Question 3 - CertNexus ITS-110 Real Exam Questions [Jan 2026 Update]

Q: 3

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

Options

Correct Answer:

Explanation

Network filters that rely on Ethernet burned-in addresses, more commonly known as Media Access Control (MAC) addresses, operate by maintaining an access control list of approved hardware addresses. The fundamental vulnerability of this security measure is that MAC addresses can be easily altered in software. An attacker can monitor network traffic to discover the MAC address of an authorized device and then reconfigure their own network interface to use, or "spoof," that address. This allows the attacker's device to impersonate the legitimate one, thereby bypassing the filter entirely.

Why Incorrect

B. Buffer overflow: This is a software vulnerability where a process overwrites memory boundaries. It is unrelated to bypassing network layer 2 hardware address filters.

C. Packet injection: While an attacker might inject packets after spoofing a MAC address, packet injection itself is a broader attack and not the specific vulnerability of the MAC filter.

D. GPS spoofing: This attack involves broadcasting false GPS signals to deceive location-aware devices. It has no relevance to MAC address-based network access control.

References

1. National Institute of Standards and Technology (NIST). (2012). Guidelines for Securing Wireless Local Area Networks (WLANs) (NIST Special Publication 800-153). Section 4.2.1

"MAC Address Filtering

" states

"However

because MAC addresses are sent in the clear

an attacker can easily spoof the MAC address of an authorized client."

2. Kurose

J. F.

& Ross

K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. In Chapter 8.3

"Securing Wireless LANs

" the text explains that MAC filtering is a weak security measure because "the intruder can learn the MAC addresses of stations that are associated with the AP... and then have his or her station pretend to be one of these stations by spoofing its MAC address."

3. Stallings

W. (2017). Cryptography and Network Security: Principles and Practice (7th ed.). Pearson. Chapter 17

"Wireless Network Security

" discusses the security flaws of early Wi-Fi standards

noting that MAC address filtering is easily defeated by sniffing a valid MAC address and then spoofing it.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE