A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?
A.
The hacker used a race condition.
B.
The hacker used a pass-the-hash attack.
C.
The hacker-exploited improper key management.
D.
The hacker exploited weak switch configuration.
This is most likely a MAC spoofing attack to prevent this you should use a managed switches and configure snmp on the switches so you can poll/monitor them remotely. Weak switches can be intercepted by an attacker via a MITM.
Not A. A race condition attack happens when a computing system that's designed to handle tasks in a specific sequence is forced to perform two or more operations simultaneously. This technique takes advantage of a time gap between the moment a service is initiated and the moment a security control takes effect.
The question doesn't say that two or more requests were submitted simultaneously.
Possibly broadcasting/ARP request. The workstation doesn't have an ARP entry in the table yet. So no entry for that "system". Switches handle MAC addresses resolution to IP addresses. Without Port Security or 802.1x there isn't any authentication or validation.
When two or more modules of an application, or two or more applications, attempt to access a resource at the same time, it can cause a conflict known as a race condition (Darril Gibson’s Get Certified Get Ahead p. 516-517).
Here, a workstation puts out a network request to locate another system and waits response from that system. However, a hacker on the network responds before the real system does, most probably because of a weak switch configuration.
This is a link about race conditions and shows how this is NOT a Race Condition. The switch is just going too slowly, hence the answer would be D.
https://searchstorage.techtarget.com/definition/race-condition#:~:text=A%20race%20condition%20is%20an,sequence%20to%20be%20done%20correctly.
This is a classic man in the middle attack performed by using spoofing tactics which cause info to be sent to him so that he can copy it and then he can fwd it on
A race condition exists when changes to the order of two or more events can cause a change in behavior. If the correct order of execution is required for the proper functioning of the program, this is a bug. If an attacker can take advantage of the situation to insert malicious code, change a filename, or otherwise interfere with the normal operation of the program, the race condition is a security vulnerability. Attackers can sometimes take advantage of small time gaps in the processing of code to interfere with the sequence of operations, which they then exploit.(https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html). Based on that definition, I think that probably the question is looking for an answer related to a MAC spoofing attack since the attacker's goal is to trick the workstation into revealing information that might help him/her to pivot or escalate the attack.
A. The attacker has taken advantage of a race condition by responding to the system before the other remote system. The attacker is using the mac address of the other system to perform a mitm attack.
Race Condition isn't about answering faster than another system, it is about two processes needing to be done but they have to be done in a correct order. This is NOT a race condition.
Your understanding of a "Race Condition" is incorrect.
A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events.
The question is referring to an ARP poisoning attack. "When the victim host broadcasts a request for the IP address [of a valid host], the malicious host takes advantage of the race condition inherent to ARP's statelessness."
Encyclopedia of Cryptography and Security
See pg. 48, ARP Spoofing - Theory
https://books.google.com/books?id=UGyUUK9LUhUC&pg=PA48#v=onepage&q&f=false
Ans A:
What Happens During a Race Condition Attack?
Web applications, file systems, and networking environments are all vulnerable to a race condition attack. Attackers might target an access control list (ACL), a payroll or human resources database, a transactional system, a financial ledger, or some other data repository. Although race condition attacks don’t happen frequently — because they’re relatively difficult to engineer and attackers must exploit a very brief window of opportunity — when they do happen, they can lead to serious repercussions, including a system granting unauthorized privileges. What’s more, race condition attacks are inherently difficult to detect.
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
DigitalJunkie
Highly Voted 5 years, 8 months agoredondo310
5 years, 4 months agoMelvinJohn
Highly Voted 5 years, 1 month agowho__cares123456789___
Most Recent 4 years, 3 months agoHanzero
4 years, 7 months agoDookyBoots
4 years, 7 months agoDiogenes_td
4 years, 9 months agovaxakaw829
4 years, 9 months agoJasonbelt
4 years, 9 months agocallmethefuz
4 years, 10 months agoJasonbelt
4 years, 9 months agokdce
4 years, 10 months agoCYBRSEC20
4 years, 10 months agoVissini
4 years, 11 months agoxiaoyi
4 years, 11 months agoM3rlin
5 years, 1 month agoJasonbelt
4 years, 9 months agoFNavarro
4 years, 1 month agofrededel
5 years, 1 month agoNeGaTiVeOnE
5 years, 2 months agoGMO
5 years, 3 months ago