CompTIA PenTest+ (PT0-001) — Question 67

A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?

Answer options

• A. MAC address of the client
• B. MAC address of the domain controller
• C. MAC address of the web server
• D. MAC address of the gateway

Correct answer: D

Explanation

Spoofing the MAC address of the gateway allows the penetration tester to intercept traffic from all devices on the network that communicate with the gateway. In contrast, spoofing the MAC addresses of the client, domain controller, or web server would only capture data specific to those devices, limiting the amount of information gathered.