During a post-incident review, you discover the attacker used ARP cache poisoning on the Layer-2 process network, forcing PLC traffic through a rogue laptop and causing operator HMI timeouts. Management wants a compensating countermeasure that can be rolled out quickly without firmware upgrades or downtime. Which option BEST addresses this specific threat?
Enable SNMPv3 with AES-256 on all devices to encrypt management traffic.
Replace the unmanaged switch with a layer-3 core switch and enable OSPF authentication.
Deploy a vendor host-based intrusion detection agent on each PLC to monitor file integrity.
Configure static ARP entries on critical PLC and HMI interfaces and disable gratuitous ARP processing.
Populating static ARP entries on each critical PLC and HMI binds the correct MAC address to the device IP, so unsolicited or forged ARP replies are discarded and traffic cannot be redirected through a rogue host. The other choices improve overall security but do not directly neutralize ARP spoofing: routing protocol authentication operates at Layer-3, host-based IDS protects files rather than ARP tables, and encrypting SNMP traffic has no effect on address resolution attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ARP cache poisoning?
Open an interactive chat with Bash
How do static ARP entries mitigate ARP spoofing?
Open an interactive chat with Bash
What is the difference between Layer-2 and Layer-3 in networking?
Open an interactive chat with Bash
What is ARP cache poisoning?
Open an interactive chat with Bash
How do static ARP entries prevent ARP cache poisoning?
Open an interactive chat with Bash
Why doesn't SNMPv3 encryption help against ARP spoofing?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Mobile Platform, IoT, and OT Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .