ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
While monitoring a development VLAN, you observe a host periodically sending forged ARP reply packets that associate the database server's IP address with the host's MAC address. Captures show SQL queries being intercepted and modified by that host before reaching the database. Which switch-level control is the most effective countermeasure to stop this man-in-the-middle technique?
Activate BPDU Guard to drop unauthorized spanning-tree frames
Enable Dynamic ARP Inspection (DAI) and rely on DHCP snooping to validate ARP replies
Implement port-mirroring and forward flows to a network IDS
Configure DHCP snooping rate limits on all access ports
The attacker is using ARP spoofing to position itself between the application and database servers, a classic man-in-the-middle tactic. Dynamic ARP Inspection (DAI) leverages information from DHCP snooping to verify that each ARP message matches a known IP-to-MAC binding. Invalid or forged ARP replies are discarded, preventing the attacker from poisoning the ARP cache and interrupting the MITM path. Rate-limiting DHCP traffic, enabling BPDU Guard, or merely mirroring traffic to an IDS do not prevent the malicious ARP updates from being accepted in the first place.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ARP spoofing?
Open an interactive chat with Bash
How does Dynamic ARP Inspection (DAI) work?
Open an interactive chat with Bash
What is the role of DHCP snooping in DAI?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .