Exam 200-201 topic 1 question 23 discussion

Correct answer: B. ARP cache poisoning DHCP snooping is a counter measure against attack. wiki: In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

ARP cache poisoning ARP (Address Resolution Protocol) cache poisoning, also known as ARP spoofing, is an attack method that intercepts traffic on a switched network. In an ARP cache poisoning attack, an attacker sends forged ARP messages to associate their MAC address with the IP address of another legitimate device on the network. As a result, traffic meant for the legitimate device is redirected to the attacker's system, allowing them to intercept and potentially modify the traffic.

B . ARP cache poisoning

Correct answer: B DHCP snooping is a security mechanism used to prevent rogue DHCP (Dynamic Host Configuration Protocol) servers from providing incorrect or malicious IP configuration information to network clients. It does not directly intercept network traffic.

...Switched network... = OSI Layer 2 ARP operates on Layer 2 to map IP address. Other answers are related to higher OSI Layers.

The attack method that intercepts traffic on a switched network is ARP cache poisoning, which is also known as ARP spoofing or ARP poisoning. In a switched network, each device maintains an ARP cache that maps IP addresses to MAC addresses. When a device needs to communicate with another device on the same network, it looks up the MAC address in its ARP cache and uses that address to send the packet. In an ARP cache poisoning attack, the attacker sends fake ARP messages to other devices on the network, claiming to be the owner of a particular IP address. This causes the other devices to update their ARP caches with the attacker's MAC address instead of the actual owner's MAC address. As a result, all traffic intended for the owner of that IP address is instead sent to the attacker, who can intercept and manipulate the traffic.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SXF/native/configuration/guide/swcg/snoodhcp.pdf read this article for why C and not B is correct

I don't think the correct is C. B is the likest answer.

I choose B because of intercept and MITM attack be the answer was DHCP snooping.

B. ARP cache poisoning is the correct answer

arp cache poisoning == attack dhcp snooping == counter-attack

B. ARP cache poisoning is the correct answer

The purpose of ARP is to translate between addresses at the data link layer – known as MAC Addresses – and addresses at the network layer, which are typically IP addresses (switch contains routing table), the fix is to enable DHCP snooping.

The answer is B - see Skysoft response for explanation.

ARP cache poisoning is the correct answer and not C

DHCP snooping is a countermeasure, not an attack.

B is correct the attacker spoofs Layer 2 MAC addresses to make the devices on a LAN believe that the Layer 2 address of the attacker is the Layer 2 address of its default gateway. This is called ARP poisoning. Obs: DHCP snooping is used to prevent rogue DHCP servers on a network.