SY0-501 · Question #74
SY0-501 Question #74: Real Exam Question with Answer & Explanation
The correct answer is C: Man-in-the-middle. The scenario describes a web gateway proxy intercepting and re-signing all secure website certificates on local machines, which is a controlled implementation of a man-in-the-middle technique for purposes like SSL inspection or troubleshooting.
Question
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
Options
- ATransitive access
- BSpoofing
- CMan-in-the-middle
- DReplay
Explanation
The scenario describes a web gateway proxy intercepting and re-signing all secure website certificates on local machines, which is a controlled implementation of a man-in-the-middle technique for purposes like SSL inspection or troubleshooting.
Common mistakes.
- A. Transitive access refers to gaining unauthorized access to a system through an intermediary system that has legitimate access, which is not directly related to a proxy signing certificates for all local machines.
- B. Spoofing involves impersonating another entity to gain an advantage or access, and while the proxy is impersonating the website's certificate, the broader interception and relaying of all traffic define a man-in-the-middle attack.
- D. A replay attack involves capturing and retransmitting data to trick a system into unauthorized actions, which is distinct from a proxy actively intercepting and re-signing certificates in real-time.
Concept tested. Man-in-the-middle (MitM) attacks and SSL/TLS interception
Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/man-in-the-middle
Community Discussion
No community discussion yet for this question.