Effective CISSP Questions

You are implementing the network for a small company where a bridge connects two network segments as a broadcast domain. The bridge maintains a MAC table or cache to make forwarding decisions. If TCP/IP is implemented to support network communication, which of the following is not true?
A. Hosts across the bridge must have the same subnet mask.
B. The network is vulnerable to sniffing attacks when the bridge reboots.
C. A router is required if two or more logical IP subnets are implemented.
D. Eavesdropping traffic across the bridge can result from cache overflow.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Hosts across the bridge must have the same subnet mask.


It’s common to implement one and only one IP subnet per broadcast domain. However, a physical network with a single broadcast domain can support one or more IP subnets. This is the so-called “Multinet.” For example, we can implement the following IP subnets (with different subnet mask) on an Ethernet:


Routing and Routers

A router, typically acting as the default gateway for hosts on the same subnet, forwards packets from one subnet to another by referencing the routing table. A router has one or more network interfaces connected to individual subnets.

A router on a stick, also known as a one-armed router, is a router that has a single physical or logical connection to a network. It is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.

Source: Wikipedia

Learning Mode and Fail Open

When a switching hub or a switch reboots, the MAC table or cache is flushed. It takes some time for the switch to collect or learn new MACs to store in the MAC table so that it can forward the following traffic per the MAC table. When the switch is learning, it behaves like a hub that forwards traffic to all ports.

Most of the switching hubs are designed to “fail open” for the sake of network availability. In failed open mode, the switching hub also acts as a hub. When an attacker sends a huge amount of spoofed MACs, the switching hub may suffer cache overflow and fail into the open mode.

When a switching hub behaves like a hub, it is vulnerable to sniffing or eavesdropping attacks.



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

  • It is available on Amazon.
  • Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.


Leave a Reply