Cisco CyberOps Professional 300-215 Question # 8 Topic 1 Discussion
300-215 Exam Topic 1 Question 8 Discussion:
Question #: 8
Topic #: 1
Refer to the exhibit.
A security analyst notices unusual connections while monitoring traffic. What is the attack vector, and which action should be taken to prevent this type of event?
The exhibit shows multipleARP reply packetswith the same IP addresses (192.168.51.105and192.168.51.201) being mapped todifferent MAC addresses, which triggers the message: "duplicate use of [IP] detected". This is a strong indicator of anARP spoofing(or poisoning) attack.
ARP spoofing occurs when a malicious actor sends falsified ARP messages to associate their MAC address with the IP address of another host. This misleads other devices on the network and allows interception or redirection of traffic.
The Cisco CyberOps Associate guide specifically recommendsconfiguring port securityon switches as a method tomitigate ARP spoofing, by limiting the number of MAC addresses allowed per port or statically assigning legitimate MAC addresses to switch ports.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit