nerdexam
ExamsPT0-002Questions#125
CompTIACompTIA

PT0-002 · Question #125

PT0-002 Question #125: Real Exam Question with Answer & Explanation

The correct answer is B: ARP spoofing. The penetration tester should stop ARP spoofing, as it involves manipulating ARP tables to misdirect network traffic, a common cause of network disruptions and 'trouble on the network'.

Attacks and Exploits

Question

Click the exhibit button. A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. Which of the following types of attacks should the tester stop?

Options

  • ASNMP brute forcing
  • BARP spoofing
  • CDNS cache poisoning
  • DSMTP relay

Explanation

The penetration tester should stop ARP spoofing, as it involves manipulating ARP tables to misdirect network traffic, a common cause of network disruptions and 'trouble on the network'.

Common mistakes.

  • A. SNMP brute forcing is an attempt to guess credentials for network device management and typically does not cause direct network traffic disruption or 'trouble' in the same manner.
  • C. DNS cache poisoning manipulates DNS resolution to redirect traffic to malicious sites, but its immediate impact on general network operation is less direct than ARP spoofing's traffic misdirection.
  • D. SMTP relay involves using an SMTP server to send emails, often unsolicited, which is a service abuse but not a network-layer attack causing broad network 'trouble'.

Concept tested. Network attacks - ARP spoofing

Reference. https://attack.mitre.org/techniques/T1557/002/

Topics

#ARP spoofing#Network attacks#Man-in-the-Middle#Packet analysis

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-002 PracticeBrowse All PT0-002 Questions