Certified Information Systems Auditor (CISA) — Question 1053

An external attacker spoofing an internal Internet Protocol (IP) address can BEST be detected by which of the following?

Answer options

• A. Comparing the source address to the domain name server (DNS) entry
• B. Using static IP addresses for identification
• C. Using a state table to compare the message states of each packet as it enters the system
• D. Comparing the source address to the interface used as the entry point

Correct answer: D

Explanation

The correct answer is D because comparing the source address to the entry interface helps identify discrepancies that indicate spoofing. Option A is ineffective since DNS entries can also be manipulated. Option B does not address the detection of spoofed addresses directly, and option C, while useful for tracking states, does not specifically target IP address spoofing.