Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?

A.
Use security tokens for authentication

B.
Connect through an IPSec VPN

C.
Use https with a server-side certificate

D.
Enforce static media access control (MAC) addresses

Explanation:

IPSec effectively prevents man-in-the-middle (MitM) attacks by including source and destination IPs within the encrypted portion of the packet. The protocol is resilient to MitM attacks. Using token-based authentication does not prevent a MitM attack; however, it may help eliminate reusability of stolen cleartext credentials. An https session can be intercepted through Domain Name Server (DNS) or Address Resolution Protocol (ARP)
poisoning. ARP poisoning — a specific kind of MitM attack — may be prevented by setting static media access control (MAC) addresses. Nevertheless, DNS and NetBIOS resolution can still be attacked to deviate traffic.