Numerous MAC resolution requests to create a buffer-overflow attack
teancum144
Member Posts: 229 ■■■□□□□□□□
in Security+
Which of the following type of attacks sends out numerous MAC resolution requests to create a buffer-overflow attack?
A. DDoS
B. Smurf
C. ARP Poisoning
D. DNS poisoning
The answer is "C" but I thought ARP Poisoning is changing the ARP entries in the ARP cache to launch a man-in-the-middle attack or a DoS attack?
A. DDoS
B. Smurf
C. ARP Poisoning
D. DNS poisoning
The answer is "C" but I thought ARP Poisoning is changing the ARP entries in the ARP cache to launch a man-in-the-middle attack or a DoS attack?
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
Comments
-
NotHackingYou Member Posts: 1,460 ■■■■■■■■□□ARP poising can be used to execute a DDoS. ARP Poisoning - HakipediaWhen you go the extra mile, there's no traffic.
-
teancum144 Member Posts: 229 ■■■□□□□□□□CarlSaiyed wrote: »ARP poising can be used to execute a DDoS. ARP Poisoning - HakipediaIf you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
-
NotHackingYou Member Posts: 1,460 ■■■■■■■■□□Excuse me, I mean DoS. ARP can't be used for a DDoS, but it can be used to cause a situation where client machines do not have access to any resources by just dropping everything.
Remember a DoS doesn't nessesarily mean you overwhelm the buffer of the victim machine. Denial of Service - HakipediaWhen you go the extra mile, there's no traffic. -
teancum144 Member Posts: 229 ■■■□□□□□□□What I don't understand is the question's/Answer's implication there is (1) a type of DNS poisoning attack that (2) sends out numerous MAC resolution requests to create a buffer-overflow attack. How are (1) and (2) related?If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
-
Darril Member Posts: 1,588Based on this and your other thread on Spoofed Website Cause, it seems like you're using practice test questions that don't have explanations. I don't know this but am just assuming that's the case because you're asking for explanations.
I've written literally thousands of questions and know that while writing the explanations, flaws in the question reveal themselves and the questions you're posting seem flawed. For example, I don't know of any buffer overflow attack caused by ARP packets.
Practice test questions can provide two great benefits.
1) They help you test your readiness with realistic questions. If you can look at each answer and can explain why it is correct or incorrect, you're better prepared for the live exam no matter how CompTIA words the actual questions.
2) They help people learn when they are combined with explanations. If you can't determine why an answer is correct or incorrect, the explanation gives some additional knowledge to help you understand.
However, if they don't have explanations, they often cause confusion. You could spend hours trying to prove why a correct answer is correct, or an incorrect answer is correct in a question that simply doesn't have a correct answer. Worse, when people just memorize the answer (I'm not saying your are), they're often memorizing incorrect information.
If this source is working for you, by all means continue. However, if explanations aren't included, you might want to supplement it with something else before taking the live exam.
Good luck. -
teancum144 Member Posts: 229 ■■■□□□□□□□Based on this and your other thread on Spoofed Website Cause, it seems like you're using practice test questions that don't have explanations. I don't know this but am just assuming that's the case because you're asking for explanations.
Thanks for the thorough feedback. Actually, these questions do have verbal feedback as part of a Security+ exam prep webinar offered by Brookline college through BrightTALK: brookline college | BrightTALK
Unfortunately, the host is sometimes not very informative with his explanations (probably in cases where the question is poor). In those cases, I bring the questions here because this group is such an excellent knowledge resource.If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. -
Bill3rdshift Member Posts: 36 ■■■□□□□□□□I completely agree with Darril. Brain **** and free practice exams suck. Darril makes a very crucial statement in his books saying "Know the correct answer but know why the others are wrong answers" or something like that, lol. I'm sure you get the point. I bought Darril's Kindle edition for $9.95
You can download free "Kindle for PC" if you don't have a kindle.Reading: Incident Response & Disaster Recovery, Server 2008r2 Administration, IT Security Interviews Exposed
Telecom Info Page: http://telecom.tbi.net