CertNexus Certified Cyber Secure Coder (CSC) — Question 93

An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?

Answer options

• A. Clear the ARP cache on their system.
• B. Enable port mirroring on the switch.
• C. Filter Wireshark to only show ARP traffic.
• D. Configure the network adapter to promiscuous mode.

Correct answer: D

Explanation

Enabling promiscuous mode on the network adapter allows it to capture all traffic on the network segment, not just packets addressed to it. This can help the administrator see ARP requests and responses that may be indicative of ARP poisoning. The other options either limit the traffic captured or do not directly address the need for comprehensive monitoring.