350-701 · Question #216
350-701 Question #216: Real Exam Question with Answer & Explanation
The correct answer is C: man-in-the-middle. A man-in-the-middle (MITM) attack involves an attacker secretly intercepting and relaying communications between two parties who believe they are communicating directly, effectively placing themselves in the middle of the conversation.
Question
In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?
Options
- ALDAP injection
- Bcross-site scripting
- Cman-in-the-middle
- Dinsecure API
Explanation
A man-in-the-middle (MITM) attack involves an attacker secretly intercepting and relaying communications between two parties who believe they are communicating directly, effectively placing themselves in the middle of the conversation.
Common mistakes.
- A. LDAP injection is a web application vulnerability that exploits improper input validation to inject malicious queries into an application's LDAP statements, typically used for authentication bypass or data extraction, not inserting a machine between hosts.
- B. Cross-site scripting (XSS) is a type of injection attack where malicious scripts are injected into otherwise trusted websites, primarily impacting end-user browsers, not involving an attacker's machine directly between communicating hosts.
- D. An insecure API refers to vulnerabilities in an application programming interface that can be exploited, but it describes a vulnerability type, not a specific attack method where an attacker's machine is placed between two communicating hosts.
Concept tested. Man-in-the-Middle Attack
Reference. https://www.cisco.com/c/en/us/products/security/what-is-a-man-in-the-middle-attack.html
Topics
Community Discussion
No community discussion yet for this question.