Sniffing

Question 1

In which of the following OSI layers do sniffers operate and perform an initial compromise?

Network layer
Physical layer
Transport layer
Data link layer

Answer 1

Data link layer

Question 2

Out of the following, which layer is responsible for encoding and decoding data packets into bits?

Data link layer
Network layer
Application layer
Session layer

Answer 2

Data link layer

Question 3

An attacker wants to monitor a target network traffic on one or more ports on the switch. In such a case, which of the following methods can he use?

Active sniffing
Lawful interception
Port mirroring
Wiretapping

Answer 3

Port mirroring

Question 4

Sniffers work at which of the following open systems interconnect (OSI) layers?

Transport layer
Presentation layer
Application layer
Data link layer

Answer 4

Data link layer

Question 5

Which of the following fields in an IPv4 DHCP message has a size of 128 octets?

Gateway IP address (GIADDR)
File name
Server name (SNAME)
Hardware address length

Answer 5

File name

Question 6

Which IOS Global command is used to configure the number of DHCP packets per second (pps) that an interface can receive

Answer 6

ip dhcp snooping limit rate

Question 7

Which technique is used by an attacker to connect a rogue switch to the network by tricking a legitimate switch and thereby creating a trunk link between them?

Answer 7

Switch spoofing

Question 8

How should you defend against MAC spoofing?

Answer 8

IP Source Guard

Question 9

What is a DHCP Snooping Binding Table?

Answer 9

The DHCP snooping process filters untrusted DHCP messages and helps to build and bind a DHCP binding table. This table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information to correspond with untrusted interfaces of a switch. It acts as a firewall between untrusted hosts and DHCP servers. It also helps in differentiating between trusted and untrusted interfaces.

Question 10

What is Dynamic Arp Inspection?

Answer 10

Dynamic arp inspection checks the IP–MAC address binding for each ARP packet in a network. While performing a DAI, the system will automatically drop invalid IP–MAC address bindings

Question 11

What is IP Source Guard?

Answer 11

IP Source Guard is a security feature in switches that restricts the IP traffic on untrusted layer 2 ports by filtering traffic based on the DHCP snooping binding database. It prevents spoofing attacks when the attacker tries to spoof or use the IP address of another host

Question 12

What are the IEEE 802.1X suites

Answer 12

This is a type of network protocol for port-based Network Access Control (PNAC), and its main purpose is to enforce access control at the point where a user joins the network.

Question 13

Which of the following DHCPv6 messages is sent by a server to a client in response to DHCPDiscover with the offer of configuration parameters?

Release
Reply
Relay-Reply
Advertise

Answer 13

Advertise

Question 14

Which IOS global command verifies the DHCP snooping configuration?

Answer 14

show ip dhcp snooping

Question 15

In which attack does an attacker send spoofed router advertisement messages so that all the data packets travel through their system to collect valuable information and launch MITM and DoS attacks?

Answer 15

IRDP (ICMP router discovery protocol) spoofing

Question 16

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)

• Address resolution protocol (ARP) spoofing
• ARP broadcasting
• MAC duplication
• Reverse smurf attack
• SYN flooding
• MAC flooding

Answer 16

MAC flooding, MAC duplication and ARP spoofing

Question 17

Which of the command is used to set the maximum number of secure MAC addresses for the interface on a Cisco switch

Answer 17

switchport port-security maximum 1 vlan access

Question 18

A network administrator wants to configure port security on a Cisco switch. Which command helps the administrator to enable port security on an interface?

Answer 18

switchport port-security

Question 19

Which Cisco IOS global command is used to enable or disable DHCP snooping on one or more VLANs

Answer 19

ip dhcp snooping vlan 4,104

Question 20

What is BetterCAP?

Answer 20

Bettercap is an ARP poisoning tool and also it is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks

Question 21

What is svmap?

Answer 21

Svmap is an open-source scanner that identifies SIP devices and PBX servers on a target network. It can be helpful for system administrators when used as a network inventory tool

Question 22

What is DNSRecon?

Answer 22

DNSRecon is a zone enumeration tool that assists users in enumerating DNS records such as A, AAAA, and CNAME. It also performs NSEC zone enumeration to obtain DNS record files of a target domain

Question 23

What is Enyx?

Answer 23

Enyx is an enumeration tool that fetches the IPv6 address of a machine through SNMP.

Question 24

Which of the following Cisco switch port configuration commands is used to enter a secure MAC address for the interface and the maximum number of secure MAC addresses?

switchport port-security maximum value
switchport port-security mac-address mac_address
switchport port-security limit rate invalid-source-mac
switchport port-security mac-address sticky

Answer 24

switchport port-security mac-address mac_address

Question 25

Which of the following techniques enables devices to detect the existence of unidirectional links and disable the affected interfaces in the network, in addition to causing STP topology loops?

Root guard
​Loop guard
UDLD
BPDU guard

Answer 25

UDLD (Unidirectional Link Detection)

Question 26

Which of the following IOS switch commands is used to drop packets with unknown source addresses until a sufficient number of secure MAC addresses are removed?
switchport port-security violation restrict
switchport port-security aging type inactivity
switchport port-security
switchport port-security mac-address sticky

Answer 26

switchport port-security violation restrict

Question 27

What is ARP spoofing?

Answer 27

ARP spoofing is a method of attacking an Ethernet LAN. When a legitimate user initiates a session with another user in the same layer 2 broadcast domain, the switch broadcasts an ARP request using the recipient’s IP address, while the sender waits for the recipient to respond with a MAC address.

Question 28

What is ARP poisoning?

Answer 28

With the help of ARP poisoning, an attacker can use fake ARP messages to divert all communications between two machines so that all traffic redirects via the attacker’s PC.

Question 29

What is ARP method of promiscuous node detection?

Answer 29

This technique sends a non-broadcast ARP to all the nodes in the network. The node that runs in promiscuous mode on the network WILL CACHE that info in the arp table (non-promiscuous nodes do not). Then, it will broadcast a ping message on the network with the local IP address but a different MAC address. In this case, only the node that has the MAC address (cached earlier) will be able to respond to your broadcast ping request

Question 30

What is the Ping method of promiscuous node detection?

Answer 30

Send a ping request to the suspect machine with its IP address and an incorrect MAC address. If the machine replies, it’s in promiscuous mode.