CompTIA PenTest+ (PT0-002) — Question 146

A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache. The attacker machine has the following:

IP Address: 192.168.1.63 -
Physical Address: 60-36-dd-a6-c5-33

Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

Answer options

• A. tcpdump -i eth01 arp and arp[6:2] == 2
• B. arp -s 192.168.1.63 60-36-DD-A6-C5-33
• C. ipconfig /all findstr /v 00-00-00 | findstr Physical
• D. route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1

Correct answer: B

Explanation

The correct answer is B because the 'arp -s' command is specifically used to create a static ARP entry that maps an IP address to a MAC address. Option A is incorrect as it captures ARP packets but does not set a static entry. Option C lists network configuration details without modifying ARP entries, and Option D is related to adding a route, which does not address ARP entries.