. MAC spoofing to bypass MAC-based access controls

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls

Topics

#MAC spoofing#ACL bypass#identity impersonation#network attacks

Community Discussion

No community discussion yet for this question.

Full GCIH Practice