Gerald is a certified ethical hacker working for a large financial institution in Oklahoma City. Gerald is currently performing an annual security audit ofthe company’s network. One of the company’s primary concerns is how the corporate data is transferred back and forth from the banks all over the city to the data warehouse at the company’s home office. To see what type of traffic is being passed back and forth and to see how secure that data really is, Gerald uses asession hijacking tool to intercept traffic between a server and a client. Gerald hijacks an HTML session between a client running a web application which connects to a SQL database at the home office. Gerald does not kill the client’s session; he simply monitors the traffic that passes between it and the server. What type of session attack is Gerald employing here?

A.
Gerald is using a passive application level hijack to monitor the client and server traffic.

B.
He is utilizing a passive network level hijack to see the session traffic used to communicate between the two devices.

C.
This type of attack would be considered an active application attack since he is actively monitoring the traffic.

D.
This type of hijacking attack is called an active network attack.