While performing surveillance activities an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack
mechanisms can the attacker utilize to bypass the identified network security controls?
A.
MAC spoofing
B.
Pharming
C.
Xmas attack
D.
ARP poisoning
Attacker is insider or outsider. MAC spoofing is done in switches(inside) and ARP poisoning at the router level(outside)!! Assuming attacker uses surveilance, so he is outsider. So correct answer is D
ARP Spoofing(poisoning) – The attack can only be used on networks that use the Address Resolution Protocol, and is limited to local network segments
For me, ARP spoofing is an insider attack: ARP requests and replies don’t go out of the local network. So, this is not suitable. MAC spoofing is also not possible, because 802.1x is much stronger than simple MAC address filtering and authenticates the device with a Radius server. It’s an odd question…
That is very funny because 802.1x is one of the techniques that can prevent ARP poisoning and Mac Spoofing
If I want to choose between these two which both are not right I would go with D
By the way I hate CompTIA