CERTIFIED-IN-CYBERSECURITY Question #567: Real Exam Question with Answer & Explanation

Question

What attack involves intercepting and possibly altering communication between two persons without their knowledge?

Options

• ADoS attack
• BMan-in-the-middle attack
• CSpoofing attack
• DFragment attack

Explanation

A man-in-the-middle (MitM) attack is a type of cyberattack in which a malicious actor inserts himself into a conversation between two parties, impersonates both parties, and gains access to information that the two parties were trying to send each other. The attacker could intercept and modify the communication to trick the victims into revealing confidential information (see ISC2 Study Guide, Chapter 4, Module 1). For example, consider a scenario where Alice attempts to send her bank account information to Bob over an unsecured communication channel. A malicious actor, Eve, intercepts the communication, alters the message, and sends Bob a different bank account number. Bob then unknowingly sends money to Eve's account instead of Alice's. Neither Alice nor Bob is aware of Eve's interference. The other options, while valid attacks, do not address the scenario of altering communication between two people without their knowledge. In particular, a DoS, or denial-of-service attack, is an attack designed to shut down a computer or network, making it inaccessible to its intended users. A spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data to gain an illegitimate advantage. A fragment attack is a cyber attack in which the attacker exploits the reassembly of packet fragments.

No community discussion yet for this question.