CS0-003 Question #22: Real Exam Question with Answer & Explanation

Question

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?

Options

• AThere is an issue with the SSL certificate causing port 443 to become unavailable for HTTPS
• BAn on-path attack is being performed by someone with internal access that forces users into port
• CThe web server cannot handle an increasing amount of HTTPS requests so it forwards users to
• DAn error was caused by BGP due to new rules applied over the company's internal routers

Explanation

The fact that the company's internal portal is sometimes accessible through HTTP (port 80) and other times through HTTPS (port 443) suggests that someone with internal access is actively manipulating the network traffic. An on-path attack is a type of man-in-the-middle attack where an attacker intercepts and modifies communication between two parties. By forcing users into using HTTP instead of HTTPS, the attacker can potentially capture sensitive information transmitted over the network, such as login credentials or session data. An issue with the SSL certificate (Option A) would generally result in HTTPS not working at all, rather than it being intermittently accessible. A web server unable to handle an increasing amount of HTTPS requests (Option C) would likely result in performance issues or server errors, but it wouldn't selectively redirect users to HTTP. BGP (Border Gateway Protocol) is used for routing between autonomous systems on the internet, and it generally would not cause the internal portal to switch between HTTP and HTTPS. It is more relevant to external internet routing.

No community discussion yet for this question.