Exam N10-009 Topic 4 Question 331 Discussion
Actual exam question for CompTIA's N10-009 exam
Question #: 331
Topic #: 4
Question #: 331
Topic #: 4
As part of an attack, a threat actor purposefully overflows the content-addressable memory (CAM) table on a switch. Which of the following types of attacks is this scenario an example of?
Suggested Answer: C Vote an answer
* Definition of MAC Flooding:
* MAC flooding is an attack where a malicious actor sends numerous fake MAC addresses to a switch, overwhelming its CAM table. The CAM table stores MAC addresses and their associated ports for efficient traffic forwarding.
* Impact of MAC Flooding:
* CAM Table Overflow:When the CAM table is full, the switch cannot learn new MAC addresses and is forced to broadcast traffic to all ports, leading to a degraded network performance and potential data interception.
* Switch Behavior:The switch operates in a fail-open mode, treating the network as a hub, which can be exploited for eavesdropping on traffic.
* Comparison with Other Attacks:
* ARP Spoofing:Involves sending false ARP (Address Resolution Protocol) messages to associate the attacker's MAC address with the IP address of another device.
* Evil Twin:Involves creating a rogue wireless access point that mimics a legitimate one to intercept data.
* DNS Poisoning:Involves corrupting the DNS cache with false information to redirect traffic to malicious sites.
* Preventive Measures:
* Port Security:Configure port security on switches to limit the number of MAC addresses per port, preventing CAM table overflow.
* Network Segmentation:Use VLANs to segment network traffic and limit the impact of such attacks.
References:
* CompTIA Network+ study materials on network security threats and mitigation techniques.
* MAC flooding is an attack where a malicious actor sends numerous fake MAC addresses to a switch, overwhelming its CAM table. The CAM table stores MAC addresses and their associated ports for efficient traffic forwarding.
* Impact of MAC Flooding:
* CAM Table Overflow:When the CAM table is full, the switch cannot learn new MAC addresses and is forced to broadcast traffic to all ports, leading to a degraded network performance and potential data interception.
* Switch Behavior:The switch operates in a fail-open mode, treating the network as a hub, which can be exploited for eavesdropping on traffic.
* Comparison with Other Attacks:
* ARP Spoofing:Involves sending false ARP (Address Resolution Protocol) messages to associate the attacker's MAC address with the IP address of another device.
* Evil Twin:Involves creating a rogue wireless access point that mimics a legitimate one to intercept data.
* DNS Poisoning:Involves corrupting the DNS cache with false information to redirect traffic to malicious sites.
* Preventive Measures:
* Port Security:Configure port security on switches to limit the number of MAC addresses per port, preventing CAM table overflow.
* Network Segmentation:Use VLANs to segment network traffic and limit the impact of such attacks.
References:
* CompTIA Network+ study materials on network security threats and mitigation techniques.
by Herbert at Feb 05, 2026, 06:56 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).