Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam

Exam 312-50v11 topic 1 question 316 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 316
Topic #: 1
[All 312-50v11 Questions]

You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic.
If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?

  • A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
  • B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.
  • C. You should use netstat to check for any suspicious connections with another IP address within the LAN.
  • D. You cannot identify such an attack and must use a VPN to protect your traffic.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
tyw82
4 weeks, 1 day ago
Selected Answer: B
Be careful of how option A is phrased. Chatgpt will tell you the answer is A. But if you ask it again whether it is possible for an ARP table to have ONE IP address with TWO different MAC addresses, it will clarify that it is not possible. You can detect ARP spoofing using ARP table if there are TWO IP addresses sharing ONE MAC address (i.e. the attacker's original IP address and it's spoofed IP address). So B is the correct answer. Simply do a ping sweep with nmap [nmap -sn 192.168.1.0/24 (replace with the network address)] and it will show you the IP / MAC addresses.
upvoted 1 times
...
YourFriendlyNeighborhoodSpider
11 months, 3 weeks ago
Selected Answer: A
A - ARP spoofing check.
upvoted 1 times
...
ffactor
1 year, 1 month ago
If EC-Council has an incorrect answer, which one are we supposed to pick in the exam?
upvoted 2 times
Ciruuss_
1 year, 1 month ago
I have the same question
upvoted 1 times
...
...
reltorurka
1 year, 2 months ago
Selected Answer: B
The correct option is B. In the arp table, it is not possible to have two identical ip's, because it is overwritten. In the case of mac addresses, however, it is possible to get two entries with equal macs.
upvoted 1 times
...
victorfs
1 year, 5 months ago
Selected Answer: A
The correct option is A The option B only search duplicated MAC's.
upvoted 1 times
...
josevirtual
1 year, 10 months ago
Selected Answer: A
The question is "how would you identify whether someone is performing an ARP spoofing attack on YOUR laptop". With B you don't know if they are doing something in your laptop. I go with A.
upvoted 4 times
...
Daniel8660
2 years ago
Selected Answer: A
ARP Spoofing Attack ARP packets can be forged to send data to the attacker’s machine.Attackers flood a target computer’s ARP cache with forged entries, which is also known as poisoning. (P.1143/1127)
upvoted 4 times
...
Benoit_G
2 years, 1 month ago
Selected Answer: A
arp -a "ARP poisoning can be detected in several different ways. You can use Windows’ Command Prompt, an open-source packet analyzer such as Wireshark, or proprietary options such as XArp. You can check the ARP attack in Command Prompt. First, open Command Prompt as an administrator. In the command line, enter: arp -a If the table contains two different IP addresses that share the same MAC address, then you are probably undergoing an ARP poisoning attack."
upvoted 4 times
...
mileke2
2 years, 5 months ago
Selected Answer: A
The answer is A. ARP spoofing works by an attacker adding their MAC address to a valid IP address on the arp table so they can get the information meant for that IP address. Checking the arp table for an IP address having two MAC addresses will be the solution.
upvoted 3 times
...
Jong1
2 years, 7 months ago
Selected Answer: B
look arp table or scan to find duplicate MAC with 2x different IP.
upvoted 2 times
...
hm67
3 years ago
https://www.comparitech.com/blog/information-security/arp-poisoning-spoofing-detect-prevent/ The table shows the IP addresses in the left column, and MAC addresses in the middle. If the table contains two different IP addresses that share the same MAC address, then you are probably undergoing an ARP poisoning attack.
upvoted 1 times
...
andrewdh
3 years ago
No, ARP spoofing will have two *IP addresses* with the same MAC, the attack machine will send a gratuitous ARP updating the MAC address of the router to ITS MAC address. The correct answer is B
upvoted 4 times
andrewdh
3 years ago
actually I correct myself - I do not think there is an accurate answer here. A correct answer would be : look at ARP table for duplicate IPs with the same MAC addresses
upvoted 4 times
...
...
brdweek
3 years ago
A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...