10.4.4 Check Your Understanding – MAC Address Table Attacks Answers

1. What is the behavior of a switch as a result of a successful MAC address table attack?

  • The switch will shut down.
  • The switch interfaces will transition to the error-disabled state.
  • The switch will forward all received frames to all other ports within the VLAN.
  • The switch will drop all received frames.

Explanation: A MAC address table attack will fill the MAC address table. When the MAC table is full, the switch begins to flood all the frames that it receives.

2. What would be the primary reason a threat actor would launch a MAC address overflow attack?

  • So that the threat actor can see frames that are destined for other devices.
  • So that the threat actor can execute arbitrary code on the switch.
  • So that the switch stops forwarding traffic.
  • So that legitimate hosts cannot obtain a MAC address.

Explanation: The primary reason a threat actor launches a MAC address table overflow attack is to cause the switch to send all received frames out all ports so that the threat actor can capture the traffic.

3. What mitigation technique must be implemented to prevent MAC address overflow attacks?

  • IPSG
  • DAI
  • Port security
  • DHCP snooping

Explanation: The primary method to mitigate MAC address table attacks is to implement port security.

Notify of

Inline Feedbacks
View all comments