Here are 30 multiple-choice questions (MCQs) focused on Man-in-the-Middle (MITM) attacks in the context of Cyber Threats and Attack Vectors. Each question is followed by four possible answers, with the correct answer and an explanation provided.These questions cover various aspects of Man-in-the-Middle (MITM) attacks, including techniques, goals, and countermeasures.
1. What is the primary goal of a Man-in-the-Middle (MITM) attack?
- Unauthorized access to sensitive information
- Encryption of files for ransom
- Intercepting and manipulating communication between two parties
- Disrupting network services
The primary goal of a MITM attack is to intercept and manipulate communication between two parties without their knowledge.
2. What is the term for a MITM attack that involves intercepting and altering communication between two parties secretly?
- Eavesdropping attack
- Spoofing attack
- Tampering attack
- Relay attack
A tampering attack involves intercepting and altering communication between two parties without their knowledge.
3. Which method is commonly used in MITM attacks to intercept unencrypted data transmitted over a network?
- ARP spoofing
- DNS spoofing
- SSL/TLS encryption
- Public key cryptography
ARP spoofing is commonly used in MITM attacks to intercept unencrypted data transmitted over a network.
4. What is the purpose of a replay attack in the context of MITM attacks?
- Gaining unauthorized access to systems
- Resending captured data to impersonate a legitimate user
- Disrupting network services through the use of malicious scripts
- Encrypting files for ransom
A replay attack involves resending captured data to impersonate a legitimate user and gain unauthorized access.
5. What is the term for a MITM attack that involves creating a fake Wi-Fi hotspot to intercept data transmitted between devices and the internet?
- Wireless interception attack
- Hotspot hijacking attack
- Evil twin attack
- Wi-Fi jamming attack
An evil twin attack involves creating a fake Wi-Fi hotspot to intercept data transmitted between devices and the internet.
6. Which layer of the OSI model is commonly targeted in MITM attacks to intercept and manipulate data?
- Physical layer
- Data link layer
- Network layer
- Presentation layer
The data link layer is commonly targeted in MITM attacks to intercept and manipulate data.
7. What is the term for a MITM attack that involves impersonating a legitimate website to steal sensitive information from users?
- DNS spoofing
- Phishing
- Spoofed website attack
- Session hijacking
Phishing is a MITM attack that involves impersonating a legitimate website to steal sensitive information from users.
8. What is the primary goal of a session hijacking attack in the context of MITM attacks?
- Gaining unauthorized access to systems
- Interfering with network protocols
- Intercepting and manipulating user sessions
- Encrypting files for ransom
The primary goal of a session hijacking attack is to intercept and manipulate user sessions.
9. What is the term for a MITM attack that involves modifying the content of communication between two parties without their knowledge?
- Tampering attack
- Eavesdropping attack
- Spoofing attack
- Relay attack
A tampering attack involves modifying the content of communication between two parties without their knowledge.
10. Which type of MITM attack involves intercepting communication between two parties and relaying messages between them without their knowledge?
- Eavesdropping attack
- Relay attack
- Spoofing attack
- Tampering attack
A relay attack involves intercepting communication between two parties and relaying messages between them without their knowledge.
11. What is the primary purpose of an SSL Stripping attack in the context of MITM attacks?
- Gaining unauthorized access to systems
- Interfering with network protocols
- Downgrading HTTPS connections to unencrypted HTTP
- Encrypting files for ransom
The primary purpose of an SSL Stripping attack is to downgrade HTTPS connections to unencrypted HTTP, making it easier for the attacker to intercept data.
12. What is the term for a MITM attack that involves intercepting communication between two parties by capturing and analyzing network traffic?
- Packet sniffing attack
- Wiretapping attack
- Spoofing attack
- Eavesdropping attack
A packet sniffing attack involves intercepting communication between two parties by capturing and analyzing network traffic.
13. Which security measure is designed to protect against ARP spoofing attacks in a MITM scenario?
- Network encryption
- Intrusion Detection System (IDS)
- Firewalls
- Address Resolution Protocol (ARP) spoofing detection
Address Resolution Protocol (ARP) spoofing detection is a security measure designed to protect against ARP spoofing attacks in a MITM scenario.
14. What is the term for a MITM attack that involves redirecting network traffic through an attacker-controlled system to capture sensitive information?
- Spoofing attack
- Relay attack
- Interception attack
- Man-in-the-Middle Proxy attack
A Man-in-the-Middle Proxy attack involves redirecting network traffic through an attacker-controlled system to capture sensitive information.
15. What is the primary goal of a Bluetooth hijacking attack in the context of MITM attacks?
- Gaining unauthorized access to systems
- Interfering with network protocols
- Intercepting and manipulating Bluetooth connections between devices
- Encrypting files for ransom
The primary goal of a Bluetooth hijacking attack is to intercept and manipulate Bluetooth connections between devices.
16. What is the purpose of a DNS spoofing attack in the context of MITM attacks?
- Modifying the content of communication between two parties
- Redirecting users to a fraudulent website by providing false DNS information
- Intercepting and manipulating user sessions
- Creating a fake Wi-Fi hotspot to intercept data transmitted between devices
DNS spoofing is used to redirect users to a fraudulent website by providing false DNS information.
17. What is the term for a MITM attack that involves inserting false information into the communication between two parties?
- Tampering attack
- Eavesdropping attack
- Relay attack
- Spoofing attack
A tampering attack involves inserting false information into the communication between two parties.
18. What is the primary goal of a Wi-Fi Pineapple attack in the context of MITM attacks?
- Gaining unauthorized access to systems
- Interfering with network protocols
- Intercepting and manipulating Wi-Fi connections between devices
- Encrypting files for ransom
The primary goal of a Wi-Fi Pineapple attack is to intercept and manipulate Wi-Fi connections between devices.
19. What is the term for a MITM attack that involves impersonating a legitimate website to steal login credentials from users?
- DNS spoofing
- Phishing
- Spoofed website attack
- Session hijacking
Phishing is a MITM attack that involves impersonating a legitimate website to steal login credentials from users.
20. What is the purpose of an Evil Maid attack in the context of MITM attacks?
- Gaining unauthorized access to systems
- Tampering with communication during a physical security check
- Intercepting and manipulating communication between two parties
- Encrypting files for ransom
An Evil Maid attack involves tampering with communication during a physical security check, often by compromising a device while it is unattended.
21. What is the term for a MITM attack that involves exploiting vulnerabilities in a web browser to inject malicious scripts into web pages visited by the user?
- Browser hijacking attack
- Script injection attack
- Man-in-the-Browser attack
- Cross-Site Scripting attack
A Man-in-the-Browser attack involves exploiting vulnerabilities in a web browser to inject malicious scripts into web pages visited by the user.
22. What is the primary goal of a Keylogging attack in the context of MITM attacks?
- Gaining unauthorized access to systems
- Intercepting and manipulating communication between two parties
- Capturing and recording keystrokes to steal sensitive information
- Encrypting files for ransom
The primary goal of a Keylogging attack is to capture and record keystrokes to steal sensitive information, such as login credentials.
- Command injection attack
- Tampering attack
- Relay attack
- Data manipulation attack
A data manipulation attack involves intercepting and altering data transmitted over a network to execute unauthorized commands.
24. What is the purpose of a HTTPS Stripping attack in the context of MITM attacks?
- Downgrading HTTPS connections to unencrypted HTTP
- Modifying the content of communication between two parties
- Intercepting and manipulating user sessions
- Redirecting users to a fraudulent website by providing false DNS information
The purpose of a HTTPS Stripping attack is to downgrade HTTPS connections to unencrypted HTTP, making it easier for the attacker to intercept data.
25. What is the term for a MITM attack that involves intercepting and altering emails between two parties?
- Email manipulation attack
- Relay attack
- Tampering attack
- Eavesdropping attack
An email manipulation attack involves intercepting and altering emails between two parties.
26. What is the term for a MITM attack that involves intercepting and altering data transmitted over an unsecured Wi-Fi network?
- Wi-Fi eavesdropping attack
- Sniffing attack
- Man-in-the-Wire attack
- Wireless tampering attack
A sniffing attack involves intercepting and analyzing data transmitted over a network, commonly used in MITM attacks on unsecured Wi-Fi networks.
27. What is the primary goal of a SSL/TLS Stripping attack in the context of MITM attacks?
- Downgrading HTTPS connections to unencrypted HTTP
- Intercepting and manipulating user sessions
- Modifying the content of communication between two parties
- Redirecting users to a fraudulent website by providing false DNS information
The primary goal of an SSL/TLS Stripping attack is to downgrade HTTPS connections to unencrypted HTTP, making it easier for the attacker to intercept data.
28. What is the term for a MITM attack that involves intercepting and altering communication between two parties in real-time without leaving any traces?
- Eavesdropping attack
- Spoofing attack
- Replay attack
- Covert MITM attack
A covert MITM attack involves intercepting and altering communication between two parties in real-time without leaving any traces.
29. What is the purpose of a USBNinja attack in the context of MITM attacks?
- Gaining unauthorized access to systems
- Intercepting and manipulating communication between two parties
- Exploiting vulnerabilities in USB devices to compromise data
- Encrypting files for ransom
The purpose of a USBNinja attack is to exploit vulnerabilities in USB devices to compromise data, often used in MITM scenarios.
30. Which security measure helps protect against Man-in-the-Middle attacks by encrypting communication between two parties?
- Virtual Private Network (VPN)
- Intrusion Detection System (IDS)
- Firewalls
- Address Resolution Protocol (ARP) spoofing detection
A Virtual Private Network (VPN) helps protect against Man-in-the-Middle attacks by encrypting communication between two parties.