Which of the following can take advantage of man in the middle techniques to prevent data
exfiltration?
A.
DNS poisoning
B.
URL hijacking
C.
ARP spoofing
D.
HTTPS inspection
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
A. DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver’s cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker’s computer (or any other computer).
A domain name system server translates a human-readable domain name (such as example.com) into a numerical IP address that is used to route communications between nodes. Normally if the server doesn’t know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time, so that, if it receives another request for the same translation, it can reply without having to ask the other server again.
When a DNS server has received a false translation and caches it for performance optimization, it is considered poisoned, and it supplies the false data to clients. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (in this case, the server hosting the web page with derogatory content).
B. Typosquatting, also called URL hijacking or fake url, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).
The typosquatter’s URL will usually be one of four kinds, all similar to the victim site address: (In the following, the intended website is “example.com”)
A common misspelling, or foreign language spelling, of the intended site: exemple.com A misspelling based on typing errors: xample.com or examlpe.com
A differently phrased domain name: examples.com A different top-level domain: example.org
Once in the typosquatter’s site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content.
C. With ARP spoofing (also known as ARP poisoning), the MAC (Media Access Control) address of the data is faked. By faking this value, it is possible to make it look as if the data came from a network that it did not.
This can be used to gain access to the network, to fool the router into sending data here that was intended for another host, or to launch a DoS attack. In all cases, the address being faked is an address of a legitimate user, and that makes it possible to get around such measures as allow/deny lists.
D. A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties.
HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks.
Correct answer is D.
2
0
HTTPS inspection is using a man in the middle device to break HTTPS connexions, in order to inspect the content and prevent data exfiltration (DLP). A lot of entreprises have that in place. Correct answer: D
1
0
HTTPS: Safe user won’t be able to steal your information.
HTTP : NOT SAFE. Data can be stolen
Answer is D
0
0
Very badly written question as far as I am concerned.
In this case we must read the question properly pay close attention to the grandiose term of “Data exfiltration”.
•“Data exfiltration” is the unauthorized transfer of sensitive information from a target’s network to a location which a threat actor controls.
•The question in here is that I want to [PREVENT] said “Data exfiltration”
So of the four possible answers, we must choose one that would “prevent” any data tampering and or/transfer.
A, B and C do not prevent the loss of data. They are actually root causes
So the only one “preventing” anything in here is: D. HTTPS inspection
HTTPS Inspection. You can enable HTTPS traffic inspection on Security Gateways to inspect traffic that is encrypted by the Secure Sockets Layer (SSL) protocol. SSL secures communication between internet browser clients and web servers.
So HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks.
Now, why would want to “take advantage of man in the middle techniques” in order to put HTTPS Inspection in place in order to prevent data exfiltration?. It should be put in place in the first place in order to avoid such attacks
1
0