Exam 312-50v11 topic 1 question 83 discussion

A is correct answer. In an STP manipulation attack, an attacker connects to a switch port and either directly themselves, or through the use of a rogue switch, attempts to manipulate Spanning Tree Protocol (STP) parameters to become the root bridge. Because the root bridge is responsible for calculating the spanning tree from topology changes advertised by non-root bridges, attackers see a variety of frames that they would normally not see.

STP Attack Attackers connect a rogue switch into the network to change the operations of the STP protocol and sniff all the network traffic. (P.1167/1151)

How can attacker create an entry in the config of switch and provide himself a mirror traffic with span port by just sending root election bpdu? Creating an entry is sort of command injection type of attack. STP bpdu packet causes to re-elect root bridge to determine which interfaces of switches would be open which of them would not.

both A and C are plausible, unfair question imo make a SPAN config on his rogue spoofer switch to create the mirror port he needs to monitor the traffic now passing thru OR just be destructive by looping thru the STP attack in order to cause topology recalcs and storm

fair but why could it not be C based on this An STP attack involves an attacker spoofing the root bridge in the topology. The attacker broadcasts out an STP configuration/topology change BPDU in an attempt to force an STP recalculation. The BPDU sent out announces that the attacker's system has a lower bridge priority. The attacker can then see a variety of frames forwarded from other switches to it. STP recalculation may also cause a denial-of-service (DoS) condition on the network by causing an interruption of 30 to 45 seconds each time the root bridge changes. Figure 14-4 shows an attacker using STP network topology changes to force its host to be elected as the root bridge.

correct