nerdexam
(ISC)2

CISSP-ISSAP · Question #211

(ISC)2 CISSP-ISSAP Exam Which of the following are the countermeasures against a man-in-the-middle attack? Each correct answer represents a complete solution. Choose all that apply.

The correct answer is A. Using public key infrastructure authentication. C. Using Secret keys for authentication. D. Using Off-channel verification.. MITM Countermeasures - CISSP-ISSAP Man-in-the-middle (MITM) attacks succeed when an attacker can silently intercept communications between two parties without either detecting the intrusion. Options A, C, and D all defeat this by making impersonation verifiably impossible. Why A,

Identity and Access Management (IAM) Architecture

Question

(ISC)2 CISSP-ISSAP Exam Which of the following are the countermeasures against a man-in-the-middle attack? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AUsing public key infrastructure authentication.
  • BUsing basic authentication.
  • CUsing Secret keys for authentication.
  • DUsing Off-channel verification.

How the community answered

(50 responses)
  • A
    76% (38)
  • B
    24% (12)

Explanation

MITM Countermeasures - CISSP-ISSAP

Man-in-the-middle (MITM) attacks succeed when an attacker can silently intercept communications between two parties without either detecting the intrusion. Options A, C, and D all defeat this by making impersonation verifiably impossible.

Why A, C, D are correct:

  • (A) PKI authentication binds identities to cryptographic certificates issued by trusted Certificate Authorities - an attacker cannot forge a valid certificate, so the intercepted session is exposed.
  • (C) Secret key authentication relies on a shared secret the attacker does not possess; challenge-response protocols using symmetric keys ensure that anyone without the key cannot successfully authenticate.
  • (D) Off-channel verification uses a separate, independent communication path (e.g., phone, SMS) to confirm identity - a MITM attacker would have to simultaneously compromise two unrelated channels.

Why B is wrong: Basic authentication transmits credentials as Base64-encoded plaintext with no server identity verification. It not only fails to prevent MITM attacks - it actively enables credential theft by an intercepting attacker.

Memory tip: The three correct answers all share a common theme - they prove who you're talking to. Think "PKI, Shared Secret, Second Channel = Verified Identity." Basic auth proves nothing about the server, which is exactly what MITM exploits.

Topics

#MITM countermeasures#PKI authentication#Off-channel verification#Secret key cryptography

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice