Which of the following practices completely prevents a man-in-the-middle (MitM) attack between
two hosts?

A.
Use security tokens for authentication

B.
Connect through an IPSec VPN

C.
Use https with a server-side certificate

D.
Enforce static media access control (MAC) addresses

Explanation:

IPSec effectively prevents man-in-the-middle (MitM) attacks by including source and destination
IPs within the encrypted portion of the packet. The protocol is resilient to MitM attacks. Using
token-based authentication does not prevent a MitM attack; however, it may help eliminate
reusability of stolen cleartext credentials. An https session can be intercepted through Domain
Name Server (DNS) or Address Resolution Protocol (ARP) poisoning. ARP poisoning—a specific
kind of MitM attack—may be prevented by setting static media access control (MAC) addresses.
Nevertheless, DNS and NetBIOS resolution can still be attacked to deviate traffic.