Q: 3
[Security Concepts]
Which technology should be used to help prevent an attacker from stealing usernames and
passwords of users within an organization?
Options
Discussion
C or D? Seen people get tripped up by this, but IOS zone-based firewalls only let an interface be in one zone at a time. Option D matches what I remember from the config guides, not as flexible as some other firewalls. Correct me if I'm off here.
Option D, Saw similar wording in practice, MFA is what actually stops attackers with stolen credentials from getting in.
Its D. MFA is what actually stops attackers from using stolen credentials, while C just tackles ARP spoofing which isn’t the core issue here. I think some might pick C by mistake but D matches the wording better. Agree?
D imo. C is a classic trap since DAI is about ARP attacks but for preventing actual credential theft, MFA (D) fits better. Seen similar logic on exam reports.
Its D, but if the scenario talked about network sniffing at L2, C would flip to correct.
C/D? C is tempting but it's actually D, since MFA directly addresses credential theft and not just ARP attacks.
I think C since Dynamic ARP Inspection helps block some credential theft by stopping ARP spoofing attacks.
C or D? Dynamic ARP Inspection (C) protects against ARP spoofing, but that won't really stop stolen credentials. MFA (D) actually blocks the use of compromised passwords by requiring a second factor. I think D is more correct but open to another angle.
Guessing D, had something like this in a mock. MFA is what stops stolen credentials from working. Anyone picked C here?
I always thought C made sense since multiple zones might mean more flexibility.
Be respectful. No spam.
