CISSP PRACTICE QUESTIONS – 20220206

Posted on by
Effective CISSP Questions

An IPv6 host has a physical address, 00-15-5D-24-36-DF. Which one of the following IPv6 addresses is most likely to be captured by a network sniffer connected to the same subnet? (Wentz QOTD)
A. fe80::205:5dff:fe24:36df%10
B. fe80::215:5dff:fe24:36df
C. ::1
D. 169.254.255.255


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. fe80::215:5dff:fe24:36df.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Comparison of IPv6 and IPv4 Address Scheme
Comparison of IPv6 and IPv4 Address Scheme (Source: The FCC)

IPv6 supports three address types: unicast, multicast, and anycast. An IPv6 address consists of 128 bits. Unicast and anycast addresses are typically composed of two logical parts: a 64-bit network prefix used for routing, and a 64-bit interface identifier used to identify a host’s network interface. The 64-bit interface identifier is either 1) automatically generated from the interface’s MAC address using the modified EUI-64 format, 2) obtained from a DHCPv6 server, 3) automatically established randomly, or 4) assigned manually. (Wikipedia)

  • fe80::215:5dff:fe24:36df is a common IPv6 link-local address in the modified EUI-64 format without the zone index. It’s more likely to be captured by a network sniffer because it’s not limited to any scopes. The IPv6 link-local address of a Cisco router is calculated from the MAC address of the interface. However, Windows by default uses a random value for generating IPv6 link-local addresses.
  • fe80::205:5dff:fe24:36df%10 is a valid scoped IPv6 link-local address in the EUI-64 format with the zone index, %10, which is typically used on the Windows system; %eth2 is commonly used on Linux machines; “BSD-based operating systems (including macOS) also support an alternative, non-standard syntax, where a numeric zone index is encoded in the second 16-bit word of the address. In all operating systems mentioned above, the zone index for link-local addresses actually refers to an interface, not to a zone.” (Wikipedia)
    A network or security zone represents a collection of physical network segments that share the same security requirements and apply the same sets of security policies. Each zone on a firewall may consist of one or more interfaces.
  • ::1 is reserved for the IPv6 loopback interface—a virtual interface that loops all traffic back to itself, the localhost, so traffic will not be sniffed on the external network.
  • 169.254.255.255 is the IPv4 broadcast address of the APIPA address space, which does not apply to the IPv6 host in this question. “APIPA stands for Automatic Private IP Addressing (APIPA). It is a feature or characteristic in operating systems (eg. Windows) which enables computers to self-configure an IP address and subnet mask automatically when their DHCP(Dynamic Host Configuration Protocol) server isn’t reachable. The IP address range for APIPA is (169.254.0.1 to 169.254.255.254) having 65, 534 usable IP addresses, with the subnet mask of 255.255.0.0.” (GeeksForGeeks)

The EUI-64 and Modified EUI-64 Format

IEEE EUI-64
IEEE EUI-64 (Credit: Tharak Abraham)
IPv4 Addresses
IPv4 Addresses
IPv6 Addresses
IPv6 Addresses

Reference

一台IPv6 主機具有物理地址 00-15-5D-24-36-DF。 以下哪個 IPv6 地址最有可能被連接到同一子網路的網絡嗅探器捕獲? (Wentz QOTD)
A. fe80::205:5dff:fe24:36df%10
B. fe80::215:5dff:fe24:36df
C. ::1
D. 169.254.255.255

Leave a Reply