Certified Ethical Hacker (CEH v12) — Question 208

A large corporate network is being subjected to repeated sniffing attacks. To increase security, the company's IT department decides to implement a combination of several security measures. They permanently add the MAC address of the gateway to the ARP cache, switch to using IPv6 instead of IPv4, implement the use of encrypted sessions such as SSH instead of Telnet, and use Secure File Transfer Protocol instead of FTP. However, they are still faced with the threat of sniffing. Considering the countermeasures, what should be their next step to enhance network security?

Answer options

• A. Use HTTP instead of HTTPS for protecting usernames and passwords
• B. Implement network scanning and monitoring tools
• C. Enable network identification broadcasts
• D. Retrieve MAC addresses from the OS

Correct answer: B

Explanation

The correct answer is B, as implementing network scanning and monitoring tools helps detect and respond to sniffing attacks actively. The other options either suggest insecure practices (like A) or do not directly address the sniffing threat (C and D). Monitoring tools provide real-time visibility into network activity, allowing for quicker mitigation of potential threats.