Which of the following MOST likely occurred?

SY0-501 0 Comments

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site.

Upon Investigation, a security analyst identifies the following:

• The legitimate website’s IP address is 10.1.1.20 and eRecruit.local resolves to this IP.

• The forged website’s IP address appears to be 10.2.12.99. based on NetFlow records.

• All three of the organization’s DNS servers show the website correctly resolves to the legitimate IP.

• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.

Which of the following MOST likely occurred?
A . A reverse proxy was used to redirect network traffic.
B . An SSL strip MITM attack was performed.
C . An attacker temporarily poisoned a name server.
D . An ARP poisoning attack was successfully executed.

Answer: B

Latest SY0-501 Dumps Valid Version with 1130 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SY0-501 PDF     SY0-501 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments