Q: 8
After a security incident, a technician reveals that company data was stolen. During the investigation,
it is discovered that a host disguised itself as a switch. Which of the following best describes the
attack that occurred?
Options
Discussion
A imo. Only VLAN hopping needs the attacker to pretend to be a switch, it's a weird edge scenario you barely see outside exam questions.
A here. Host acting as a switch points straight to VLAN hopping, since that's all about trunk negotiation/tagged frames. ARP spoofing (D) is just about intercepting traffic, not pretending to be a switch. Pretty sure on this but let me know if you see it different.
D or A, honestly tempted to pick D (ARP spoofing) since the attacker stole data and that’s a classic L2 attack, but the switch disguise detail points more to A. Pretty easy trap here for people used to ARP attacks. Disagree?
D tbh, seen similar in some exam reports where ARP spoofing was called out for data interception at Layer 2.
A imo
Nah, D is a trap here. A is correct since only VLAN hopping involves a host pretending to be a switch.
A , saw nearly identical question in a mock last month and it matched VLAN hopping exactly.
I could see why D might trip people up but I’m pretty sure it’s A here.
Nah, not D here. Switching roles is a classic trap since ARP spoofing doesn't require pretending to be a switch. A.
Why do you say D here? Host pretending to be a switch usually hints at VLAN hopping, not ARP.
Be respectful. No spam.
