Which Layer 2 attack involves flooding a switch's MAC address table to cause it to fail-open and broadcast frames to all ports?
A CISSP practice question covering Domain 4: Communication and Network Security. Try answering before reading the explanation below.
Show options & answer
Why "MAC flooding (CAM table overflow)" is the right answer
MAC flooding fills the CAM table so the switch enters fail-open behavior, effectively becoming a hub — the attacker then sniffs traffic. Port security limits MACs per port to mitigate. ARP spoofing poisons the host ARP cache; VLAN hopping abuses 802.1Q; STP manipulation reshapes the topology.
Study videos for this topic
Want to go deeper on Domain 4? Watch the full breakdown — every video is free, no account, no upsell.
CISSP Domain 4: OSI, IPsec, TLS & VoIP Security
Domain 4 — Communication and Network Security
CISSP Domain 4: Segmentation & Zero Trust Explained
Domain 4 — Communication and Network Security
CISSP Domain 4: Wi-Fi, WPA3, 5G & Cloud Security
Domain 4 — Communication and Network Security
CISSP Domain 4: NAC, Fiber, Firewalls & Endpoint Security
Domain 4 — Communication and Network Security
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.