A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site.
Upon investigation, a security analyst the identifies the following:
• The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP
• The forged website’s IP address appears to be 10.2.12.99. based on NetFtow records
• AH three at the organization’s DNS servers show the website correctly resolves to the legitimate IP
• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.
Which of the following MOST likely occurred?
A . A reverse proxy was used to redirect network traffic
B . An SSL strip MITM attack was performed
C . An attacker temporarily pawned a name server
D . An ARP poisoning attack was successfully executed
Answer: B
Latest SY0-601 Dumps Valid Version with 396 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund