How do you defend against ARP Spoofing? Select three.
A.
Use ARPWALL system and block ARP spoofing attacks
B.
Tune IDS Sensors to look for large amount of ARP traffic on local subnets
C.
Use private VLANS
D.
Place static ARP entries on servers,workstation and routers
Explanation:
ARPwall is used in protecting against ARP spoofing.
Incorrect answer:IDS option may works fine in case of monitoring the traffic from outside the network but not from
internal hosts.
B is the Ans.
I beleive the incorrect answer is D because it is not practical to put static ARP for all hosts.
You CAN detect ARP poison by fine tuning IPS (which protects from external and internal threats).
https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=7105&signatureSubId=0&softwareVersion=6.0&releaseVersion=S663
Correct Answer: ACD
A – Arpwall – early warning for an arp attack
C – Private VLANs provide isolation between peers at the data link layer
D – Static ARP entries, which consist of preconfiguring a device with the MAC addresses of
devices that it will be working with ahead of time. However, this strategy does not
scale well.
Plus a bonus better question:
How do you d3f3nd against ARP Poisoning attack? (Pick 2 answers)
A. Enable DHCP Snooping Binding Table
B. Restrict ARP Duplicates
C. Enable Dynamic ARP Inspection
D. 3nable MAC snooping Table
Correct Answer: AC
A: command: > ip dhcp snooping
C: 2 IP 1 MAC