EC-Council Certified Security Analyst (ECSA v10) — Question 16

Dale is a network admin working in Zero Faults Inc. Recently the company's network was compromised and is experiencing very unusual traffic. Dale checks for the problem that compromised the network. He performed a penetration test on the network's IDS and identified that an attacker sent spoofed packets to a broadcast address in the network.
Which of the following attacks compromised the network?

Answer options

• A. ARP Spoofing
• B. Amplification attack
• C. MAC Spoofing
• D. Session hijacking

Correct answer: B

Explanation

The correct answer is B, as an amplification attack involves sending a small request that results in a larger response directed at the victim, often using spoofed packets. ARP Spoofing (A) targets address resolution and does not typically involve broadcast addresses. MAC Spoofing (C) alters the hardware address but does not directly cause unusual traffic patterns like amplification attacks. Session hijacking (D) involves taking over an active session rather than generating unusual traffic.