Exam 400-101 Question id=738 Infrastructure Security

Which of the following attacks can be mitigated by implementing uRPF?

A. reconnaissance attacks
B. malware attacks
C. IP spoofing attacks
D. man-in-the-middle attacks

IP spoofing attacks can be mitigated by implementing unicast Reverse Path Forwarding (uRPF). uRPF checks the source IP address of a packet to determine whether the packet arrived on the best path back to the source based on routing table information. If the IP address information is spoofed, the uRPF check will fail and the packet will be dropped. Therefore, uRPF can be implemented to prevent spoofing attacks, such as Denial of Service (DoS), smurf, and Tribal Flood Network (TFN) attacks. However, uRPF can cause legitimate traffic to be dropped in asymmetric routing configurations. In order for uRPF to function, Cisco Express Forwarding (CEF) must be enabled.

Reconnaissance attacks cannot be mitigated by implementing uRPF. A reconnaissance attack involves attempting to gain information about a network. Port scanning, packet sniffing, and ping sweeping are examples of reconnaissance attacks. To mitigate port scanning attacks, you should implement an Intrusion Prevention System (IPS). To mitigate packet sniffing attacks, you should implement secure protocols, such as Secure Shell (SSH). To mitigate ping sweeping attacks, you should disable Internet Control Message Protocol (ICMP) echo and echo-reply packets.

Malware attacks cannot be mitigated by implementing uRPF. Malware is removed by antivirus and antispyware software. You should ensure that the antivirus and antispyware software is updated regularly so that the latest signature definitions are installed.

Man-in-the-middle attacks cannot be mitigated by implementing uRPF. A man-in-the-middle attack is a type of access attack that occurs when an attacker gains access to traffic sent between two networks or two devices. If the traffic is sent as plain text, the attacker can view all network traffic sent across the network. To mitigate man-in-the-middle attacks, you should encrypt traffic on the network.


the answers are mixed, do not specify in the comment number or the letter of the answer
please write answer#A instead A, answer#B instead B...

only logged users can write comments