nerdexam
Exams312-50V9Questions#153
EC-Council

312-50V9 · Question #153

312-50V9 Question #153: Real Exam Question with Answer & Explanation

The correct answer is B: Man-in-the-middle. A man-in-the-middle attack is a classic example of IP spoofing, where the attacker forges source IP addresses to impersonate a trusted party and intercept communications.

Question

Which of the following is an example of IP spoofing?

Options

  • ASQL injections
  • BMan-in-the-middle
  • CCross-site scripting
  • DARP poisoning

Explanation

A man-in-the-middle attack is a classic example of IP spoofing, where the attacker forges source IP addresses to impersonate a trusted party and intercept communications.

Common mistakes.

  • A. SQL injection is an application-layer attack that inserts malicious SQL statements into an input field to manipulate a database - it does not involve forging IP addresses.
  • C. Cross-site scripting (XSS) injects malicious client-side scripts into web pages viewed by other users and is an application-layer attack with no IP address falsification component.
  • D. ARP poisoning is a form of MAC-address spoofing that corrupts the ARP cache to redirect traffic at Layer 2, and while it can enable MITM attacks, it operates on MAC addresses rather than IP addresses and is classified as ARP spoofing, not IP spoofing.

Concept tested. IP spoofing attack types and examples

Reference. https://www.nist.gov/publications/guidelines-firewalls-and-firewall-policy

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice