nerdexam
ExamsGCIHQuestions#145
GIAC

GCIH · Question #145

GCIH Question #145: Real Exam Question with Answer & Explanation

The correct answer is D: ARP spoofing. ARP spoofing allows an attacker to link their MAC address to a legitimate IP on the LAN, enabling them to intercept and modify traffic in transit.

Reconnaissance, Scanning, and Enumeration

Question

Which of the following techniques does an attacker use to sniff data frames on a local area network and modify the traffic?

Options

  • AMAC spoofing
  • BIP address spoofing
  • CEmail spoofing
  • DARP spoofing

Explanation

ARP spoofing allows an attacker to link their MAC address to a legitimate IP on the LAN, enabling them to intercept and modify traffic in transit.

Common mistakes.

  • A. MAC spoofing changes the attacker's own MAC address to impersonate another device but does not inherently allow sniffing or modification of other devices' traffic in transit.
  • B. IP address spoofing forges the source IP in packets for anonymity or session hijacking but does not enable passive sniffing or modification of LAN data frames.
  • C. Email spoofing forges the sender address in email headers and operates at the application layer, having no mechanism to sniff or alter LAN-level data frames.

Concept tested. ARP spoofing and Layer 2 man-in-the-middle attacks

Reference. https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-deploy-wps

Topics

#ARP spoofing#LAN sniffing#man-in-the-middle#frame modification

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice