1. What is the primary goal of ARP Spoofing?
A) To encrypt ARP packets for security
B) To associate the attacker’s MAC address with a legitimate IP address
C) To block ARP requests from reaching the router
D) To replace DNS records on the server
β
Answer: B) To associate the attacker’s MAC address with a legitimate IP address
π‘ Explanation: ARP Spoofing (or ARP Poisoning) involves sending false ARP replies to associate the attacker’s MAC address with the IP address of a target device, allowing them to intercept, modify, or redirect network traffic.
2. What protocol does ARP Spoofing exploit?
A) TCP
B) UDP
C) ICMP
D) ARP
β
Answer: D) ARP
π‘ Explanation: ARP (Address Resolution Protocol) is responsible for mapping IP addresses to MAC addresses in a local network. Since ARP lacks authentication, attackers can send forged ARP replies to manipulate this mapping.
3. Which attack is commonly associated with ARP Spoofing?
A) SQL Injection
B) MITM (Man-in-the-Middle) Attack
C) Cross-Site Scripting (XSS)
D) Buffer Overflow
β
Answer: B) MITM (Man-in-the-Middle) Attack
π‘ Explanation: By using ARP Spoofing, an attacker can position themselves as an intermediary between two communicating devices, intercepting or modifying the traffic (MITM attack).
4. How can ARP Spoofing be mitigated?
A) Using static ARP entries
B) Disabling ICMP requests
C) Increasing network bandwidth
D) Blocking all DNS requests
β
Answer: A) Using static ARP entries
π‘ Explanation: Manually configuring static ARP entries for trusted devices prevents malicious ARP updates from modifying the MAC-to-IP mappings.
5. What is the primary goal of DNS Poisoning?
A) To block DNS resolution for a target
B) To redirect users to a malicious website
C) To encrypt DNS queries
D) To filter out phishing domains
β
Answer: B) To redirect users to a malicious website
π‘ Explanation: DNS Poisoning (or DNS Spoofing) involves injecting false DNS responses, redirecting users to attacker-controlled websites that mimic legitimate sites.
6. Which tool is commonly used for ARP Spoofing?
A) Metasploit
B) Wireshark
C) arpspoof
D) Nmap
β
Answer: C) arpspoof
π‘ Explanation: arpspoof, part of the dsniff suite, is a tool used to send fake ARP replies and conduct ARP Spoofing attacks.
7. What type of attack is DNS Poisoning?
A) DoS (Denial-of-Service)
B) Man-in-the-Middle
C) Phishing
D) Session Hijacking
β
Answer: B) Man-in-the-Middle
π‘ Explanation: DNS Poisoning allows attackers to insert themselves into the communication flow by redirecting users to malicious sites, a form of MITM attack.
8. How does DNSSEC help prevent DNS Poisoning?
A) By encrypting DNS queries
B) By using digital signatures to verify responses
C) By blocking all external DNS queries
D) By limiting DNS resolution to internal networks
β
Answer: B) By using digital signatures to verify responses
π‘ Explanation: DNSSEC (Domain Name System Security Extensions) ensures DNS responses are authenticated using cryptographic signatures, preventing attackers from injecting forged responses.
9. Which record in DNS is typically targeted in DNS Poisoning?
A) MX
B) A
C) CNAME
D) TXT
β
Answer: B) A
π‘ Explanation: The A (Address) Record maps a domain name to an IP address, making it a primary target for DNS Poisoning to redirect users to malicious IP addresses.
10. What is a common symptom of a DNS Poisoning attack?
A) Slow internet speeds
B) Frequent CAPTCHA verifications
C) Being redirected to fake websites
D) System crashes
β
Answer: C) Being redirected to fake websites
π‘ Explanation: If DNS Poisoning is successful, users will unknowingly visit fraudulent websites that impersonate legitimate ones.
11. Which technique is NOT effective against ARP Spoofing?
A) Using encrypted DNS
B) Enabling port security
C) Using a VPN
D) Deploying ARP monitoring tools
β
Answer: A) Using encrypted DNS
π‘ Explanation: While encrypted DNS (like DoH or DoT) secures DNS queries, it does not protect against ARP Spoofing, which operates at the local network level.
12. What is the purpose of reverse DNS lookup?
A) To find the IP address associated with a domain name
B) To find the domain name associated with an IP address
C) To detect ARP Spoofing attempts
D) To block malicious DNS queries
β
Answer: B) To find the domain name associated with an IP address
π‘ Explanation: Reverse DNS lookup allows checking which domain name is linked to a specific IP address, useful for security monitoring.
13. What does an ARP cache contain?
A) A list of allowed IP addresses
B) A list of domain name resolutions
C) MAC-to-IP address mappings
D) A list of firewall rules
β
Answer: C) MAC-to-IP address mappings
π‘ Explanation: The ARP cache stores mappings of MAC addresses to IP addresses, which attackers target in ARP Spoofing.
14. What is an effective way to detect ARP Spoofing?
A) Checking system logs
B) Monitoring ARP cache for duplicate MAC addresses
C) Running a speed test
D) Enabling DNS over HTTPS
β
Answer: B) Monitoring ARP cache for duplicate MAC addresses
π‘ Explanation: If multiple IP addresses resolve to the same MAC address, it may indicate ARP Spoofing.
15. What is the primary difference between ARP Spoofing and DNS Poisoning?
A) ARP Spoofing targets IP-to-MAC mappings, while DNS Poisoning targets domain name resolution
B) DNS Poisoning is more dangerous than ARP Spoofing
C) ARP Spoofing only affects web traffic
D) ARP Spoofing cannot be detected
β
Answer: A) ARP Spoofing targets IP-to-MAC mappings, while DNS Poisoning targets domain name resolution
π‘ Explanation: ARP Spoofing manipulates local network traffic, while DNS Poisoning affects domain name lookups globally.
16. Which command can be used to inspect the ARP table in Linux?
A) netstat -r
B) arp -a
C) nslookup
D) traceroute
β
Answer: B) arp -a
π‘ Explanation: The arp -a command lists all stored ARP entries, useful for detecting suspicious MAC-IP associations.
17. How can attackers exploit public Wi-Fi networks using ARP Spoofing?
A) By launching MITM attacks
B) By injecting malware into the router
C) By blocking HTTP traffic
D) By filtering out encrypted connections
β
Answer: A) By launching MITM attacks
π‘ Explanation: ARP Spoofing on public Wi-Fi allows attackers to intercept and modify traffic.
18. Which of the following best describes a rogue DHCP server in relation to ARP Spoofing?
A) A server that assigns incorrect DNS settings
B) A server that prevents devices from connecting to the network
C) A server that assigns fake MAC addresses to all devices
D) A server that performs IP fragmentation attacks
β
Answer: A) A server that assigns incorrect DNS settings
π‘ Explanation: Rogue DHCP servers are often used in combination with ARP Spoofing to assign incorrect DNS settings, redirecting traffic through attacker-controlled servers.
19. What is the primary risk of ARP Spoofing in a corporate network?
A) It enables attackers to modify network firewalls
B) It allows attackers to intercept and manipulate internal communications
C) It prevents employees from accessing external websites
D) It blocks all DNS queries
β
Answer: B) It allows attackers to intercept and manipulate internal communications
π‘ Explanation: ARP Spoofing enables a Man-in-the-Middle (MITM) attack, where an attacker can eavesdrop, modify, or redirect network communications between employees and servers.
20. What type of ARP message is commonly exploited in ARP Spoofing?
A) ARP Request
B) ARP Response
C) ARP Redirect
D) ARP Denial
β
Answer: B) ARP Response
π‘ Explanation: Since ARP lacks authentication, attackers send spoofed ARP Responses to poison the targetβs ARP cache, redirecting network traffic to their device.
21. What is the primary difference between ARP Spoofing and MAC Flooding?
A) ARP Spoofing targets IP-to-MAC mappings, whereas MAC Flooding overloads switch MAC tables
B) MAC Flooding is more dangerous than ARP Spoofing
C) ARP Spoofing affects only routers, while MAC Flooding affects all devices
D) MAC Flooding is a DNS-based attack
β
Answer: A) ARP Spoofing targets IP-to-MAC mappings, whereas MAC Flooding overloads switch MAC tables
π‘ Explanation: MAC Flooding overwhelms a switch with fake MAC addresses, forcing it into hub mode, making all traffic visible to the attacker, while ARP Spoofing manipulates MAC-IP mappings.
22. Which networking component is most vulnerable to ARP Spoofing?
A) Layer 1 (Physical Layer)
B) Layer 2 (Data Link Layer)
C) Layer 3 (Network Layer)
D) Layer 4 (Transport Layer)
β
Answer: B) Layer 2 (Data Link Layer)
π‘ Explanation: ARP operates at the Data Link Layer (Layer 2), making it susceptible to spoofing attacks due to its lack of authentication.
23. What is the primary purpose of a Dynamic ARP Inspection (DAI) feature in switches?
A) To prevent brute-force attacks
B) To detect and block ARP Spoofing attacks
C) To encrypt ARP packets
D) To allow only DNSSEC-protected queries
β
Answer: B) To detect and block ARP Spoofing attacks
π‘ Explanation: Dynamic ARP Inspection (DAI) validates ARP packets, ensuring only legitimate ones are processed, mitigating ARP Spoofing attacks.
24. How does an attacker use DNS Cache Poisoning?
A) By modifying a DNS resolverβs cache with malicious entries
B) By blocking legitimate DNS queries
C) By hijacking TCP connections
D) By replacing SSL certificates in HTTPS traffic
β
Answer: A) By modifying a DNS resolverβs cache with malicious entries
π‘ Explanation: DNS Cache Poisoning occurs when an attacker injects fake DNS records into a resolverβs cache, causing users to be redirected to malicious sites.
25. What is a key indicator of a DNS Poisoning attack?
A) Internet speed significantly increases
B) Multiple devices redirect to phishing websites
C) Websites load slower than usual
D) Random pop-ups appear on the system
β
Answer: B) Multiple devices redirect to phishing websites
π‘ Explanation: If multiple users suddenly experience redirections to phishing websites, it may indicate a DNS Poisoning attack affecting the networkβs DNS cache.
26. What is a common tool used for DNS Spoofing attacks?
A) Ettercap
B) Netstat
C) Snort
D) Traceroute
β
Answer: A) Ettercap
π‘ Explanation: Ettercap is a popular tool for conducting ARP Spoofing and DNS Spoofing to facilitate MITM attacks.
27. Which security feature in web browsers helps detect DNS Spoofing?
A) Secure Cookies
B) HSTS (HTTP Strict Transport Security)
C) JavaScript Execution Control
D) Auto-Form Fill
β
Answer: B) HSTS (HTTP Strict Transport Security)
π‘ Explanation: HSTS enforces HTTPS connections, preventing attackers from using DNS Spoofing to downgrade traffic to HTTP, which is easier to intercept.
28. Which method can help detect DNS Spoofing?
A) Checking if the server’s IP address is consistent across different networks
B) Disabling the firewall
C) Reducing the TTL value in DNS records
D) Blocking all outbound traffic
β
Answer: A) Checking if the server’s IP address is consistent across different networks
π‘ Explanation: If a legitimate domain resolves to different IPs across different networks, it may indicate DNS Spoofing.
29. What type of attack occurs when an attacker modifies DNS responses in transit?
A) Rogue DHCP Attack
B) Man-in-the-Middle Attack
C) Reverse Shell Attack
D) Denial-of-Service
β
Answer: B) Man-in-the-Middle Attack
π‘ Explanation: Modifying DNS responses in transit allows an attacker to redirect users to malicious sites, a classic MITM attack technique.
30. What is the main reason ARP Spoofing is effective?
A) ARP lacks authentication mechanisms
B) ARP operates over an encrypted protocol
C) ARP requests are sent over TCP
D) ARP uses DNSSEC for verification
β
Answer: A) ARP lacks authentication mechanisms
π‘ Explanation: Since ARP does not authenticate responses, any device can send forged ARP replies, making it vulnerable to spoofing.
31. What is the purpose of the arping command in Linux?
A) To scan for open ports on a remote system
B) To send ICMP echo requests to a host
C) To send ARP requests and discover MAC addresses
D) To modify the ARP cache of a remote system
β
Answer: C) To send ARP requests and discover MAC addresses
π‘ Explanation: The arping command is used to send ARP request packets to determine the MAC address of a given IP address within a local network.
32. Which network device is particularly susceptible to ARP Spoofing?
A) Routers
B) Hubs
C) Layer 2 Switches
D) Firewalls
β
Answer: C) Layer 2 Switches
π‘ Explanation: Since Layer 2 switches rely on ARP for forwarding packets, they can be manipulated by ARP Spoofing, which alters MAC-to-IP mappings.
33. What is the function of an ARP Probe?
A) To detect unauthorized MAC addresses
B) To request an IP-to-MAC mapping before assigning an IP
C) To delete expired ARP entries
D) To encrypt ARP responses
β
Answer: B) To request an IP-to-MAC mapping before assigning an IP
π‘ Explanation: ARP Probes are sent to check whether an IP address is already in use before an interface claims it.
34. What is the primary risk of an attacker modifying DNS records on a compromised server?
A) The server will slow down
B) The server will be unable to process HTTP requests
C) Users will be redirected to malicious sites
D) The firewall will block DNS traffic
β
Answer: C) Users will be redirected to malicious sites
π‘ Explanation: If an attacker changes DNS records, users may unknowingly visit phishing or malware-infected websites, leading to data theft.
35. What is the primary purpose of a DNS Resolver?
A) To encrypt DNS requests for security
B) To translate domain names into IP addresses
C) To store user login credentials
D) To act as a firewall against DNS Spoofing
β
Answer: B) To translate domain names into IP addresses
π‘ Explanation: A DNS Resolver queries authoritative DNS servers to translate domain names into IP addresses, allowing users to access websites.
36. Which attack technique involves an attacker replacing DNS responses by exploiting the lack of authentication in DNS queries?
A) ARP Poisoning
B) DNS Spoofing
C) Reverse Shell Injection
D) TCP SYN Flood
β
Answer: B) DNS Spoofing
π‘ Explanation: DNS Spoofing occurs when an attacker injects false DNS responses, misleading users into visiting fraudulent websites.
37. What is one way an attacker can exploit ARP Spoofing to intercept encrypted traffic?
A) By using ARP Probes
B) By decrypting ARP packets in transit
C) By performing an SSL Strip attack
D) By disabling DHCP requests
β
Answer: C) By performing an SSL Strip attack
π‘ Explanation: An attacker can use SSL Strip to downgrade HTTPS connections to HTTP after ARP Spoofing, allowing them to intercept sensitive information.
38. How does an attacker execute a DNS Spoofing attack using cache poisoning?
A) By overloading the DNS server with excessive queries
B) By injecting forged DNS responses into a DNS serverβs cache
C) By blocking all outbound DNS queries
D) By modifying DNS records on the client-side
β
Answer: B) By injecting forged DNS responses into a DNS serverβs cache
π‘ Explanation: DNS Cache Poisoning occurs when an attacker plants malicious DNS entries in a resolverβs cache, misdirecting users.
39. What is the purpose of dnsspoof in penetration testing?
A) To encrypt DNS queries for security
B) To prevent DNS resolution errors
C) To intercept and modify DNS responses
D) To detect DNS tunneling attacks
β
Answer: C) To intercept and modify DNS responses
π‘ Explanation: dnsspoof, part of dsniff, is a tool used in MITM attacks to intercept and forge DNS responses.
40. What security feature can help prevent DNS Cache Poisoning?
A) DNS Over HTTPS (DoH)
B) Disabling ARP caching
C) Using insecure resolvers
D) Blocking all UDP traffic
β
Answer: A) DNS Over HTTPS (DoH)
π‘ Explanation: DoH encrypts DNS queries, preventing attackers from injecting forged responses into a resolverβs cache.
41. What is one way to detect ARP Spoofing?
A) Checking for duplicate MAC addresses in the ARP table
B) Using SSH instead of Telnet
C) Disabling DNS queries
D) Blocking all ICMP requests
β
Answer: A) Checking for duplicate MAC addresses in the ARP table
π‘ Explanation: If multiple IP addresses map to the same MAC address, it may indicate ARP Spoofing.
42. Why does ARP Spoofing work on switched networks?
A) Because ARP operates at Layer 3
B) Because switches store ARP tables
C) Because ARP has no built-in authentication
D) Because ARP relies on ICMP packets
β
Answer: C) Because ARP has no built-in authentication
π‘ Explanation: Since ARP does not verify sender authenticity, attackers can send forged ARP replies, manipulating network traffic.
43. What happens when an ARP Spoofing attack is successful?
A) The attacker can capture and modify network traffic
B) The victim is completely disconnected from the internet
C) The attacker gains root access to the router
D) The firewall automatically blocks malicious connections
β
Answer: A) The attacker can capture and modify network traffic
π‘ Explanation: ARP Spoofing enables MITM attacks, allowing an attacker to intercept, modify, or block traffic.
44. What does a DNS Amplification Attack exploit?
A) ARP Cache
B) Open DNS resolvers
C) HTTPS encryption
D) DNSSEC authentication
β
Answer: B) Open DNS resolvers
π‘ Explanation: A DNS Amplification Attack exploits open DNS resolvers to send large responses to spoofed targets, leading to DDoS attacks.
45. What protocol can replace ARP to enhance security in IPv6 networks?
A) DHCP
B) NDP (Neighbor Discovery Protocol)
C) BGP
D) ICMP
β
Answer: B) NDP (Neighbor Discovery Protocol)
π‘ Explanation: IPv6 networks use NDP instead of ARP, which includes Secure Neighbor Discovery (SEND) to prevent spoofing.
46. What is the primary impact of an attacker performing a successful DNS Spoofing attack?
A) The attacker gains administrative access to the DNS server
B) The victim is redirected to a malicious website without their knowledge
C) The victim’s DNS queries are blocked
D) The attack crashes the entire network
β
Answer: B) The victim is redirected to a malicious website without their knowledge
π‘ Explanation: DNS Spoofing allows an attacker to send fake DNS responses, leading victims to malicious sites instead of legitimate ones.
47. Which type of security control can help prevent ARP Spoofing attacks?
A) Firewall rules
B) Enabling port security on network switches
C) Disabling HTTP traffic
D) Blocking all UDP traffic
β
Answer: B) Enabling port security on network switches
π‘ Explanation: Port security on switches restricts the number of MAC addresses allowed per port, helping prevent ARP Spoofing attacks.
48. What is a characteristic of Gratuitous ARP (GARP) that can be exploited by attackers?
A) It is used to update the ARP cache without an ARP request
B) It encrypts ARP messages
C) It requires authentication before updating ARP tables
D) It only affects IPv6 networks
β
Answer: A) It is used to update the ARP cache without an ARP request
π‘ Explanation: Gratuitous ARP (GARP) updates ARP tables without requiring a request, which attackers can abuse for spoofing MAC addresses.
49. What happens if an attacker poisons the ARP cache of a default gateway?
A) The attacker can intercept traffic between all devices and the internet
B) The attacker crashes the network switch
C) The attacker blocks all incoming DNS queries
D) The attacker can only spoof their own IP address
β
Answer: A) The attacker can intercept traffic between all devices and the internet
π‘ Explanation: By poisoning the ARP cache of the gateway, an attacker redirects all outbound traffic through their device, enabling a MITM attack.
50. Which technique helps verify DNS responses to prevent DNS Spoofing?
A) Randomized source port queries
B) Blocking all DNS traffic
C) Using TCP instead of UDP for DNS queries
D) Disabling recursive DNS resolution
β
Answer: A) Randomized source port queries
π‘ Explanation: Randomizing DNS query ports makes it harder for attackers to predict and inject fake DNS responses, mitigating DNS Spoofing.
51. What is the primary reason that ARP Spoofing attacks are difficult to detect?
A) ARP operates at the Data Link Layer, making traffic invisible to higher layers
B) ARP packets are encrypted by default
C) Firewalls automatically block all ARP packets
D) ARP has built-in authentication that prevents spoofing
β
Answer: A) ARP operates at the Data Link Layer, making traffic invisible to higher layers
π‘ Explanation: ARP operates at Layer 2, so intrusion detection systems (IDS) may not monitor it, making attacks difficult to detect.
52. Which command helps identify ARP Spoofing by checking for duplicate IP-MAC mappings?
A) ping -t
B) arp -a
C) traceroute
D) netstat -r
β
Answer: B) arp -a
π‘ Explanation: The arp -a command lists current ARP cache entries, helping detect duplicate IP-to-MAC address mappings that indicate ARP Spoofing.
53. What role does a DNS Forwarder play in DNS resolution?
A) It resolves queries from local hosts only
B) It prevents DNS cache poisoning
C) It forwards DNS queries to external DNS servers
D) It blocks all unauthorized DNS requests
β
Answer: C) It forwards DNS queries to external DNS servers
π‘ Explanation: A DNS Forwarder helps optimize DNS resolution by forwarding queries to external or upstream DNS servers instead of resolving them locally.
54. How does an attacker use DNS Rebinding in an attack?
A) By sending multiple DNS requests to different resolvers
B) By rapidly changing the resolved IP of a domain to bypass same-origin policies
C) By blocking all DNS traffic to legitimate servers
D) By flooding the target with fake DNS queries
β
Answer: B) By rapidly changing the resolved IP of a domain to bypass same-origin policies
π‘ Explanation: DNS Rebinding tricks a victimβs browser into connecting to internal resources by changing the resolved IP address dynamically.
55. How can network administrators prevent DNS Spoofing attacks?
A) By setting a low TTL value on DNS records
B) By using DNSSEC to authenticate DNS responses
C) By disabling ARP requests on the router
D) By filtering out HTTP requests
β
Answer: B) By using DNSSEC to authenticate DNS responses
π‘ Explanation: DNSSEC (Domain Name System Security Extensions) provides cryptographic signatures to verify legitimate DNS responses, mitigating DNS Spoofing.
56. What is an effective way to prevent unauthorized ARP replies?
A) Blocking ICMP traffic
B) Implementing static ARP entries
C) Disabling all UDP traffic
D) Lowering the TTL value in ARP packets
β
Answer: B) Implementing static ARP entries
π‘ Explanation: Manually setting ARP entries prevents unauthorized devices from modifying the MAC-to-IP mappings, blocking ARP Spoofing.
57. What does DNS Sinkholing do to prevent malicious activity?
A) Redirects malicious traffic to a controlled DNS server
B) Encrypts all DNS queries
C) Blocks all outgoing traffic from infected hosts
D) Prevents the execution of JavaScript-based attacks
β
Answer: A) Redirects malicious traffic to a controlled DNS server
π‘ Explanation: DNS Sinkholes redirect traffic from infected machines to a safe destination instead of allowing access to malicious sites.
58. Which of the following best describes a DNS Hijacking attack?
A) Intercepting DNS requests by modifying the resolverβs configuration
B) Modifying TTL values in DNS queries
C) Redirecting TCP packets to different IP addresses
D) Blocking all DNSSEC-protected domains
β
Answer: A) Intercepting DNS requests by modifying the resolverβs configuration
π‘ Explanation: DNS Hijacking manipulates a system’s DNS settings to route requests through malicious servers instead of legitimate ones.
59. Which tool is widely used for real-time ARP Spoofing detection?
A) Snort
B) Aircrack-ng
C) Hydra
D) SQLmap
β
Answer: A) Snort
π‘ Explanation: Snort is an Intrusion Detection System (IDS) that can monitor network traffic for ARP Spoofing attempts in real time.
60. How does an attacker use a Rogue DNS Server in DNS Spoofing?
A) By responding with incorrect IP addresses for domain queries
B) By blocking all DNS traffic
C) By modifying the TTL value of DNS records
D) By preventing domain name resolution
β
Answer: A) By responding with incorrect IP addresses for domain queries
π‘ Explanation: A Rogue DNS Server provides false DNS responses, leading users to malicious websites controlled by the attacker.
61. What is the primary attack vector in ARP Spoofing?
A) Exploiting buffer overflows
B) Forging ARP reply packets
C) Injecting malicious JavaScript
D) Exploiting weak encryption in DNS
β
Answer: B) Forging ARP reply packets
π‘ Explanation: ARP Spoofing relies on sending forged ARP reply packets to trick devices into associating the attackerβs MAC address with a trusted IP.
62. Which type of DNS attack manipulates the host file on a victimβs computer to redirect traffic?
A) DNS Spoofing
B) Pharming
C) ARP Cache Poisoning
D) DNS Amplification
β
Answer: B) Pharming
π‘ Explanation: Pharming modifies the local hosts file to redirect users to malicious websites, making them think they are visiting legitimate sites.
63. What type of attack combines DNS Spoofing with an automated fake login page?
A) Phishing
B) MAC Flooding
C) DoS Attack
D) IP Fragmentation Attack
β
Answer: A) Phishing
π‘ Explanation: Phishing tricks users into entering their credentials on a spoofed website, often achieved using DNS Spoofing to redirect them.
64. What feature in modern browsers helps protect against DNS Spoofing attacks?
A) Content Security Policy (CSP)
B) Same-Origin Policy
C) HSTS (HTTP Strict Transport Security)
D) Auto-form filling
β
Answer: C) HSTS (HTTP Strict Transport Security)
π‘ Explanation: HSTS forces HTTPS connections, reducing the risk of DNS Spoofing-based MITM attacks that attempt to downgrade secure connections.
65. What is the primary purpose of Reverse DNS Lookup?
A) To block phishing domains
B) To map IP addresses to domain names
C) To detect and prevent DNS tunneling
D) To encrypt DNS queries
β
Answer: B) To map IP addresses to domain names
π‘ Explanation: Reverse DNS Lookup resolves IP addresses back to domain names, often used for network troubleshooting and security monitoring.
66. How can an attacker use ARP Spoofing to escalate privileges on a network?
A) By modifying network firewall rules
B) By intercepting administrator credentials in transit
C) By overloading network switches
D) By injecting payloads into DNS records
β
Answer: B) By intercepting administrator credentials in transit
π‘ Explanation: ARP Spoofing enables MITM attacks, allowing attackers to steal credentials, potentially leading to privilege escalation.
67. What tool can be used to detect unauthorized ARP replies?
A) Wireshark
B) Netcat
C) Hydra
D) John the Ripper
β
Answer: A) Wireshark
π‘ Explanation: Wireshark can capture ARP packets, helping detect suspicious or duplicate ARP replies, which may indicate ARP Spoofing.
68. What type of DNS attack is used to flood a target with excessive DNS queries?
A) DNS Spoofing
B) DNS Tunneling
C) DNS Amplification
D) DNS Filtering
β
Answer: C) DNS Amplification
π‘ Explanation: DNS Amplification is a DDoS attack where an attacker spoofs queries to open resolvers, triggering large responses to a target.
69. Which of the following is NOT an effective countermeasure against DNS Spoofing?
A) Using DNSSEC
B) Encrypting DNS queries with DoH
C) Setting up static ARP entries
D) Verifying DNS responses using digital signatures
β
Answer: C) Setting up static ARP entries
π‘ Explanation: Static ARP entries help prevent ARP Spoofing, but they do not protect against DNS Spoofing, which affects name resolution.
70. What is one major limitation of ARP-based attacks?
A) They only work within a local network (LAN)
B) They can only target Linux-based systems
C) They require a compromised DNS server
D) They rely on firewall misconfigurations
β
Answer: A) They only work within a local network (LAN)
π‘ Explanation: ARP is a Layer 2 protocol, meaning ARP Spoofing is limited to the local network and cannot be used to attack remote systems.
71. What is a primary characteristic of a DNS Fast Flux attack?
A) Rapidly changing IP addresses mapped to a domain
B) Using fake ARP replies to redirect network traffic
C) Flooding the DNS server with recursive queries
D) Manipulating DHCP leases to disable DNS resolution
β
Answer: A) Rapidly changing IP addresses mapped to a domain
π‘ Explanation: Fast Flux is used in botnets to make malicious domains harder to track by continuously switching IP addresses.
72. What is an effective way to prevent unauthorized DNS modifications?
A) Blocking UDP traffic on port 53
B) Using DNSSEC to verify DNS responses
C) Encrypting all HTTP requests
D) Deploying MAC address filtering
β
Answer: B) Using DNSSEC to verify DNS responses
π‘ Explanation: DNSSEC ensures DNS integrity by validating responses with cryptographic signatures, preventing forged DNS records.
73. How can attackers use ARP Spoofing to bypass network-based access controls?
A) By dynamically changing TTL values in packets
B) By disguising themselves as a trusted gateway
C) By injecting malicious JavaScript into network packets
D) By executing a brute-force attack against ARP tables
β
Answer: B) By disguising themselves as a trusted gateway
π‘ Explanation: Attackers use ARP Spoofing to impersonate the gateway, allowing them to bypass IP-based filtering and network access controls.
74. How does a DNS Reflection Attack work?
A) By reflecting DNS queries back to the source
B) By sending spoofed DNS requests that generate massive responses to a target
C) By reflecting IP packets between two DNS servers
D) By modifying TTL values in DNS responses
β
Answer: B) By sending spoofed DNS requests that generate massive responses to a target
π‘ Explanation: A DNS Reflection Attack tricks DNS servers into sending large responses to a spoofed target, overloading its resources.
75. What type of DNS Spoofing attack involves modifying DNS records on an authoritative server?
A) Cache Poisoning
B) Zone Poisoning
C) DNS Tunneling
D) DNS Amplification
β
Answer: B) Zone Poisoning
π‘ Explanation: Zone Poisoning modifies DNS records on an authoritative DNS server, allowing attackers to redirect all queries for a domain.
76. Which protocol is commonly used for encrypted DNS communication to prevent DNS Spoofing?
A) SMTP
B) DNSSEC
C) DoH (DNS over HTTPS)
D) FTP
β
Answer: C) DoH (DNS over HTTPS)
π‘ Explanation: DoH encrypts DNS queries using HTTPS, preventing attackers from modifying or intercepting DNS responses.
77. In a typical ARP Spoofing attack, how does the attacker manipulate the victim’s ARP cache?
A) By modifying the subnet mask
B) By sending a forged ARP reply with their MAC address
C) By performing a DNS zone transfer
D) By blocking all ICMP packets
β
Answer: B) By sending a forged ARP reply with their MAC address
π‘ Explanation: Attackers send forged ARP replies to trick a victim into associating their IP address with the attacker’s MAC address.
78. What is the primary reason that DNS uses UDP instead of TCP?
A) To ensure encrypted communication
B) To reduce latency and improve speed
C) To prevent DNS cache poisoning
D) To allow multiple simultaneous connections
β
Answer: B) To reduce latency and improve speed
π‘ Explanation: DNS queries are designed to be fast and lightweight, so they typically use UDP instead of TCP for efficiency.
79. What role does a DNS Resolver play in DNS resolution?
A) It translates domain names into IP addresses
B) It stores all DNS records for the internet
C) It blocks unauthorized DNS requests
D) It encrypts ARP requests
β
Answer: A) It translates domain names into IP addresses
π‘ Explanation: A DNS Resolver queries authoritative DNS servers to resolve domain names into IP addresses for user requests.
80. How does an attacker execute a Man-in-the-Middle (MITM) attack using ARP Spoofing?
A) By injecting malicious JavaScript into web pages
B) By flooding a target DNS server with excessive queries
C) By poisoning the ARP cache of both the victim and the router
D) By modifying firewall rules on the victimβs machine
β
Answer: C) By poisoning the ARP cache of both the victim and the router
π‘ Explanation: MITM attacks using ARP Spoofing work by tricking both the victim and the router into sending traffic through the attacker.
81. What is a characteristic of a DNS Cache Poisoning attack?
A) It floods the network with ICMP packets
B) It sends fake DNS responses to cache incorrect IP addresses
C) It disables network switches
D) It requires disabling firewalls to be effective
β
Answer: B) It sends fake DNS responses to cache incorrect IP addresses
π‘ Explanation: DNS Cache Poisoning tricks DNS resolvers into storing incorrect IP addresses, leading users to malicious sites.
82. How can an organization detect DNS Spoofing attacks?
A) By scanning for duplicate MAC addresses in the ARP table
B) By using reverse DNS lookups to verify resolved IP addresses
C) By blocking all external network traffic
D) By disabling ICMP responses
β
Answer: B) By using reverse DNS lookups to verify resolved IP addresses
π‘ Explanation: If a reverse DNS lookup returns unexpected domain names, it may indicate DNS Spoofing.
83. Which tool can be used to analyze ARP packets and detect ARP Spoofing?
A) Metasploit
B) Wireshark
C) SQLmap
D) Nikto
β
Answer: B) Wireshark
π‘ Explanation: Wireshark captures and inspects ARP packets, helping detect anomalous ARP traffic that may indicate spoofing.
84. What does a DNS Zone Transfer allow?
A) The transfer of DNS records from one DNS server to another
B) The execution of remote code on a DNS server
C) The ability to block DNS Spoofing
D) The ability to encrypt all DNS requests
β
Answer: A) The transfer of DNS records from one DNS server to another
π‘ Explanation: DNS Zone Transfers allow backup or replication of DNS records, but they can be exploited by attackers for information disclosure.
85. What is a major risk associated with an open DNS resolver?
A) It can be used for DNS Amplification attacks
B) It blocks legitimate DNS queries
C) It encrypts all DNS queries by default
D) It prevents ARP Spoofing attacks
β
Answer: A) It can be used for DNS Amplification attacks
π‘ Explanation: Open DNS resolvers are often abused in DNS Amplification attacks, where attackers send spoofed queries to flood a target with large responses.
86. How can network administrators prevent ARP Spoofing on enterprise networks?
A) By using ARP Spoofing detection tools
B) By disabling DNS resolution on all devices
C) By blocking all UDP traffic
D) By lowering the TTL value of ARP packets
β
Answer: A) By using ARP Spoofing detection tools
π‘ Explanation: ARP Spoofing detection tools monitor ARP traffic and alert administrators when anomalous ARP replies are detected.
87. What is the role of an Authoritative DNS Server?
A) It provides the final answer for domain name queries
B) It encrypts DNS traffic between clients and servers
C) It resolves all queries for the entire internet
D) It blocks malicious DNS requests
β
Answer: A) It provides the final answer for domain name queries
π‘ Explanation: Authoritative DNS servers store official domain name records, providing the final answer for DNS queries.
88. Which technique prevents DNS Cache Poisoning by randomizing query parameters?
A) DNSSEC
B) Query Name Randomization (QNR)
C) SSL Pinning
D) Port Knocking
β
Answer: B) Query Name Randomization (QNR)
π‘ Explanation: Query Name Randomization (QNR) makes it harder for attackers to predict and poison DNS cache by randomizing query names.
89. Why is ARP Spoofing particularly dangerous on public Wi-Fi networks?
A) Because public Wi-Fi networks do not use encryption
B) Because ARP messages are broadcasted within the local network
C) Because ARP packets are encrypted on private networks
D) Because ARP requests cannot be intercepted on wired networks
β
Answer: B) Because ARP messages are broadcasted within the local network
π‘ Explanation: ARP requests and responses are broadcasted, making it easy for attackers on public Wi-Fi to intercept and manipulate them.
90. What is a potential consequence of a DNS Spoofing attack on a financial institution’s website?
A) Users may be redirected to a phishing site that steals their credentials
B) The institution’s website will load faster
C) The website will become completely inaccessible
D) The attacker can modify banking transactions directly
β
Answer: A) Users may be redirected to a phishing site that steals their credentials
π‘ Explanation: DNS Spoofing on financial sites can redirect users to phishing pages that steal login credentials and financial data.
91. Which of the following is a direct consequence of ARP Spoofing?
A) Denial-of-Service (DoS) attack
B) Incorrect DNS resolution
C) Unauthorized network access
D) Reduced network bandwidth
β
Answer: C) Unauthorized network access
π‘ Explanation: ARP Spoofing allows attackers to redirect network traffic, leading to unauthorized access and data interception.
92. What makes ARP Spoofing effective in switched networks?
A) Switches store MAC address tables, which attackers can manipulate
B) Switches automatically encrypt all network packets
C) Switches prevent all MITM attacks
D) Switches cannot handle more than 100 devices
β
Answer: A) Switches store MAC address tables, which attackers can manipulate
π‘ Explanation: Switches maintain ARP tables, and attackers can inject fake MAC-to-IP mappings to redirect traffic.
93. What is the primary limitation of a DNS Cache Poisoning attack?
A) It requires physical access to the victimβs router
B) It can only target individual machines, not entire networks
C) The poisoned DNS cache entries eventually expire
D) It only works with static IP addresses
β
Answer: C) The poisoned DNS cache entries eventually expire
π‘ Explanation: DNS cache entries have TTL (Time-To-Live) values, so a poisoned cache is temporary unless repeatedly refreshed by an attacker.
94. What is a possible result of ARP Spoofing in a VoIP (Voice over IP) network?
A) Delayed software updates
B) Eavesdropping on voice calls
C) Automatic DNS encryption
D) Increased internet speeds
β
Answer: B) Eavesdropping on voice calls
π‘ Explanation: ARP Spoofing in VoIP networks allows an attacker to capture unencrypted voice data, leading to call eavesdropping.
95. How does ARP Spoofing help in session hijacking?
A) It injects malicious cookies into the victimβs browser
B) It allows the attacker to steal authentication tokens
C) It floods the network with DNS queries
D) It forces a password reset on the victimβs device
β
Answer: B) It allows the attacker to steal authentication tokens
π‘ Explanation: Session hijacking occurs when an attacker intercepts authentication tokens using MITM techniques via ARP Spoofing.
96. What is one reason why organizations deploy Intrusion Detection Systems (IDS) for ARP monitoring?
A) To block all incoming ARP requests
B) To detect unusual ARP traffic patterns
C) To encrypt ARP packets
D) To disable ARP on enterprise networks
β
Answer: B) To detect unusual ARP traffic patterns
π‘ Explanation: IDS solutions monitor ARP traffic for suspicious duplicate MAC addresses, which may indicate ARP Spoofing attempts.
97. What type of cyber attack is facilitated by DNS Spoofing?
A) Cross-Site Scripting (XSS)
B) Man-in-the-Middle (MITM)
C) Buffer Overflow
D) SQL Injection
β
Answer: B) Man-in-the-Middle (MITM)
π‘ Explanation: DNS Spoofing redirects victims to attacker-controlled sites, enabling MITM attacks to steal data or inject malware.
98. Which of the following DNS attacks is commonly used in ransomware campaigns?
A) DNS Tunneling
B) DNS Amplification
C) DNS Cache Poisoning
D) DNS Zone Transfer
β
Answer: C) DNS Cache Poisoning
π‘ Explanation: Attackers use DNS Cache Poisoning to redirect users to malicious sites where ransomware can be delivered.
99. What type of ARP message is unsolicited and can be used for both legitimate updates and ARP Spoofing?
A) ARP Probe
B) ARP Reply
C) Gratuitous ARP
D) Reverse ARP
β
Answer: C) Gratuitous ARP
π‘ Explanation: Gratuitous ARP (GARP) updates ARP tables without being requested, but it can be exploited by attackers for ARP Spoofing.
100. What is the primary goal of DNS Sinkholing?
A) To redirect malicious traffic to a controlled environment
B) To encrypt DNS queries
C) To permanently block DNS requests
D) To prevent DNS Spoofing
β
Answer: A) To redirect malicious traffic to a controlled environment
π‘ Explanation: DNS Sinkholes prevent users from reaching malicious sites by redirecting traffic to safe monitoring environments.
101. What is a recommended security measure to protect against ARP Spoofing in corporate networks?
A) Blocking UDP traffic
B) Implementing Static ARP entries
C) Increasing network bandwidth
D) Disabling HTTPS
β
Answer: B) Implementing Static ARP entries
π‘ Explanation: Manually configuring trusted ARP entries prevents attackers from modifying MAC-to-IP mappings via ARP Spoofing.
102. What kind of DNS record can attackers manipulate in DNS Spoofing to redirect users to a fake website?
A) TXT
B) A
C) MX
D) SPF
β
Answer: B) A
π‘ Explanation: The A (Address) record maps domain names to IP addresses, making it a primary target for DNS Spoofing attacks.
103. What is a common effect of an ARP Spoofing attack on a large enterprise network?
A) All employees receive phishing emails
B) Network performance degradation due to rerouted traffic
C) The DNS server becomes inaccessible
D) The firewall blocks all internet connections
β
Answer: B) Network performance degradation due to rerouted traffic
π‘ Explanation: ARP Spoofing can redirect large amounts of network traffic, causing latency, dropped connections, or packet loss.
104. What command in Windows can display the ARP table to check for ARP Spoofing?
A) ipconfig /flushdns
B) arp -a
C) tracert
D) netstat -an
β
Answer: B) arp -a
π‘ Explanation: The arp -a command lists current ARP cache entries, useful for detecting duplicate IP-to-MAC mappings.
105. Which of the following is a key limitation of DNSSEC?
A) It increases DNS resolution times
B) It cannot encrypt DNS queries
C) It only works for internal networks
D) It requires disabling firewalls
β
Answer: B) It cannot encrypt DNS queries
π‘ Explanation: DNSSEC verifies DNS records using cryptographic signatures but does not encrypt DNS queries, unlike DoH.
106. How does a network administrator detect DNS Cache Poisoning?
A) By analyzing DNS traffic logs for unusual domain resolutions
B) By disabling DHCP
C) By using ARP Spoofing detection tools
D) By blocking all HTTP traffic
β
Answer: A) By analyzing DNS traffic logs for unusual domain resolutions
π‘ Explanation: DNS logs can reveal unexpected domain resolutions, indicating a Cache Poisoning attack.
107. What is an effective way to mitigate ARP Spoofing on a network?
A) Deploying Dynamic ARP Inspection (DAI)
B) Disabling DNS resolution
C) Using MAC flooding techniques
D) Blocking all ARP requests
β
Answer: A) Deploying Dynamic ARP Inspection (DAI)
π‘ Explanation: DAI verifies ARP packets, ensuring that only trusted MAC-to-IP mappings are accepted.
108. Which type of network devices are most vulnerable to ARP Spoofing attacks?
A) Layer 2 switches and routers
B) Web application firewalls
C) Cloud storage servers
D) Encrypted VPN gateways
β
Answer: A) Layer 2 switches and routers
π‘ Explanation: Layer 2 switches and routers rely on ARP for MAC-to-IP mappings, making them susceptible to ARP Spoofing attacks if not secured properly.
109. What is the purpose of an ARP Spoofing attack in a corporate network?
A) To allow remote execution of JavaScript payloads
B) To disrupt network connectivity between clients and servers
C) To modify the default gatewayβs MAC address
D) To steal or intercept sensitive data through MITM attacks
β
Answer: D) To steal or intercept sensitive data through MITM attacks
π‘ Explanation: Attackers use ARP Spoofing to position themselves as an intermediary, enabling data interception and manipulation.
110. How can an attacker maintain persistence after successfully performing DNS Cache Poisoning?
A) By increasing the TTL (Time-To-Live) of the poisoned DNS records
B) By modifying the MAC address of the target system
C) By continuously sending fake ARP requests
D) By enabling two-factor authentication on the DNS server
β
Answer: A) By increasing the TTL (Time-To-Live) of the poisoned DNS records
π‘ Explanation: Increasing the TTL value of a spoofed DNS entry ensures that it remains cached for a longer period, prolonging the attack.
111. Which security tool can actively block ARP Spoofing attempts in real time?
A) Snort
B) Aircrack-ng
C) Arpwatch
D) Nikto
β
Answer: C) Arpwatch
π‘ Explanation: Arpwatch is a network monitoring tool that logs and alerts on ARP changes, helping to detect and block ARP Spoofing attacks.
112. What is a rogue DNS server, and how is it used in DNS Spoofing?
A) A DNS server that logs all user activities for monitoring
B) A DNS server controlled by an attacker to return malicious IP addresses
C) A high-speed DNS resolver that speeds up browsing
D) A backup DNS server used for failover protection
β
Answer: B) A DNS server controlled by an attacker to return malicious IP addresses
π‘ Explanation: A rogue DNS server is an attacker-controlled DNS server that resolves domain names to malicious IP addresses, tricking users into visiting fake websites.
113. How does an attacker use ARP Spoofing to evade detection in a network?
A) By using proxy chaining to redirect ARP requests
B) By sending slow ARP replies over time instead of rapid flooding
C) By modifying the encryption keys used in SSL traffic
D) By blocking legitimate DNS queries
β
Answer: B) By sending slow ARP replies over time instead of rapid flooding
π‘ Explanation: Sending ARP replies slowly instead of in large bursts helps avoid detection by IDS/IPS systems, making the attack more stealthy.
114. What kind of cyber threat is DNS Tunneling?
A) A method for encrypting DNS traffic
B) A technique for exfiltrating data by encoding it in DNS queries
C) A firewall bypass mechanism for HTTP traffic
D) A way to securely transfer large files over DNS
β
Answer: B) A technique for exfiltrating data by encoding it in DNS queries
π‘ Explanation: DNS Tunneling encodes malicious traffic inside DNS queries, allowing attackers to bypass security filters and exfiltrate data.
115. Which technique can help prevent DNS Cache Poisoning on an enterprise network?
A) Using only UDP-based DNS queries
B) Implementing DNSSEC to authenticate responses
C) Reducing the TTL of all DNS records
D) Blocking ARP requests from unknown devices
β
Answer: B) Implementing DNSSEC to authenticate responses
π‘ Explanation: DNSSEC (Domain Name System Security Extensions) uses digital signatures to ensure DNS responses are authentic and untampered.
116. How does Dynamic ARP Inspection (DAI) mitigate ARP Spoofing?
A) It blocks all unauthorized DNS queries
B) It requires each ARP request to be validated against a trusted MAC-IP binding database
C) It prevents devices from receiving ARP replies from unknown hosts
D) It encrypts ARP requests and responses
β
Answer: B) It requires each ARP request to be validated against a trusted MAC-IP binding database
π‘ Explanation: Dynamic ARP Inspection (DAI) verifies ARP packets against a trusted MAC-IP database, preventing unauthorized ARP modifications.
117. What is the primary goal of an ARP Spoofing attack in a financial institution?
A) To inject fake digital signatures into SSL traffic
B) To modify firewall policies in real-time
C) To intercept and manipulate online banking transactions
D) To block all VoIP communications
β
Answer: C) To intercept and manipulate online banking transactions
π‘ Explanation: Attackers use ARP Spoofing to position themselves between banking users and their servers, allowing them to steal credentials or modify transactions.
118. What is one way to detect a DNS Spoofing attack on a local machine?
A) Checking if the system is issuing unusual ICMP echo requests
B) Manually verifying the resolved IP address of a trusted domain
C) Disabling HTTP traffic entirely
D) Running a brute-force attack on the local ARP table
β
Answer: B) Manually verifying the resolved IP address of a trusted domain
π‘ Explanation: If a trusted domain (e.g., google.com) resolves to an unfamiliar IP address, it may indicate DNS Spoofing.
119. Why does DNS use UDP for most queries instead of TCP?
A) UDP ensures DNS responses are encrypted by default
B) UDP allows for faster resolution times compared to TCP
C) UDP prevents DNS Spoofing better than TCP
D) UDP requires less authentication, making DNS more secure
β
Answer: B) UDP allows for faster resolution times compared to TCP
π‘ Explanation: DNS relies on speed, and UDP provides faster resolution times compared to TCP, making it the preferred choice for most queries.
120. What is a common sign that a corporate network is experiencing a DNS Spoofing attack?
A) Slow internet speeds affecting all employees
B) Multiple users reporting redirections to suspicious websites
C) An increase in ICMP traffic from external sources
D) The firewall automatically blocking all HTTP requests
β
Answer: B) Multiple users reporting redirections to suspicious websites
π‘ Explanation: If multiple users unexpectedly land on malicious or phishing websites, it may indicate a DNS Spoofing attack on the network.
121. What happens if an attacker successfully poisons the ARP table of a DHCP server?
A) The attacker gains control over DNS resolution for the entire network
B) The attacker can intercept all traffic destined for the DHCP server
C) The network switches automatically reset
D) The firewall blocks all incoming ARP packets
β
Answer: B) The attacker can intercept all traffic destined for the DHCP server
π‘ Explanation: If a DHCP server’s ARP table is poisoned, clients may send traffic through the attacker, allowing MITM attacks.
122. What security feature in switches helps mitigate ARP Spoofing?
A) Port Security
B) MAC Filtering
C) Static Routing
D) VLAN Tagging
β
Answer: A) Port Security
π‘ Explanation: Port Security limits the number of MAC addresses per switch port, preventing unauthorized devices from participating in ARP Spoofing attacks.
123. What is the function of the “ip neigh flush all” command in Linux?
A) Flushes all DNS cache entries
B) Clears the ARP cache
C) Blocks all ARP replies
D) Deletes the system’s IP address
β
Answer: B) Clears the ARP cache
π‘ Explanation: Running ip neigh flush all clears the ARP cache, which can be useful in detecting and removing ARP Spoofing effects.
124. What is a sign that an organizationβs DNS server has been compromised by a DNS Spoofing attack?
A) Employees report being unable to access the internet
B) Websites resolve to incorrect or malicious IP addresses
C) Network speeds suddenly increase
D) The firewall automatically blocks HTTP traffic
β
Answer: B) Websites resolve to incorrect or malicious IP addresses
π‘ Explanation: If DNS responses provide incorrect or malicious IP addresses, it indicates that DNS Spoofing has occurred.
125. What is a primary difference between ARP Spoofing and DNS Spoofing?
A) ARP Spoofing affects MAC-to-IP mapping, while DNS Spoofing affects domain resolution
B) ARP Spoofing requires access to DNS servers
C) DNS Spoofing can only be performed in local networks
D) ARP Spoofing is not used in MITM attacks
β
Answer: A) ARP Spoofing affects MAC-to-IP mapping, while DNS Spoofing affects domain resolution
π‘ Explanation: ARP Spoofing manipulates local network traffic, while DNS Spoofing redirects domain queries to malicious servers.
126. How does an attacker use ARP Spoofing to bypass network segmentation?
A) By sending malformed TCP packets
B) By manipulating VLAN tagging
C) By spoofing MAC addresses to appear as a trusted device
D) By forcing the switch into hub mode
β
Answer: C) By spoofing MAC addresses to appear as a trusted device
π‘ Explanation: By imitating a trusted device’s MAC address, an attacker can trick a switch into forwarding restricted traffic to them.
127. What is a potential impact of DNS Spoofing on corporate email security?
A) Emails can be automatically encrypted
B) Phishing emails can appear to be from legitimate sources
C) All outgoing emails are blocked
D) Email servers are forced to use TLS
β
Answer: B) Phishing emails can appear to be from legitimate sources
π‘ Explanation: DNS Spoofing can redirect email domains, making phishing emails appear more convincing and bypassing email security filters.
128. How can attackers use ARP Spoofing to evade detection in an enterprise environment?
A) By modifying TTL values of ARP requests
B) By limiting the rate of ARP replies to avoid detection
C) By encrypting ARP traffic
D) By routing traffic through a VPN
β
Answer: B) By limiting the rate of ARP replies to avoid detection
π‘ Explanation: Sending slow, steady ARP replies instead of flooding makes it harder for IDS systems to detect suspicious activity.
129. Which type of DNS Spoofing attack relies on inserting malicious DNS records into a resolverβs cache?
A) DNS Zone Transfer
B) DNS Cache Poisoning
C) DNS Amplification
D) Reverse DNS Hijacking
β
Answer: B) DNS Cache Poisoning
π‘ Explanation: DNS Cache Poisoning occurs when an attacker injects false DNS responses into a resolverβs cache, leading to redirections.
130. What command is used in Windows to reset the DNS cache?
A) arp -a
B) ipconfig /flushdns
C) netsh winsock reset
D) tracert
β
Answer: B) ipconfig /flushdns
π‘ Explanation: The ipconfig /flushdns command clears the local DNS cache, which can help mitigate DNS Spoofing effects.
131. What is an effective countermeasure against rogue DHCP servers that assist DNS Spoofing?
A) Using DNSSEC
B) Implementing DHCP Snooping
C) Blocking all UDP traffic
D) Disabling ICMP responses
β
Answer: B) Implementing DHCP Snooping
π‘ Explanation: DHCP Snooping prevents unauthorized DHCP servers from assigning malicious DNS settings to clients.
132. Why do attackers prefer using ARP Spoofing in local networks rather than remote attacks?
A) ARP packets are only exchanged within local networks
B) ARP can bypass encryption protocols
C) ARP Spoofing can only target routers
D) Remote networks do not use ARP
β
Answer: A) ARP packets are only exchanged within local networks
π‘ Explanation: ARP is a Layer 2 protocol, meaning it only operates within the same local network and cannot be exploited remotely.
133. Which feature prevents DNS Cache Poisoning by ensuring authenticity of responses?
A) DNSSEC
B) ARP Static Entries
C) ICMP Echo Requests
D) MAC Address Filtering
β
Answer: A) DNSSEC
π‘ Explanation: DNSSEC digitally signs DNS records, ensuring that only legitimate DNS responses are accepted.
134. What is the primary goal of an ARP Spoofing attack targeting a VoIP server?
A) To improve call quality
B) To eavesdrop on or record voice communications
C) To increase network bandwidth
D) To prevent call encryption
β
Answer: B) To eavesdrop on or record voice communications
π‘ Explanation: By intercepting VoIP traffic, attackers can listen to or manipulate calls using ARP Spoofing.
135. What is the role of a DNS Resolver in preventing DNS Spoofing?
A) It blocks all unknown domain queries
B) It applies DNSSEC validation to responses
C) It encrypts all DNS requests
D) It limits the number of DNS queries per user
β
Answer: B) It applies DNSSEC validation to responses
π‘ Explanation: DNS Resolvers can validate signed DNSSEC records, preventing spoofed responses from being accepted.
136. What type of ARP message is used to request a MAC address for a known IP address?
A) ARP Reply
B) Gratuitous ARP
C) ARP Probe
D) ARP Request
β
Answer: D) ARP Request
π‘ Explanation: An ARP Request is sent when a device needs to learn the MAC address of an IP address.
137. Which of the following techniques can help prevent ARP Spoofing in an enterprise environment?
A) Disabling all ARP requests on the network
B) Implementing VLAN segmentation and Dynamic ARP Inspection (DAI)
C) Allowing only one DNS server per network
D) Blocking all UDP traffic on the firewall
β
Answer: B) Implementing VLAN segmentation and Dynamic ARP Inspection (DAI)
π‘ Explanation: VLAN segmentation limits the scope of ARP Spoofing, while DAI verifies ARP packets against trusted MAC-to-IP mappings.
138. What is a major limitation of ARP Spoofing attacks?
A) It can only be performed in IPv6 networks
B) It is only effective within the same local subnet
C) It requires compromising a DNS server
D) It works only with encrypted DNS traffic
β
Answer: B) It is only effective within the same local subnet
π‘ Explanation: Since ARP is a Layer 2 protocol, ARP Spoofing only works within the local network and cannot be used across different subnets.
139. What is one way attackers use ARP Spoofing to escalate network attacks?
A) By using it to gain unauthorized access to a DNS server
B) By modifying the TTL values of ARP packets
C) By tunneling ARP packets over HTTPS
D) By using it as a stepping stone for MITM attacks
β
Answer: D) By using it as a stepping stone for MITM attacks
π‘ Explanation: Attackers use ARP Spoofing to intercept and modify network traffic, which can lead to further attacks like session hijacking, credential theft, and data manipulation.
140. What is a possible result of DNS Spoofing in an IoT (Internet of Things) environment?
A) IoT devices fail to communicate with legitimate servers
B) IoT devices automatically switch to encrypted DNS
C) ARP Spoofing attacks become ineffective
D) The IoT network automatically isolates infected devices
β
Answer: A) IoT devices fail to communicate with legitimate servers
π‘ Explanation: If an IoT device relies on DNS to reach cloud-based services, DNS Spoofing can redirect it to a malicious server, leading to service disruption or compromise.
141. What makes DNS Cache Poisoning particularly dangerous?
A) It is permanent and cannot be removed
B) It can affect multiple users without requiring direct access to their devices
C) It is only effective on encrypted networks
D) It prevents all internet traffic from reaching external sites
β
Answer: B) It can affect multiple users without requiring direct access to their devices
π‘ Explanation: Once a DNS resolver caches a poisoned entry, all users relying on that resolver are affected, even if their own systems are secure.
142. What happens if an attacker spoofs the ARP entry for a corporate email server?
A) Employees’ emails are rerouted to the attacker
B) The server encrypts all outgoing emails
C) DNSSEC prevents the attack from succeeding
D) The email server switches to a different protocol
β
Answer: A) Employees’ emails are rerouted to the attacker
π‘ Explanation: If an attacker ARP Spoofs a mail server, they can intercept, read, or modify email messages before forwarding them to the real destination.
143. How does a network administrator detect DNS Cache Poisoning?
A) By comparing DNS query results with authoritative name servers
B) By running a brute-force attack on the DNS server
C) By disabling all UDP traffic
D) By increasing the TTL value of DNS records
β
Answer: A) By comparing DNS query results with authoritative name servers
π‘ Explanation: If a resolver provides different results than an authoritative name server, it may indicate that the DNS cache has been poisoned.
144. What is the purpose of using an alternate DNS resolver like Google DNS (8.8.8.8) or Cloudflare DNS (1.1.1.1)?
A) To bypass potential DNS Spoofing on a local network
B) To encrypt ARP requests
C) To prevent packet sniffing attacks
D) To disable DNS caching on a system
β
Answer: A) To bypass potential DNS Spoofing on a local network
π‘ Explanation: Using a trusted third-party DNS resolver reduces the risk of relying on a compromised local DNS server that may have been poisoned.
145. How can network administrators prevent DNS Spoofing through rogue DHCP servers?
A) By implementing DHCP Snooping
B) By disabling all DHCP leases
C) By encrypting all DNS queries
D) By using static ARP tables
β
Answer: A) By implementing DHCP Snooping
π‘ Explanation: DHCP Snooping ensures that only trusted DHCP servers can assign IP addresses and DNS settings to clients, preventing rogue servers from injecting malicious entries.
146. What is a sign that a network is experiencing a DNS Spoofing attack?
A) All web traffic is automatically redirected to an attacker-controlled site
B) Websites load faster than usual
C) Internet access speeds increase significantly
D) Users receive CAPTCHA challenges on all websites
β
Answer: A) All web traffic is automatically redirected to an attacker-controlled site
π‘ Explanation: A common indicator of DNS Spoofing is users being redirected to fraudulent versions of legitimate websites without their knowledge.
147. Which feature of DNSSEC ensures that only legitimate DNS records are used?
A) Digital signatures
B) ARP filtering
C) DNS over ICMP
D) Firewall NAT policies
β
Answer: A) Digital signatures
π‘ Explanation: DNSSEC uses cryptographic signatures to authenticate DNS records, ensuring they have not been tampered with.
148. What happens when an attacker successfully ARP Spoofs the default gateway on a network?
A) All network traffic from the subnet passes through the attacker
B) The router blocks all ARP packets
C) Only HTTP traffic is affected
D) The attack has no effect on the network
β
Answer: A) All network traffic from the subnet passes through the attacker
π‘ Explanation: By spoofing the gateway, an attacker intercepts all outgoing traffic, allowing for complete MITM attacks.
149. Why is ARP Spoofing often used in conjunction with SSL Strip attacks?
A) To downgrade HTTPS connections to HTTP and capture plaintext credentials
B) To speed up network traffic
C) To disable DNSSEC validation
D) To force DNS resolvers to use static IPs
β
Answer: A) To downgrade HTTPS connections to HTTP and capture plaintext credentials
π‘ Explanation: SSL Strip removes HTTPS encryption, allowing attackers to intercept sensitive information in plaintext.
150. What is the best way to protect against both ARP Spoofing and DNS Spoofing?
A) Use encrypted protocols and implement strong network monitoring tools
B) Block all outgoing UDP traffic
C) Disable all ARP functionality
D) Only allow DNS requests from a single client machine
β
Answer: A) Use encrypted protocols and implement strong network monitoring tools
π‘ Explanation: Combining encryption (HTTPS, DNSSEC, DoH) with monitoring tools (DAI, IDS, DHCP Snooping) provides comprehensive protection against ARP and DNS Spoofing.
151. Which of the following can be used to verify if a network is experiencing an ARP Spoofing attack?
A) Checking for duplicate MAC addresses assigned to different IPs in the ARP table
B) Running a speed test on the network
C) Monitoring TCP handshake failures
D) Disabling DNS resolution on the firewall
β
Answer: A) Checking for duplicate MAC addresses assigned to different IPs in the ARP table
π‘ Explanation: ARP Spoofing often results in multiple IP addresses mapping to the same MAC address, which is a strong indication of an attack.
152. How can DNS Cache Poisoning be mitigated in a corporate environment?
A) By using DNSSEC to validate responses
B) By disabling all outgoing DNS queries
C) By forcing DNS queries to resolve only through TCP
D) By limiting ARP request packets
β
Answer: A) By using DNSSEC to validate responses
π‘ Explanation: DNSSEC (Domain Name System Security Extensions) ensures that DNS responses are cryptographically signed, preventing attackers from injecting fake records.
153. Which of the following is NOT a common technique used to carry out ARP Spoofing?
A) Sending gratuitous ARP responses
B) Injecting fake ARP replies
C) Manipulating TTL values in ARP requests
D) Using ARP cache poisoning tools
β
Answer: C) Manipulating TTL values in ARP requests
π‘ Explanation: TTL values are associated with DNS and IP packets, not ARP. ARP Spoofing works by sending false ARP replies, not by modifying TTL values.
154. What is a common symptom of an ongoing DNS Spoofing attack?
A) Users are redirected to fake websites despite typing correct URLs
B) Websites take longer to load but resolve correctly
C) The browser starts automatically encrypting DNS requests
D) DNS query failures occur at a higher frequency
β
Answer: A) Users are redirected to fake websites despite typing correct URLs
π‘ Explanation: DNS Spoofing misdirects users to malicious sites by altering DNS resolutions, often leading to phishing or malware injection.
155. What does an attacker typically achieve by ARP Spoofing a VPN gateway?
A) Decrypting and intercepting VPN traffic before encryption
B) Forcing all VPN traffic to bypass encryption
C) Blocking VPN connections for all users
D) Causing the VPN to switch to an alternative protocol
β
Answer: A) Decrypting and intercepting VPN traffic before encryption
π‘ Explanation: If an attacker ARP Spoofs the VPN gateway, they can capture traffic before it is encrypted, making it possible to intercept sensitive information.
156. Which command can be used in Linux to add a static ARP entry, preventing ARP Spoofing?
A) ipconfig /flushdns
B) arp -s <IP> <MAC>
C) netstat -r
D) tracert -arp
β
Answer: B) arp -s <IP> <MAC>
π‘ Explanation: Setting static ARP entries ensures that only trusted MAC addresses are associated with specific IP addresses, preventing ARP Spoofing.
157. What is a limitation of DNS Spoofing compared to ARP Spoofing?
A) DNS Spoofing only works when the attacker has physical access to the network
B) DNS Spoofing does not affect encrypted HTTPS websites
C) DNS Spoofing requires poisoning a resolverβs cache, while ARP Spoofing can be immediate
D) DNS Spoofing only affects the local subnet
β
Answer: C) DNS Spoofing requires poisoning a resolverβs cache, while ARP Spoofing can be immediate
π‘ Explanation: DNS Spoofing typically requires poisoning a DNS cache and waiting for it to be used, whereas ARP Spoofing takes effect immediately after sending forged ARP replies.
158. What is the role of an authoritative DNS server in DNS resolution?
A) It provides the final answer for a domain name query
B) It encrypts all DNS requests by default
C) It blocks all unauthorized DNS queries
D) It dynamically updates all DNS records every second
β
Answer: A) It provides the final answer for a domain name query
π‘ Explanation: Authoritative DNS servers store and provide official DNS records for domain names, ensuring accurate resolution.
159. How can ARP Spoofing be used in ransomware attacks?
A) By injecting ransomware payloads into DNS responses
B) By redirecting victims to malicious websites that distribute ransomware
C) By forcing encryption keys to be stored on attacker-controlled devices
D) By modifying Windows registry keys through ARP packets
β
Answer: B) By redirecting victims to malicious websites that distribute ransomware
π‘ Explanation: Attackers can use ARP Spoofing to redirect users to fake websites hosting ransomware, leading to infection and system compromise.
160. How does a DNS Resolver help mitigate DNS Spoofing?
A) By comparing responses with multiple authoritative sources
B) By disabling caching for all DNS queries
C) By encrypting DNS queries using ARP requests
D) By ensuring that only TCP is used for DNS queries
β
Answer: A) By comparing responses with multiple authoritative sources
π‘ Explanation: Secure DNS resolvers can verify responses against authoritative servers, preventing forged responses from being cached.
161. What tool can help detect ARP Spoofing by alerting when MAC addresses change frequently?
A) Netcat
B) Arpwatch
C) Burp Suite
D) Hydra
β
Answer: B) Arpwatch
π‘ Explanation: Arpwatch monitors ARP traffic and logs changes in MAC-IP mappings, helping detect ARP Spoofing attacks.
162. What kind of ARP Spoofing attack is used to perform DoS (Denial-of-Service)?
A) Flooding the target with excessive ARP replies
B) Modifying firewall policies to block all ARP packets
C) Poisoning only broadcast ARP requests
D) Encrypting ARP responses to make them unreadable
β
Answer: A) Flooding the target with excessive ARP replies
π‘ Explanation: Flooding a device with fake ARP replies can overwhelm its ARP cache, leading to connectivity issues and denial-of-service.
163. How does DNS over HTTPS (DoH) protect against DNS Spoofing?
A) By encrypting DNS queries to prevent interception and modification
B) By automatically blocking all unauthorized DNS resolvers
C) By disabling ARP cache poisoning
D) By preventing changes to DNS TTL values
β
Answer: A) By encrypting DNS queries to prevent interception and modification
π‘ Explanation: DoH encrypts DNS traffic, making it difficult for attackers to spoof or tamper with DNS responses.
164. Which network layer does ARP Spoofing exploit?
A) Application Layer
B) Network Layer
C) Transport Layer
D) Data Link Layer
β
Answer: D) Data Link Layer
π‘ Explanation: ARP operates at the Data Link Layer (Layer 2), mapping MAC addresses to IP addresses, making it susceptible to spoofing.
165. How can attackers use ARP Spoofing to compromise a Wi-Fi network?
A) By intercepting data between clients and the router
B) By changing the Wi-Fi SSID name
C) By disabling the Wi-Fi password
D) By forcing devices to reconnect to a different DNS server
β
Answer: A) By intercepting data between clients and the router
π‘ Explanation: By spoofing the routerβs MAC address, attackers can position themselves as an intermediary and capture all traffic between Wi-Fi clients and the gateway.
166. How does an attacker perform ARP Spoofing in a network with multiple VLANs?
A) By injecting ARP requests across VLANs
B) By using VLAN hopping techniques to bypass segmentation
C) By modifying firewall settings on the router
D) By encrypting ARP packets to confuse the network
β
Answer: B) By using VLAN hopping techniques to bypass segmentation
π‘ Explanation: Attackers may use VLAN hopping techniques, such as double tagging, to extend ARP Spoofing across different VLANs.
167. What makes DNSSEC effective against DNS Spoofing?
A) It prevents all DNS queries from being modified
B) It uses cryptographic signatures to verify DNS responses
C) It blocks unauthorized DNS resolvers
D) It forces DNS resolution over HTTPS
β
Answer: B) It uses cryptographic signatures to verify DNS responses
π‘ Explanation: DNSSEC ensures that only digitally signed and authenticated DNS responses are accepted, preventing spoofed DNS entries.
168. How can a compromised DNS server contribute to phishing attacks?
A) By resolving legitimate domains to attacker-controlled IP addresses
B) By blocking all outgoing DNS queries
C) By encrypting DNS responses to legitimate websites
D) By forcing clients to use TCP for DNS resolution
β
Answer: A) By resolving legitimate domains to attacker-controlled IP addresses
π‘ Explanation: If an attacker modifies a DNS serverβs records, they can redirect users to malicious phishing sites impersonating legitimate services.
169. What is the impact of ARP Spoofing on network performance?
A) It can cause network congestion due to excessive ARP traffic
B) It speeds up network resolution time
C) It automatically blocks unauthorized DNS queries
D) It disables all firewall rules
β
Answer: A) It can cause network congestion due to excessive ARP traffic
π‘ Explanation: Frequent ARP replies from an attacker can overwhelm the network and slow down communication between devices.
170. What tool can be used to monitor and alert on changes in ARP tables?
A) Arpwatch
B) Hydra
C) SQLmap
D) Nikto
β
Answer: A) Arpwatch
π‘ Explanation: Arpwatch monitors ARP traffic and detects suspicious changes, such as unexpected MAC address modifications, which may indicate ARP Spoofing.
171. How can an organization prevent employees from falling victim to DNS Spoofing?
A) By using only trusted public DNS resolvers with DNSSEC
B) By blocking all ICMP packets on the network
C) By disabling DHCP on all client devices
D) By allowing only one device per IP address
β
Answer: A) By using only trusted public DNS resolvers with DNSSEC
π‘ Explanation: Using DNSSEC-protected DNS servers prevents employees from resolving fake DNS responses injected by attackers.
172. How can an attacker persistently maintain control over a poisoned DNS cache?
A) By repeatedly injecting spoofed DNS responses before the TTL expires
B) By modifying the ARP cache
C) By disabling the firewall on the DNS server
D) By blocking DNSSEC validation
β
Answer: A) By repeatedly injecting spoofed DNS responses before the TTL expires
π‘ Explanation: If an attacker continues injecting fake DNS records before the TTL expires, they can prolong their control over the poisoned cache.
173. What is one advantage of using DoH (DNS over HTTPS) over traditional DNS?
A) It encrypts DNS queries, making them harder to intercept and modify
B) It allows ARP Spoofing to be performed over the internet
C) It increases the TTL value for all DNS queries
D) It forces DNS resolution through the same MAC address each time
β
Answer: A) It encrypts DNS queries, making them harder to intercept and modify
π‘ Explanation: DoH prevents attackers from viewing or modifying DNS queries by encrypting them using HTTPS.
174. Which security mechanism prevents unauthorized DHCP servers from distributing fake DNS settings?
A) DHCP Snooping
B) ARP Spoofing Detection
C) DNSSEC
D) MAC Flooding
β
Answer: A) DHCP Snooping
π‘ Explanation: DHCP Snooping ensures that only authorized DHCP servers can assign network configurations, preventing rogue DHCP-based DNS Spoofing.
175. How can an attacker use ARP Spoofing to compromise two-way SSL/TLS communication?
A) By intercepting and stripping encryption using an SSL downgrade attack
B) By modifying the MAC addresses of all SSL packets
C) By inserting additional TLS packets into the communication stream
D) By forcing all SSL traffic to reroute through a VPN
β
Answer: A) By intercepting and stripping encryption using an SSL downgrade attack
π‘ Explanation: Attackers can use ARP Spoofing to launch an SSL Strip attack, forcing encrypted traffic to downgrade to HTTP, making it readable.
176. What does an attacker achieve by performing a DNS Hijacking attack?
A) Permanent redirection of domain queries to malicious servers
B) Temporary loss of network connectivity
C) Faster DNS resolution time
D) Blocking all HTTP traffic from a target network
β
Answer: A) Permanent redirection of domain queries to malicious servers
π‘ Explanation: DNS Hijacking modifies DNS configurations at the router or ISP level, ensuring that users are always redirected to attacker-controlled sites.
177. Which of the following makes ARP Spoofing possible in modern networks?
A) ARP does not authenticate responses
B) ARP packets are always encrypted by default
C) Firewalls automatically block all ARP requests
D) MAC addresses are randomly generated for every device
β
Answer: A) ARP does not authenticate responses
π‘ Explanation: Since ARP lacks authentication, any device can send a forged ARP reply, leading to ARP Spoofing attacks.
178. How does a DNS Sinkhole mitigate the impact of DNS Spoofing?
A) By redirecting malicious DNS requests to a controlled and monitored IP
B) By blocking all DNS traffic except from pre-approved domains
C) By encrypting DNS queries using ARP requests
D) By reducing TTL values for all DNS records
β
Answer: A) By redirecting malicious DNS requests to a controlled and monitored IP
π‘ Explanation: DNS Sinkholes redirect infected machines to a safe monitoring environment instead of allowing them to access malicious domains.
179. What happens if an attacker spoofs the ARP table of a networkβs default gateway?
A) All outbound traffic is sent through the attackerβs machine
B) The gateway becomes inaccessible to all users
C) DNS Spoofing is automatically activated
D) The attack is immediately blocked by all routers
β
Answer: A) All outbound traffic is sent through the attackerβs machine
π‘ Explanation: By spoofing the default gateway, the attacker intercepts and controls all traffic exiting the local network.
180. What is the primary risk of allowing open resolvers in a DNS network?
A) They can be abused for DNS Amplification attacks
B) They automatically disable encryption on DNS queries
C) They force all DNS queries to resolve using TCP
D) They prevent ARP Spoofing from occurring
β
Answer: A) They can be abused for DNS Amplification attacks
π‘ Explanation: Open DNS resolvers can be used in large-scale DDoS attacks where small queries generate massive responses to flood a target system.
181. Which tool is commonly used to conduct ARP Spoofing attacks?
A) Bettercap
B) SQLmap
C) Nikto
D) John the Ripper
β
Answer: A) Bettercap
π‘ Explanation: Bettercap is a powerful network attack tool that can perform ARP Spoofing, MITM attacks, and network sniffing.
182. What is a major risk of DNS Spoofing on public Wi-Fi networks?
A) Users may be redirected to malicious websites controlled by attackers
B) The Wi-Fi signal strength will decrease
C) Only HTTP traffic will be affected
D) Firewalls automatically detect and block the attack
β
Answer: A) Users may be redirected to malicious websites controlled by attackers
π‘ Explanation: Attackers can spoof DNS responses on public Wi-Fi networks to redirect users to phishing sites that steal credentials.
183. How does Dynamic ARP Inspection (DAI) help prevent ARP Spoofing?
A) It verifies ARP packets against a trusted MAC-to-IP mapping database
B) It blocks all ARP packets from unknown sources
C) It encrypts all ARP requests and responses
D) It allows only DNS traffic on the network
β
Answer: A) It verifies ARP packets against a trusted MAC-to-IP mapping database
π‘ Explanation: DAI prevents ARP Spoofing by ensuring that only valid MAC-to-IP mappings are used within the network.
184. What type of DNS attack involves injecting malicious DNS records at the ISP level?
A) DNS Hijacking
B) DNS Amplification
C) DNS Rebinding
D) ARP Cache Poisoning
β
Answer: A) DNS Hijacking
π‘ Explanation: DNS Hijacking occurs when an attacker manipulates DNS settings at the ISP level, redirecting users to malicious sites.
185. Which protocol can replace ARP to enhance security in IPv6 networks?
A) OSPF
B) BGP
C) NDP (Neighbor Discovery Protocol)
D) DHCP
β
Answer: C) NDP (Neighbor Discovery Protocol)
π‘ Explanation: IPv6 networks use NDP instead of ARP, and Secure Neighbor Discovery (SEND) can provide authentication to prevent spoofing attacks.
186. What is a primary security concern when using open DNS resolvers?
A) They can be exploited for DNS Amplification attacks
B) They force all DNS queries to be encrypted
C) They prevent ARP Spoofing attacks from occurring
D) They automatically change TTL values for all domains
β
Answer: A) They can be exploited for DNS Amplification attacks
π‘ Explanation: Open DNS resolvers are often abused in DNS-based DDoS attacks, where small queries generate large responses to flood a target system.
187. What type of attack can be conducted by an attacker who successfully performs ARP Spoofing on a banking website?
A) Man-in-the-Middle (MITM) attack to steal credentials
B) SQL Injection
C) Buffer Overflow
D) HTTP Verb Tampering
β
Answer: A) Man-in-the-Middle (MITM) attack to steal credentials
π‘ Explanation: By using ARP Spoofing, an attacker can intercept sensitive banking credentials before they reach the legitimate server.
188. How does DNS Spoofing enable malware distribution?
A) By redirecting users to fake software update pages
B) By modifying firewall rules
C) By disabling ARP caching
D) By encrypting DNS responses
β
Answer: A) By redirecting users to fake software update pages
π‘ Explanation: Attackers use DNS Spoofing to send users to malicious sites that mimic software update pages and trick them into downloading malware.
189. What is the primary risk of using unencrypted DNS queries?
A) Attackers can intercept and modify DNS responses
B) The DNS resolver will block all unauthorized queries
C) Only HTTP traffic is affected
D) DNSSEC cannot be enabled
β
Answer: A) Attackers can intercept and modify DNS responses
π‘ Explanation: Without encryption, DNS queries can be manipulated by attackers, leading to DNS Spoofing and redirection to malicious sites.
190. How does MAC Address Filtering help mitigate ARP Spoofing?
A) It restricts network access to specific MAC addresses
B) It encrypts ARP packets
C) It disables all ARP requests from unknown devices
D) It forces all ARP queries to resolve through a DNS server
β
Answer: A) It restricts network access to specific MAC addresses
π‘ Explanation: MAC Address Filtering allows only trusted devices to communicate on a network, reducing the risk of ARP Spoofing attacks.
191. What is the purpose of a DNS Resolver Cache?
A) To speed up DNS query resolution
B) To encrypt all DNS requests
C) To block all unauthorized DNS requests
D) To replace the function of an authoritative DNS server
β
Answer: A) To speed up DNS query resolution
π‘ Explanation: A DNS Resolver Cache stores recent DNS lookups to improve response times and reduce redundant queries to upstream servers.
192. What makes ARP Spoofing an effective attack?
A) ARP does not require authentication
B) ARP packets are always encrypted
C) Firewalls automatically block ARP traffic
D) DNSSEC prevents ARP Spoofing
β
Answer: A) ARP does not require authentication
π‘ Explanation: Since ARP lacks authentication, any device can send spoofed ARP replies, making ARP Spoofing possible.
193. What attack vector is often combined with ARP Spoofing to steal login credentials?
A) SSL Strip
B) SQL Injection
C) Directory Traversal
D) DNS Amplification
β
Answer: A) SSL Strip
π‘ Explanation: SSL Strip downgrades HTTPS connections to HTTP, allowing attackers to capture credentials in plaintext.
194. What type of DNS attack allows an attacker to control internal network resources by exploiting the same-origin policy?
A) DNS Rebinding
B) DNS Amplification
C) DNS Cache Poisoning
D) ARP Spoofing
β
Answer: A) DNS Rebinding
π‘ Explanation: DNS Rebinding allows attackers to bypass the same-origin policy and access internal network resources via malicious JavaScript.
195. What is the primary purpose of using a VPN against ARP Spoofing?
A) To encrypt network traffic, preventing packet interception
B) To disable all ARP responses
C) To block all incoming UDP packets
D) To force DNS queries to use TCP
β
Answer: A) To encrypt network traffic, preventing packet interception
π‘ Explanation: A VPN encrypts all network traffic, making it unreadable even if an attacker successfully performs ARP Spoofing.
196. What happens when a victim device receives a spoofed ARP response?
A) It updates its ARP cache with the attacker’s MAC address
B) It automatically encrypts the ARP request
C) It blocks all DNS requests
D) It logs out of all active sessions
β
Answer: A) It updates its ARP cache with the attacker’s MAC address
π‘ Explanation: When a device receives a spoofed ARP reply, it updates its ARP table with the attacker’s MAC address, allowing for MITM attacks.
197. What is the most effective way to detect ARP Spoofing in real-time?
A) Using an Intrusion Detection System (IDS) to monitor ARP traffic
B) Blocking all UDP traffic on the network
C) Disabling all DHCP services
D) Forcing all devices to use a single MAC address
β
Answer: A) Using an Intrusion Detection System (IDS) to monitor ARP traffic
π‘ Explanation: An IDS like Snort can detect unusual ARP activity, such as multiple IP addresses resolving to the same MAC address, indicating ARP Spoofing.
198. What is one way DNS Spoofing can be used to defeat two-factor authentication (2FA)?
A) Redirecting users to a fake login page to capture both credentials and OTPs
B) Automatically logging users out of their accounts
C) Blocking DNS requests from authentication servers
D) Encrypting DNS queries to prevent 2FA requests
β
Answer: A) Redirecting users to a fake login page to capture both credentials and OTPs
π‘ Explanation: Attackers can use DNS Spoofing to redirect users to a phishing page that mimics a legitimate site, tricking them into entering their login credentials and OTPs.
199. Why do security experts recommend using DNSSEC even though it does not encrypt DNS traffic?
A) Because it ensures the authenticity of DNS responses
B) Because it blocks all unauthorized DNS queries
C) Because it replaces ARP with a more secure protocol
D) Because it forces DNS queries to be resolved through TCP
β
Answer: A) Because it ensures the authenticity of DNS responses
π‘ Explanation: DNSSEC provides cryptographic verification of DNS responses, ensuring that users receive legitimate DNS records and not fake ones injected by attackers.
200. What type of attack can be prevented by enabling “strict” HTTPS security policies like HSTS (HTTP Strict Transport Security)?
A) SSL Stripping in ARP Spoofing attacks
B) DNS Cache Poisoning
C) MAC Flooding
D) ICMP Redirect Attacks
β
Answer: A) SSL Stripping in ARP Spoofing attacks
π‘ Explanation: HSTS ensures that websites always use HTTPS, preventing attackers from downgrading secure connections to HTTP via SSL Strip in ARP Spoofing attacks.
201. What command in Linux can be used to check for duplicate ARP entries, which may indicate ARP Spoofing?
A) arp -n
B) netstat -tulnp
C) tcpdump -i eth0
D) ipconfig /flushdns
β
Answer: A) arp -n
π‘ Explanation: The arp -n command displays the system’s ARP table, and if multiple IPs are mapped to the same MAC address, it may indicate ARP Spoofing.
202. What role does a firewall play in preventing DNS Spoofing attacks?
A) It can block unauthorized DNS responses from external sources
B) It encrypts all ARP requests
C) It forces all DNS queries to use a single MAC address
D) It increases TTL values for all DNS records
β
Answer: A) It can block unauthorized DNS responses from external sources
π‘ Explanation: Firewalls can be configured to allow DNS responses only from trusted DNS servers, reducing the risk of DNS Spoofing.
203. How can an attacker use ARP Spoofing to bypass multi-factor authentication (MFA) protections?
A) By intercepting and modifying the traffic between the user and authentication server
B) By flooding the target with excessive ARP requests
C) By modifying TTL values in MFA verification packets
D) By using SQL Injection to alter MFA settings
β
Answer: A) By intercepting and modifying the traffic between the user and authentication server
π‘ Explanation: If an attacker successfully performs ARP Spoofing, they can conduct a Man-in-the-Middle (MITM) attack to intercept and manipulate MFA-related traffic.
204. What happens if a device sends an ARP request for an IP address that does not exist on the network?
A) The request goes unanswered, and the device does not receive a MAC address
B) The device assigns itself a random MAC address
C) The network switch sends an ICMP error
D) The request is automatically forwarded to an external DNS resolver
β
Answer: A) The request goes unanswered, and the device does not receive a MAC address
π‘ Explanation: If an IP address does not exist on the network, there is no MAC address to resolve, and the ARP request goes unanswered.
205. What is one way attackers make ARP Spoofing attacks more difficult to detect?
A) By sending ARP replies at a low rate instead of flooding the network
B) By modifying firewall rules to allow all traffic
C) By using DNSSEC to encrypt ARP packets
D) By forcing all ARP queries to be resolved through TCP
β
Answer: A) By sending ARP replies at a low rate instead of flooding the network
π‘ Explanation: By sending ARP Spoofing packets slowly instead of in large bursts, attackers can avoid detection by Intrusion Detection Systems (IDS).