Exam SY0-601 topic 1 question 636 discussion

Address Resolution Protocol (ARP) resolves IPv4 addresses to MAC addresses. MAC addresses are the physical addresses or hardware addresses. TCP/IP uses the IP address to get a packet to a destination network. ARP poisoning attacks use ARP packets to give clients false hardware address updates, and attackers use them to redirect or interrupt network traffic

E. ARP poisoning. Some clues that indicate ARP poisoning are: Multiple IP addresses are associated with the same MAC address in the ARP table, as shown in the question. The MAC address of the gateway or the DNS server is changed to the attacker’s MAC address.

ARP poisoning: redirecting an IP address to MAC address of a computer that is not the intended recipient. This attack is directed at HOSTS. DNS poisoning is a variation of ARP where the switch's cache table has random sources of MAC addresses. This attack is directed on the network SWITCH. We see in the question that the users are the ones having issues, so the answer is E. ARP poisoning

ARP poisoning

The information presented here shows IP addresses paired with their corresponding MAC (Media Access Control) addresses. Based on this, the scenario appears to exhibit MAC address duplication for different IP addresses, specifically, 10.0.0.1 and 10.0.0.115 having the same MAC address (00-18-21-ad-24-bc). This situation suggests an anomaly known as MAC flooding, which occurs when an attacker overloads the switch's MAC table, associating multiple MAC addresses with a single port. As a result, traffic intended for different devices gets directed to a single port, which can lead to network performance issues or potential security threats. Therefore, the correct answer is C. MAC flooding.