Cisco Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) 300-215 Question # 14 Topic 2 Discussion
300-215 Exam Topic 2 Question 14 Discussion:
Question #: 14
Topic #: 2
Refer to the exhibit.
A security analyst notices unusual connections while monitoring traffic. What is the attack vector, and which action should be taken to prevent this type of event?
The exhibit shows multiple ARP reply packets with the same IP addresses (192.168.51.105 and 192.168.51.201) being mapped to different MAC addresses, which triggers the message: "duplicate use of [IP] detected". This is a strong indicator of an ARP spoofing (or poisoning) attack.
ARP spoofing occurs when a malicious actor sends falsified ARP messages to associate their MAC address with the IP address of another host. This misleads other devices on the network and allows interception or redirection of traffic.
The Cisco CyberOps Associate guide specifically recommends configuring port security on switches as a method to mitigate ARP spoofing, by limiting the number of MAC addresses allowed per port or statically assigning legitimate MAC addresses to switch ports.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit