1. What is a Man-in-the-Middle (MITM) attack?
a) A user who gains administrator privileges on a system
b) A method of injecting malicious scripts into web applications
c) An attack where an attacker intercepts and relays communication between two parties
d) A brute force attack on encrypted data
Answer: c) An attack where an attacker intercepts and relays communication between two parties
Explanation: MITM attacks occur when an attacker secretly intercepts and possibly alters communication between two parties who believe they are directly communicating.
2. Which of the following is NOT a common MITM attack method?
a) ARP Spoofing
b) DNS Spoofing
c) SQL Injection
d) SSL Stripping
Answer: c) SQL Injection
Explanation: SQL Injection is a database attack, not a method of MITM. ARP Spoofing, DNS Spoofing, and SSL Stripping are common MITM techniques.
3. How does ARP Spoofing facilitate MITM attacks?
a) It forces the victim to use an insecure protocol
b) It manipulates the Address Resolution Protocol (ARP) to associate an attacker’s MAC address with the victim’s IP address
c) It injects malware into a remote machine
d) It encrypts data in transit
Answer: b) It manipulates the Address Resolution Protocol (ARP) to associate an attacker’s MAC address with the victim’s IP address
Explanation: ARP Spoofing allows attackers to redirect traffic between devices on a local network by responding to ARP requests with false MAC addresses.
4. What is SSL Stripping?
a) A technique that forces encrypted HTTPS connections to downgrade to unencrypted HTTP
b) A method for breaking SSL/TLS encryption
c) An attack that encrypts malicious traffic
d) A type of SQL Injection attack
Answer: a) A technique that forces encrypted HTTPS connections to downgrade to unencrypted HTTP
Explanation: SSL Stripping downgrades secure HTTPS connections to HTTP, allowing attackers to intercept sensitive data transmitted over an insecure connection.
5. What is the primary goal of a MITM attack?
a) To increase network performance
b) To disrupt communication between users
c) To steal, alter, or eavesdrop on confidential data
d) To speed up encrypted transmissions
Answer: c) To steal, alter, or eavesdrop on confidential data
Explanation: The goal of MITM attacks is to intercept, modify, or steal sensitive data exchanged between two parties.
6. What is an effective way to prevent ARP Spoofing-based MITM attacks?
a) Using weak passwords
b) Enabling HTTPS
c) Implementing static ARP entries and using ARP inspection
d) Turning off firewalls
Answer: c) Implementing static ARP entries and using ARP inspection
Explanation: Configuring static ARP entries and enabling Dynamic ARP Inspection (DAI) help mitigate ARP Spoofing attacks.
7. Which tool is commonly used for MITM attacks via ARP Spoofing?
a) Wireshark
b) Ettercap
c) Nmap
d) Metasploit
Answer: b) Ettercap
Explanation: Ettercap is a popular tool for launching MITM attacks, particularly ARP Spoofing-based attacks.
8. What does a DNS Spoofing attack do?
a) Redirects users to a malicious website by poisoning DNS records
b) Encrypts DNS queries for security
c) Deletes DNS cache on a system
d) Blocks DNS resolution
Answer: a) Redirects users to a malicious website by poisoning DNS records
Explanation: DNS Spoofing manipulates DNS responses to redirect users to malicious websites, making them think they are visiting legitimate sites.
9. How does an attacker execute a Wi-Fi MITM attack?
a) By setting up a fake access point (Evil Twin)
b) By sending phishing emails
c) By exploiting SQL vulnerabilities
d) By installing rootkits
Answer: a) By setting up a fake access point (Evil Twin)
Explanation: Attackers create fake access points (Evil Twins) that mimic legitimate Wi-Fi networks, tricking users into connecting.
10. What security measure can prevent MITM attacks on public Wi-Fi?
a) Using public networks without encryption
b) Using a VPN (Virtual Private Network)
c) Relying on open Wi-Fi networks
d) Using weak passwords
Answer: b) Using a VPN (Virtual Private Network)
Explanation: A VPN encrypts internet traffic, preventing attackers from intercepting data, even on unsecured networks.
11. What is the role of HSTS in preventing MITM attacks?
a) It blocks JavaScript execution
b) It forces browsers to use HTTPS connections
c) It scans for malware
d) It replaces SSL with AES encryption
Answer: b) It forces browsers to use HTTPS connections
Explanation: HTTP Strict Transport Security (HSTS) prevents SSL Stripping attacks by ensuring browsers always connect securely via HTTPS.
12. What is the primary weakness of an SSL Strip attack?
a) It only works on encrypted connections
b) Users can detect it if they notice the missing HTTPS padlock
c) It requires physical access to the victim’s device
d) It relies on a brute-force attack
Answer: b) Users can detect it if they notice the missing HTTPS padlock
Explanation: SSL Strip attacks downgrade HTTPS to HTTP, which users can sometimes detect by checking for the missing padlock icon in the browser.
13. Which protocol helps prevent MITM attacks on email communication?
a) SMTP
b) SPF, DKIM, and DMARC
c) HTTP
d) SNMP
Answer: b) SPF, DKIM, and DMARC
Explanation: These email security protocols help prevent email spoofing and MITM-based email interception.
14. Which type of MITM attack occurs when an attacker manipulates JavaScript code in a web page?
a) Clickjacking
b) Cross-Site Scripting (XSS)
c) DNS Hijacking
d) HTTP Response Splitting
Answer: d) HTTP Response Splitting
Explanation: In HTTP Response Splitting, an attacker injects malicious headers into HTTP responses, enabling MITM-style manipulation.
15. How can SSL/TLS certificates help prevent MITM attacks?
a) By encrypting traffic between clients and servers
b) By allowing attackers to modify packets
c) By reducing latency in network traffic
d) By disabling HTTPS
Answer: a) By encrypting traffic between clients and servers
Explanation: SSL/TLS encrypts communication, preventing attackers from intercepting and altering data.
16. What is an example of a real-world MITM attack?
a) Heartbleed OpenSSL vulnerability
b) Stuxnet worm
c) ARP Spoofing in corporate networks
d) SQL Injection on a web application
Answer: c) ARP Spoofing in corporate networks
Explanation: Many corporate networks have been targeted using ARP Spoofing to intercept sensitive communications.
17. Why is two-factor authentication (2FA) effective against MITM attacks?
a) It prevents password leaks
b) It requires an additional authentication factor, making credential theft insufficient
c) It encrypts all network traffic
d) It prevents phishing attacks
Answer: b) It requires an additional authentication factor, making credential theft insufficient
Explanation: Even if attackers intercept login credentials, they cannot bypass 2FA without the second factor.
18. Which of the following is a key sign of a potential MITM attack?
a) Unusual SSL/TLS certificate warnings in a browser
b) Faster internet speed than usual
c) Automatic logouts from all accounts
d) Increased battery life on mobile devices
Answer: a) Unusual SSL/TLS certificate warnings in a browser
Explanation: Browsers warn users about certificate mismatches, which can indicate an attacker is using a rogue certificate to intercept communications.
19. How does a rogue Wi-Fi access point facilitate MITM attacks?
a) By blocking legitimate network traffic
b) By forcing users to reset their passwords
c) By capturing data from unsuspecting users who connect to it
d) By preventing DNS resolution
Answer: c) By capturing data from unsuspecting users who connect to it
Explanation: Attackers set up rogue Wi-Fi hotspots with familiar names (e.g., “CoffeeShop_FreeWiFi”) to intercept user data.
20. Which MITM attack technique exploits weaknesses in public key cryptography?
a) ARP Spoofing
b) SSL Stripping
c) TLS Downgrade Attack
d) DNS Poisoning
Answer: c) TLS Downgrade Attack
Explanation: A TLS Downgrade Attack forces a connection to use weaker encryption, making it easier for an attacker to decrypt communications.
21. What is the best way to protect against DNS Spoofing?
a) Use DNS over HTTPS (DoH) or DNS over TLS (DoT)
b) Disable antivirus software
c) Rely on HTTP connections
d) Clear browser cookies regularly
Answer: a) Use DNS over HTTPS (DoH) or DNS over TLS (DoT)
Explanation: DoH and DoT encrypt DNS queries, making it harder for attackers to tamper with DNS responses.
22. What is session hijacking in MITM attacks?
a) A brute-force attack on encrypted passwords
b) An attack that steals an active session cookie to impersonate a user
c) A technique that crashes web servers
d) A method for encrypting MITM traffic
Answer: b) An attack that steals an active session cookie to impersonate a user
Explanation: Session hijacking allows an attacker to take control of an authenticated session by stealing session tokens.
23. Which protocol can be used to encrypt VoIP communications to prevent MITM attacks?
a) HTTP
b) SIP
c) SRTP
d) Telnet
Answer: c) SRTP
Explanation: Secure Real-time Transport Protocol (SRTP) encrypts VoIP communications to prevent interception.
24. Which MITM attack targets Secure Shell (SSH) communications?
a) Evil Twin Attack
b) Key Reinstallation Attack (KRACK)
c) SSH Downgrade Attack
d) Buffer Overflow
Answer: c) SSH Downgrade Attack
Explanation: This attack forces an SSH session to use weaker encryption, making it vulnerable to interception.
25. Which network security feature helps detect MITM attacks in enterprise networks?
a) Intrusion Detection Systems (IDS)
b) MAC Address Randomization
c) Default Router Configurations
d) Use of Open Wi-Fi
Answer: a) Intrusion Detection Systems (IDS)
Explanation: IDS can detect unusual network traffic patterns indicative of MITM attacks.
26. What is the primary vulnerability exploited in a Key Reinstallation Attack (KRACK)?
a) Weak password policies
b) Flaws in WPA2 encryption
c) Poorly configured firewalls
d) DNS misconfiguration
Answer: b) Flaws in WPA2 encryption
Explanation: KRACK exploits vulnerabilities in the WPA2 protocol, allowing attackers to intercept and manipulate Wi-Fi traffic.
27. How does certificate pinning prevent MITM attacks?
a) It forces all network connections to use HTTP
b) It blocks all encrypted connections
c) It verifies that a certificate belongs to the expected host
d) It prevents users from installing software updates
Answer: c) It verifies that a certificate belongs to the expected host
Explanation: Certificate pinning ensures a specific certificate is used for secure communication, preventing attacks using forged certificates.
28. What does an attacker accomplish in a Browser-in-the-Middle attack?
a) Takes control of the browser to inject malicious code
b) Redirects traffic through an infected web browser
c) Exploits SQL vulnerabilities in a web application
d) Hijacks DNS queries
Answer: b) Redirects traffic through an infected web browser
Explanation: In a Browser-in-the-Middle attack, malicious browser extensions or scripts intercept and modify web traffic.
29. What is a typical sign of an SSL Stripping attack?
a) The website loads with “https://” in the address bar
b) The website appears identical but lacks encryption (HTTP instead of HTTPS)
c) The website loads faster than usual
d) The website crashes immediately after loading
Answer: b) The website appears identical but lacks encryption (HTTP instead of HTTPS)
Explanation: SSL Stripping downgrades HTTPS to HTTP, allowing attackers to intercept traffic.
30. How does Perfect Forward Secrecy (PFS) help mitigate MITM attacks?
a) By ensuring each session uses a unique encryption key
b) By disabling HTTPS
c) By storing encryption keys indefinitely
d) By blocking encrypted traffic
Answer: a) By ensuring each session uses a unique encryption key
Explanation: PFS prevents attackers from decrypting past communications even if they compromise a private key.
31. How does an attacker perform an IPv6 MITM attack?
a) By poisoning neighbor discovery packets
b) By modifying SSL certificates
c) By injecting malicious JavaScript
d) By cracking Wi-Fi passwords
Answer: a) By poisoning neighbor discovery packets
Explanation: IPv6 MITM attacks manipulate the Neighbor Discovery Protocol (NDP) to reroute traffic.
32. What is the primary weakness of using public proxies?
a) They improve network speed
b) They protect against MITM attacks
c) They may allow attackers to intercept traffic
d) They prevent website tracking
Answer: c) They may allow attackers to intercept traffic
Explanation: Public proxies can be compromised or malicious, enabling MITM attacks.
33. How can attackers use malware for MITM attacks?
a) By installing software updates
b) By manipulating network traffic through infected systems
c) By forcing users to change their passwords
d) By automatically enabling VPNs
Answer: b) By manipulating network traffic through infected systems
Explanation: Malware can modify network traffic or redirect it through an attacker-controlled proxy.
34. What is a major limitation of MITM attacks?
a) They always require physical access to a device
b) They are impossible to detect
c) Strong encryption makes them ineffective
d) They cannot target encrypted wireless networks
Answer: c) Strong encryption makes them ineffective
Explanation: Proper encryption, like TLS with PFS, prevents MITM attackers from decrypting intercepted traffic.
35. What is a key limitation of ARP Spoofing-based MITM attacks?
a) They only work on IPv6 networks
b) They require authentication
c) They only work within a local network (LAN)
d) They can bypass all encryption
Answer: c) They only work within a local network (LAN)
Explanation: ARP Spoofing requires an attacker to be on the same local network as the victim.
36. What is an Evil Twin Attack in the context of MITM?
a) Creating a fake Wi-Fi access point to intercept user data
b) Cloning encrypted traffic packets
c) Using twin proxies for encryption
d) Duplicating a DNS record for faster resolution
Answer: a) Creating a fake Wi-Fi access point to intercept user data
Explanation: An Evil Twin attack involves setting up a rogue Wi-Fi access point that mimics a legitimate network to lure users into connecting and stealing their data.
37. How does an attacker execute an MITM attack using rogue DHCP servers?
a) By sending fake DNS responses
b) By issuing incorrect IP and gateway settings to victims
c) By modifying web page content dynamically
d) By injecting JavaScript into SSL traffic
Answer: b) By issuing incorrect IP and gateway settings to victims
Explanation: Rogue DHCP servers provide incorrect gateway information, redirecting victim traffic through the attacker’s machine.
38. What is the best way to defend against email MITM attacks?
a) Using SPF, DKIM, and DMARC for email authentication
b) Encrypting email traffic using SMTP
c) Disabling TLS in email servers
d) Using open relay email servers
Answer: a) Using SPF, DKIM, and DMARC for email authentication
Explanation: These authentication mechanisms prevent attackers from spoofing legitimate email domains.
39. What is a typical method of intercepting and modifying API communications in MITM attacks?
a) SQL Injection
b) Using a proxy tool like Burp Suite
c) Performing a brute-force attack
d) Sending phishing emails
Answer: b) Using a proxy tool like Burp Suite
Explanation: Tools like Burp Suite allow attackers to intercept and manipulate API requests before they reach the server.
40. How can an organization detect ongoing MITM attacks?
a) By disabling encryption
b) By monitoring network traffic for anomalies
c) By setting up open Wi-Fi networks
d) By relying only on firewalls
Answer: b) By monitoring network traffic for anomalies
Explanation: Intrusion detection systems (IDS) and security monitoring tools can detect suspicious traffic patterns indicative of MITM attacks.
41. How does a Padding Oracle Attack relate to MITM?
a) It exploits weaknesses in cryptographic padding schemes
b) It targets database systems
c) It infects Wi-Fi routers with malware
d) It prevents packet interception
Answer: a) It exploits weaknesses in cryptographic padding schemes
Explanation: Padding Oracle Attacks allow attackers to decrypt encrypted data by exploiting padding validation errors.
42. Why is mutual TLS (mTLS) effective against MITM attacks?
a) It requires both client and server to authenticate each other
b) It replaces encryption with hashing
c) It disables TLS encryption
d) It forces users to change their passwords regularly
Answer: a) It requires both client and server to authenticate each other
Explanation: Mutual TLS (mTLS) ensures that both parties in a communication channel verify each other’s identity, making MITM attacks harder.
43. What is a common goal of performing an MITM attack on VoIP calls?
a) To reduce call latency
b) To eavesdrop on conversations and extract sensitive data
c) To increase network bandwidth
d) To improve voice quality
Answer: b) To eavesdrop on conversations and extract sensitive data
Explanation: MITM attacks on VoIP calls allow attackers to intercept, record, and manipulate conversations.
44. How does HTTP Public Key Pinning (HPKP) help prevent MITM attacks?
a) It allows browsers to remember the correct SSL/TLS certificates for a website
b) It blocks all HTTP connections
c) It encrypts web pages using JavaScript
d) It redirects users to a different network
Answer: a) It allows browsers to remember the correct SSL/TLS certificates for a website
Explanation: HPKP prevents attackers from using fraudulent certificates by instructing browsers to remember valid certificate fingerprints.
45. How does a MITM attack affect financial transactions?
a) It delays payments by encrypting transactions
b) It allows attackers to alter transaction details and redirect funds
c) It speeds up transaction processing
d) It prevents access to online banking
Answer: b) It allows attackers to alter transaction details and redirect funds
Explanation: Attackers can modify banking transactions to change recipient details, enabling fraud and unauthorized fund transfers.
46. What is a key limitation of a packet sniffing-based MITM attack?
a) It only works on unencrypted traffic
b) It requires physical access to the network switch
c) It disables network encryption
d) It relies on social engineering
Answer: a) It only works on unencrypted traffic
Explanation: Encrypted communication (e.g., HTTPS, TLS) prevents packet sniffers from reading sensitive data.
47. What is a common technique used in MITM attacks targeting mobile applications?
a) API interception via SSL/TLS certificate pinning bypass
b) Using a VPN to encrypt traffic
c) Forcing users to change their passwords
d) Disabling GPS tracking
Answer: a) API interception via SSL/TLS certificate pinning bypass
Explanation: Attackers use tools like Frida and Burp Suite to bypass SSL pinning and intercept mobile app communications.
48. What is the role of a transparent proxy in MITM attacks?
a) It allows attackers to intercept and modify requests without user awareness
b) It encrypts all network traffic
c) It prevents web scraping
d) It speeds up page loading times
Answer: a) It allows attackers to intercept and modify requests without user awareness
Explanation: Transparent proxies sit between users and websites, intercepting and modifying data in transit.
49. What is a key defense mechanism against Evil Twin MITM attacks?
a) Avoid connecting to open Wi-Fi and use VPNs
b) Use only public networks for sensitive transactions
c) Disable HTTPS on devices
d) Increase the Wi-Fi transmission power
Answer: a) Avoid connecting to open Wi-Fi and use VPNs
Explanation: Using a VPN encrypts traffic even when connected to a rogue access point, preventing attackers from reading sensitive data.
50. What is one of the best indicators of an MITM attack occurring in a corporate environment?
a) Frequent SSL certificate warnings
b) Faster network speeds than usual
c) Increased battery life on devices
d) Unusually large email attachments
Answer: a) Frequent SSL certificate warnings
Explanation: SSL certificate warnings indicate potential MITM attempts where an attacker is intercepting HTTPS connections using fake certificates.
51. What type of attack involves injecting malicious JavaScript into a webpage to steal information from a user?
a) SQL Injection
b) Cross-Site Scripting (XSS)
c) DNS Spoofing
d) ARP Spoofing
Answer: b) Cross-Site Scripting (XSS)
Explanation: XSS allows attackers to inject malicious JavaScript into a webpage, potentially stealing user data in an MITM-like scenario.
52. How does a VPN protect against MITM attacks?
a) By creating an encrypted tunnel for network traffic
b) By disabling firewalls
c) By forcing all connections to be HTTP
d) By making public Wi-Fi networks more secure
Answer: a) By creating an encrypted tunnel for network traffic
Explanation: VPNs encrypt all internet traffic, preventing attackers from reading intercepted data.
53. Which type of MITM attack can manipulate blockchain transactions?
a) 51% Attack
b) ARP Spoofing
c) SSL Stripping
d) Clickjacking
Answer: a) 51% Attack
Explanation: In a 51% Attack, an entity gains majority control over a blockchain network, potentially altering transactions.
54. What is the primary role of Transport Layer Security (TLS) in preventing MITM attacks?
a) Encrypting data between clients and servers
b) Redirecting all traffic through a proxy
c) Allowing unencrypted HTTP connections
d) Hiding DNS queries
Answer: a) Encrypting data between clients and servers
Explanation: TLS ensures data remains secure and unreadable during transmission.
55. Why is WPA3 more secure against MITM attacks compared to WPA2?
a) It uses Simultaneous Authentication of Equals (SAE) to prevent key reinstallation attacks
b) It disables encryption for better speed
c) It allows weak passwords
d) It replaces all passwords with static keys
Answer: a) It uses Simultaneous Authentication of Equals (SAE) to prevent key reinstallation attacks
Explanation: WPA3 improves security by preventing the KRACK attack that exploited WPA2.
56. What is a key drawback of public Wi-Fi networks concerning MITM attacks?
a) They allow anyone to intercept unencrypted traffic
b) They improve network security
c) They prevent phishing attacks
d) They enforce strong encryption by default
Answer: a) They allow anyone to intercept unencrypted traffic
Explanation: Public Wi-Fi is a common target for MITM attacks due to its lack of encryption.
57. How does an attacker use an SSL Certificate Forgery in an MITM attack?
a) By presenting a fraudulent SSL certificate to trick users into thinking they are on a secure site
b) By disabling TLS encryption on a website
c) By replacing all network traffic with encrypted messages
d) By hijacking the email server
Answer: a) By presenting a fraudulent SSL certificate to trick users into thinking they are on a secure site
Explanation: Attackers can use fake certificates to intercept HTTPS traffic without users noticing.
58. What does a MAC Flooding attack do in an MITM scenario?
a) Overwhelms a switch’s MAC table, forcing it into hub mode, allowing packet sniffing
b) Encrypts network traffic
c) Prevents ARP Spoofing
d) Forces TLS encryption on all devices
Answer: a) Overwhelms a switch’s MAC table, forcing it into hub mode, allowing packet sniffing
Explanation: MAC Flooding forces switches to broadcast all packets, making MITM attacks easier.
59. Which security measure helps protect against Rogue Access Point MITM attacks?
a) Wireless Intrusion Detection Systems (WIDS)
b) Using open Wi-Fi networks
c) Disabling firewalls
d) Using weaker encryption protocols
Answer: a) Wireless Intrusion Detection Systems (WIDS)
Explanation: WIDS detects unauthorized access points, helping prevent Evil Twin attacks.
60. How does a Network TAP (Test Access Point) facilitate MITM attacks?
a) By allowing passive interception of network traffic
b) By encrypting all network traffic
c) By preventing packet capture
d) By disabling security software
Answer: a) By allowing passive interception of network traffic
Explanation: Network TAPs capture all network packets for analysis, which attackers can exploit for MITM attacks.
61. What is a key reason for disabling outdated SSL/TLS protocols like TLS 1.0 and 1.1?
a) They have known vulnerabilities that allow MITM attacks
b) They increase encryption strength
c) They prevent DNS leaks
d) They are faster than newer protocols
Answer: a) They have known vulnerabilities that allow MITM attacks
Explanation: Older TLS versions have weaknesses that attackers can exploit to intercept encrypted traffic.
62. What is a common tool used for intercepting web traffic in MITM attacks?
a) Wireshark
b) Nessus
c) ClamAV
d) Fail2Ban
Answer: a) Wireshark
Explanation: Wireshark is widely used for network packet analysis, making it useful in MITM scenarios.
63. How does an attacker use an HTTP Parameter Pollution (HPP) attack in an MITM attack?
a) By injecting multiple parameters into a request to manipulate behavior
b) By disabling TLS encryption
c) By redirecting DNS queries
d) By poisoning ARP caches
Answer: a) By injecting multiple parameters into a request to manipulate behavior
Explanation: HPP manipulates HTTP request parameters, sometimes leading to unintended actions or security bypass.
64. What is a common method attackers use to bypass SSL/TLS security in MITM attacks?
a) Installing malicious root certificates on victims’ devices
b) Using DNS caching
c) Exploiting SQL Injection
d) Disabling VPN connections
Answer: a) Installing malicious root certificates on victims’ devices
Explanation: Attackers can install fake root certificates to intercept encrypted traffic.
65. What does the BEAST (Browser Exploit Against SSL/TLS) attack exploit?
a) A vulnerability in older SSL/TLS versions
b) DNS server misconfigurations
c) Unpatched web browsers
d) Encrypted email messages
Answer: a) A vulnerability in older SSL/TLS versions
Explanation: The BEAST attack exploits weaknesses in older SSL/TLS implementations to decrypt encrypted traffic.
66. How can a Web Application Firewall (WAF) help mitigate MITM-related risks?
a) By blocking malicious web traffic and known attack patterns
b) By enabling ARP Spoofing
c) By preventing VPN usage
d) By injecting malicious scripts
Answer: a) By blocking malicious web traffic and known attack patterns
Explanation: A WAF helps filter out malicious requests, reducing MITM exploitation risks.
67. What is a common use of Burp Suite in MITM attacks?
a) Intercepting and modifying web traffic between a browser and a server
b) Encrypting network communications
c) Preventing malware infections
d) Scanning for hardware vulnerabilities
Answer: a) Intercepting and modifying web traffic between a browser and a server
Explanation: Burp Suite is commonly used for web security testing and MITM traffic interception.
68. How does DNS-over-HTTPS (DoH) protect against MITM attacks?
a) By encrypting DNS queries to prevent interception and manipulation
b) By blocking access to insecure websites
c) By forcing all traffic through a VPN
d) By replacing DNS with ARP
Answer: a) By encrypting DNS queries to prevent interception and manipulation
Explanation: DoH ensures that DNS queries remain private and secure from MITM attacks.
69. What does a MITM attacker achieve by modifying JavaScript responses in transit?
a) Injecting malicious code into a website viewed by the victim
b) Disabling encryption for all users
c) Blocking all HTTP connections
d) Bypassing network firewalls
Answer: a) Injecting malicious code into a website viewed by the victim
Explanation: Modifying JavaScript in transit allows attackers to execute malicious code in the victim’s browser.
70. How does an attacker perform a forced downgrade attack in MITM?
a) By tricking the victim into using an older, insecure version of a protocol
b) By increasing encryption key strength
c) By using a VPN
d) By blocking firewall rules
Answer: a) By tricking the victim into using an older, insecure version of a protocol
Explanation: Forced downgrade attacks exploit weaker protocols to bypass encryption security.
71. What is the primary risk of using outdated browsers in relation to MITM attacks?
a) They lack patches for known vulnerabilities that attackers can exploit
b) They prevent MITM attacks by disabling JavaScript
c) They automatically redirect to secure websites
d) They force all traffic through a VPN
Answer: a) They lack patches for known vulnerabilities that attackers can exploit
Explanation: Outdated browsers may have security flaws that allow attackers to execute MITM attacks using known exploits.
72. Which type of MITM attack targets Bluetooth communications?
a) Bluebugging
b) ARP Spoofing
c) DNS Hijacking
d) SQL Injection
Answer: a) Bluebugging
Explanation: Bluebugging allows attackers to access Bluetooth-enabled devices remotely and intercept their communications.
73. What is a key reason why self-signed SSL certificates are risky?
a) They are not automatically trusted by web browsers, making MITM easier
b) They increase the speed of HTTPS connections
c) They provide stronger encryption than CA-signed certificates
d) They prevent certificate pinning attacks
Answer: a) They are not automatically trusted by web browsers, making MITM easier
Explanation: Self-signed certificates do not have a trusted authority verifying their authenticity, making them vulnerable to MITM attacks.
74. What kind of MITM attack takes advantage of weak Diffie-Hellman key exchange?
a) Logjam Attack
b) SSL Stripping
c) Evil Twin Attack
d) Clickjacking
Answer: a) Logjam Attack
Explanation: The Logjam Attack forces connections to use weaker encryption keys, making them easier to decrypt.
75. What is the role of an HSTS header in preventing MITM attacks?
a) It forces browsers to use HTTPS connections
b) It allows users to bypass SSL warnings
c) It disables encryption for faster browsing
d) It redirects all traffic through an HTTP proxy
Answer: a) It forces browsers to use HTTPS connections
Explanation: HTTP Strict Transport Security (HSTS) prevents SSL Stripping by ensuring connections remain encrypted.
76. What is a major security issue when using public DNS servers without encryption?
a) They can be manipulated in a MITM attack through DNS Spoofing
b) They prevent users from accessing secure websites
c) They block MITM attacks by default
d) They slow down internet connections
Answer: a) They can be manipulated in a MITM attack through DNS Spoofing
Explanation: Without encryption, attackers can hijack DNS queries and redirect users to malicious websites.
77. What type of attack allows an attacker to inject malicious content into a website before it reaches the user?
a) HTTP Response Splitting
b) VPN Bypass Attack
c) Key Reinstallation Attack
d) Database Injection
Answer: a) HTTP Response Splitting
Explanation: HTTP Response Splitting allows attackers to manipulate HTTP headers, potentially injecting malicious scripts or redirects.
78. How can users detect a MITM attack on a website they visit?
a) By checking for an SSL certificate warning or missing HTTPS in the address bar
b) By refreshing the page multiple times
c) By clearing browser cache and cookies
d) By using Incognito mode
Answer: a) By checking for an SSL certificate warning or missing HTTPS in the address bar
Explanation: MITM attacks often involve forged SSL certificates, leading to browser warnings.
79. What role does mutual authentication play in preventing MITM attacks?
a) It ensures that both parties in a connection verify each other’s identity
b) It disables encryption for faster browsing
c) It prevents all types of cyberattacks
d) It forces users to change passwords frequently
Answer: a) It ensures that both parties in a connection verify each other’s identity
Explanation: Mutual authentication prevents MITM attacks by requiring both the client and server to authenticate each other.
80. What is the primary goal of an SSL Strip attack?
a) To downgrade HTTPS connections to HTTP
b) To improve website loading times
c) To block access to secure websites
d) To encrypt insecure connections
Answer: a) To downgrade HTTPS connections to HTTP
Explanation: SSL Stripping forces users to communicate over unencrypted HTTP, making it easier for attackers to intercept data.
81. How does an attacker use an Evil Proxy in a MITM attack?
a) By acting as an intermediary between the user and a legitimate authentication service
b) By blocking all encrypted traffic
c) By creating multiple proxy servers for load balancing
d) By sending phishing emails
Answer: a) By acting as an intermediary between the user and a legitimate authentication service
Explanation: Evil Proxies allow attackers to intercept authentication requests and steal credentials.
82. What does a “Certificate Transparency Log” help with in MITM prevention?
a) It detects fraudulent SSL/TLS certificates issued for a domain
b) It disables HTTPS on websites
c) It forces users to accept all SSL certificates
d) It speeds up encrypted connections
Answer: a) It detects fraudulent SSL/TLS certificates issued for a domain
Explanation: Certificate Transparency Logs track issued certificates to prevent unauthorized or forged ones.
83. How does an attacker execute a man-in-the-browser attack?
a) By infecting a user’s browser with malware to intercept and manipulate transactions
b) By sending a phishing email
c) By hijacking an entire Wi-Fi network
d) By exploiting SQL Injection
Answer: a) By infecting a user’s browser with malware to intercept and manipulate transactions
Explanation: MITB attacks compromise a user’s browser to modify transactions before they reach the destination.
84. What is a primary limitation of MITM attacks?
a) They become ineffective if strong end-to-end encryption is used
b) They work on encrypted traffic only
c) They always require physical access to the victim’s device
d) They only work on mobile networks
Answer: a) They become ineffective if strong end-to-end encryption is used
Explanation: Proper encryption ensures that intercepted data remains unreadable to attackers.
85. How does the DROWN attack enable MITM interception?
a) By exploiting outdated SSLv2 protocols
b) By using social engineering
c) By hijacking DNS records
d) By injecting JavaScript into secure websites
Answer: a) By exploiting outdated SSLv2 protocols
Explanation: The DROWN attack exploits SSLv2 to break encryption and intercept communications.
86. What happens if an attacker successfully exploits an expired or misconfigured SSL certificate?
a) They can impersonate a legitimate website and intercept sensitive information
b) They can disable all HTTPS connections
c) They can force users to install malware
d) They can block users from accessing the website
Answer: a) They can impersonate a legitimate website and intercept sensitive information
Explanation: Expired or misconfigured SSL certificates make it easier for attackers to conduct MITM attacks.
87. What role does “Public Key Infrastructure (PKI)” play in preventing MITM attacks?
a) It manages encryption keys and digital certificates
b) It disables network encryption
c) It forces all connections through an attacker-controlled server
d) It prevents email spam
Answer: a) It manages encryption keys and digital certificates
Explanation: PKI ensures secure communication by managing trusted digital certificates.
88. Why is an attacker using a transparent proxy in an MITM attack difficult to detect?
a) Because it does not alter the appearance of web pages
b) Because it disables SSL warnings
c) Because it injects malware into the browser
d) Because it prevents certificate verification
Answer: a) Because it does not alter the appearance of web pages
Explanation: Transparent proxies operate without user awareness, making detection harder.
89. How can enforcing DNSSEC help prevent MITM attacks?
a) By ensuring DNS responses are digitally signed and verified
b) By disabling DNS resolution
c) By forcing websites to use HTTP instead of HTTPS
d) By encrypting all web traffic
Answer: a) By ensuring DNS responses are digitally signed and verified
Explanation: DNSSEC prevents DNS Spoofing by verifying that DNS records are authentic.
90. What happens when an attacker successfully injects a rogue CA certificate into a victim’s system?
a) They can intercept and decrypt encrypted communications
b) They can disable the victim’s internet connection
c) They can speed up web browsing
d) They can force users to use weak passwords
Answer: a) They can intercept and decrypt encrypted communications
Explanation: Rogue CA certificates allow attackers to decrypt and manipulate encrypted traffic.
91. What is the primary reason why HTTP is vulnerable to MITM attacks?
a) It transmits data in plaintext, making interception easy
b) It automatically encrypts all network traffic
c) It requires user authentication for every request
d) It prevents attackers from modifying data
Answer: a) It transmits data in plaintext, making interception easy
Explanation: HTTP does not encrypt data, allowing attackers to easily read and manipulate network traffic.
92. How does an attacker use an “on-path” attack in MITM scenarios?
a) By positioning themselves between two communicating parties to intercept and modify traffic
b) By sending mass phishing emails
c) By targeting web applications with SQL Injection
d) By encrypting all traffic on the victim’s device
Answer: a) By positioning themselves between two communicating parties to intercept and modify traffic
Explanation: On-path attacks occur when an attacker actively intercepts and manipulates communication between two parties.
93. Which of the following is a real-world MITM attack scenario?
a) Capturing unencrypted login credentials on an open Wi-Fi network
b) Using strong passwords for online accounts
c) Encrypting DNS queries with DNS-over-TLS
d) Blocking public Wi-Fi access
Answer: a) Capturing unencrypted login credentials on an open Wi-Fi network
Explanation: Attackers commonly use MITM techniques to intercept unencrypted credentials transmitted over open Wi-Fi.
94. What does a MITM attacker accomplish by performing a rogue DHCP attack?
a) Redirects network traffic by assigning malicious gateway settings to victims
b) Blocks all encrypted connections
c) Forces websites to use HTTPS
d) Prevents devices from connecting to a network
Answer: a) Redirects network traffic by assigning malicious gateway settings to victims
Explanation: Rogue DHCP servers can assign malicious DNS and gateway settings, allowing attackers to intercept traffic.
95. Which of the following can be an indication of an ongoing MITM attack?
a) Frequent SSL certificate warnings
b) Increased internet speed
c) A sudden improvement in network performance
d) Faster loading of encrypted web pages
Answer: a) Frequent SSL certificate warnings
Explanation: SSL warnings can indicate that an attacker is intercepting secure traffic with a fake certificate.
96. What is a key characteristic of an Evil Twin attack?
a) Attackers create a fake Wi-Fi hotspot with the same SSID as a legitimate one
b) Attackers brute-force Wi-Fi passwords
c) Attackers launch DDoS attacks on a wireless network
d) Attackers inject malware into a web browser
Answer: a) Attackers create a fake Wi-Fi hotspot with the same SSID as a legitimate one
Explanation: Evil Twin attacks trick users into connecting to a rogue Wi-Fi hotspot controlled by an attacker.
97. Why are public charging stations considered a potential MITM risk?
a) Attackers may install malicious hardware to intercept data transfers (Juice Jacking)
b) They block all encrypted communications
c) They disable VPN connections
d) They encrypt all mobile traffic
Answer: a) Attackers may install malicious hardware to intercept data transfers (Juice Jacking)
Explanation: Juice Jacking allows attackers to steal data from or inject malware into devices connected to compromised USB ports.
98. What is a major risk when using outdated TLS/SSL protocols in a MITM attack scenario?
a) Attackers can exploit known cryptographic weaknesses to decrypt intercepted traffic
b) The connection speed is increased
c) TLS automatically blocks MITM attacks
d) The network switches to a VPN
Answer: a) Attackers can exploit known cryptographic weaknesses to decrypt intercepted traffic
Explanation: Older TLS/SSL protocols have vulnerabilities (e.g., POODLE, BEAST) that attackers can exploit.
99. What is an attacker trying to accomplish with a packet injection MITM attack?
a) Modify or insert malicious packets into a data stream
b) Block all network traffic
c) Encrypt all communications
d) Prevent ARP Spoofing
Answer: a) Modify or insert malicious packets into a data stream
Explanation: Packet injection allows attackers to modify ongoing communications, potentially injecting malicious commands.
100. What is a common tool used by penetration testers to simulate MITM attacks?
a) Bettercap
b) ClamAV
c) Windows Defender
d) KeePass
Answer: a) Bettercap
Explanation: Bettercap is widely used for conducting MITM attacks and penetration testing.
101. What type of attack exploits a weakness in the WPA2 handshake process?
a) Key Reinstallation Attack (KRACK)
b) DNS Poisoning
c) SQL Injection
d) ARP Spoofing
Answer: a) Key Reinstallation Attack (KRACK)
Explanation: KRACK exploits vulnerabilities in WPA2, allowing attackers to intercept encrypted Wi-Fi traffic.
102. What is the primary purpose of Secure Shell (SSH) in preventing MITM attacks?
a) Encrypting command-line communications between clients and servers
b) Blocking network sniffing attempts
c) Forcing all traffic through a VPN
d) Disabling password authentication
Answer: a) Encrypting command-line communications between clients and servers
Explanation: SSH encrypts network traffic, preventing eavesdropping and MITM attacks.
103. How can a rogue proxy server be used in a MITM attack?
a) By intercepting and modifying HTTP and HTTPS requests
b) By blocking all web traffic
c) By forcing encryption on all network connections
d) By disabling JavaScript on web browsers
Answer: a) By intercepting and modifying HTTP and HTTPS requests
Explanation: Rogue proxies sit between users and web servers, allowing attackers to manipulate or log traffic.
104. What does an attacker accomplish in a session fixation attack?
a) Forces a user to use a predetermined session ID
b) Disables all active network connections
c) Encrypts all network traffic automatically
d) Redirects DNS queries
Answer: a) Forces a user to use a predetermined session ID
Explanation: In session fixation, an attacker forces a user to authenticate with a session ID they control.
105. Why are VoIP calls vulnerable to MITM attacks?
a) Many VoIP protocols lack strong encryption, allowing eavesdropping
b) VoIP services block all unencrypted calls
c) VoIP networks are protected by default against MITM
d) VoIP calls are always routed through secure VPN tunnels
Answer: a) Many VoIP protocols lack strong encryption, allowing eavesdropping
Explanation: VoIP calls using unencrypted protocols (e.g., SIP) can be intercepted by MITM attackers.
106. How does an attacker use rogue browser extensions in a MITM attack?
a) By intercepting and modifying web traffic at the browser level
b) By blocking all cookies
c) By disabling JavaScript execution
d) By forcing users to switch to HTTP
Answer: a) By intercepting and modifying web traffic at the browser level
Explanation: Malicious extensions can manipulate browser traffic, leading to MITM-like attacks.
107. What does SSL Pinning help prevent?
a) Prevents attackers from using fraudulent SSL certificates in MITM attacks
b) Blocks all encrypted communications
c) Speeds up web page loading times
d) Forces all traffic through a single gateway
Answer: a) Prevents attackers from using fraudulent SSL certificates in MITM attacks
Explanation: SSL Pinning ensures a specific SSL certificate is used, preventing attackers from presenting fake certificates.
108. How does multi-factor authentication (MFA) help prevent MITM attacks?
a) Even if attackers steal credentials, they cannot access accounts without the second authentication factor
b) It encrypts all user data
c) It blocks all phishing attempts
d) It speeds up authentication processes
Answer: a) Even if attackers steal credentials, they cannot access accounts without the second authentication factor
Explanation: MFA adds an extra security layer, making it harder for attackers to use stolen credentials.
109. What is a key weakness of using unencrypted FTP connections?
a) Credentials and data are transmitted in plaintext, making them easy to intercept
b) FTP automatically blocks MITM attacks
c) FTP connections always use TLS
d) FTP only works on local networks
Answer: a) Credentials and data are transmitted in plaintext, making them easy to intercept
Explanation: Unencrypted FTP allows MITM attackers to capture login credentials and transferred files.
110. How does a DNS Sinkhole help prevent MITM attacks?
a) By redirecting malicious domain requests to a safe server
b) By encrypting all DNS queries
c) By disabling all HTTP connections
d) By blocking access to all websites
Answer: a) By redirecting malicious domain requests to a safe server
Explanation: DNS Sinkholes prevent users from accessing malicious sites, reducing MITM attack risks.
111. What is a “Quantum Insert” attack in the context of MITM?
a) Injecting malicious packets into a TCP stream before a legitimate response arrives
b) Exploiting quantum computing for decryption
c) Using phishing emails to trick users
d) Injecting malware into a quantum computer
Answer: a) Injecting malicious packets into a TCP stream before a legitimate response arrives
Explanation: A Quantum Insert attack occurs when an attacker injects malicious content into a connection before the legitimate response from a server reaches the client.
112. How does a Rogue Base Station (IMSI Catcher) facilitate MITM attacks?
a) By intercepting and logging mobile phone communications
b) By encrypting mobile signals for security
c) By forcing mobile phones to use a VPN
d) By blocking all mobile data connections
Answer: a) By intercepting and logging mobile phone communications
Explanation: IMSI Catchers mimic legitimate cell towers to intercept mobile communications and track users.
113. Why is it dangerous to accept unverified root CA certificates?
a) Attackers can use them to intercept encrypted communications
b) They improve internet speed
c) They allow for secure data transmission
d) They prevent VPN usage
Answer: a) Attackers can use them to intercept encrypted communications
Explanation: Fraudulent CA certificates allow attackers to impersonate legitimate websites and intercept encrypted data.
114. What is the primary risk of using open proxies in an MITM attack scenario?
a) They can log and modify traffic passing through them
b) They prevent MITM attacks
c) They encrypt all user data
d) They automatically block unencrypted connections
Answer: a) They can log and modify traffic passing through them
Explanation: Open proxies can be controlled by attackers to log and modify traffic, enabling MITM attacks.
115. What is an SSID Spoofing Attack in MITM scenarios?
a) Creating a fake Wi-Fi network with the same SSID as a legitimate network
b) Modifying DNS responses
c) Encrypting all Wi-Fi traffic
d) Blocking VPN connections
Answer: a) Creating a fake Wi-Fi network with the same SSID as a legitimate network
Explanation: SSID Spoofing tricks users into connecting to an attacker-controlled Wi-Fi network.
116. How does Perfect Forward Secrecy (PFS) prevent MITM attacks?
a) By using unique session keys that cannot be used to decrypt past communications
b) By disabling encryption
c) By blocking all network traffic
d) By preventing web scraping
Answer: a) By using unique session keys that cannot be used to decrypt past communications
Explanation: PFS ensures that even if an encryption key is compromised, past communications remain secure.
117. Why is a DNS Cache Poisoning attack dangerous in a MITM scenario?
a) It redirects users to malicious websites controlled by attackers
b) It improves network speed
c) It prevents websites from being accessed
d) It forces all traffic through a VPN
Answer: a) It redirects users to malicious websites controlled by attackers
Explanation: DNS Cache Poisoning allows attackers to manipulate DNS records and redirect users to fake websites.
118. How does Certificate Transparency (CT) help mitigate MITM risks?
a) It detects fraudulent SSL certificates issued for a domain
b) It disables SSL/TLS encryption
c) It forces users to change their passwords regularly
d) It blocks all DNS requests
Answer: a) It detects fraudulent SSL certificates issued for a domain
Explanation: CT helps track issued certificates to detect unauthorized or forged ones.
119. How does an attacker use a BGP Hijack in a MITM attack?
a) By rerouting internet traffic through malicious networks
b) By injecting SQL commands into web applications
c) By exploiting weak passwords
d) By blocking access to encrypted websites
Answer: a) By rerouting internet traffic through malicious networks
Explanation: BGP Hijacking manipulates routing tables to redirect traffic through attacker-controlled systems.
120. How does a “Downgrade Attack” facilitate MITM interception?
a) It forces a secure connection to use weaker encryption
b) It improves TLS encryption strength
c) It prevents attackers from intercepting traffic
d) It speeds up secure communications
Answer: a) It forces a secure connection to use weaker encryption
Explanation: Downgrade attacks weaken encryption, making traffic easier to decrypt.
121. What is an “Adversary-in-the-Middle” (AiTM) attack?
a) A sophisticated MITM attack that bypasses multi-factor authentication (MFA)
b) A brute-force attack against encrypted data
c) A method of social engineering
d) A technique for preventing MITM attacks
Answer: a) A sophisticated MITM attack that bypasses multi-factor authentication (MFA)
Explanation: AiTM attacks intercept authentication sessions, even bypassing MFA mechanisms.
122. How does an attacker exploit the Null Cipher attack in MITM?
a) By forcing encryption to be disabled, allowing plaintext data transmission
b) By injecting malicious JavaScript
c) By forcing users to connect to a VPN
d) By encrypting all intercepted traffic
Answer: a) By forcing encryption to be disabled, allowing plaintext data transmission
Explanation: A Null Cipher attack tricks a system into sending unencrypted messages instead of secure ones.
123. How does “SSL Renegotiation” pose a risk in MITM attacks?
a) Attackers can manipulate renegotiation requests to inject malicious data
b) It forces strong encryption
c) It prevents MITM attacks
d) It disables JavaScript execution
Answer: a) Attackers can manipulate renegotiation requests to inject malicious data
Explanation: SSL Renegotiation vulnerabilities can allow attackers to inject malicious content into encrypted connections.
124. What is a major risk when using weak ciphers in SSL/TLS configurations?
a) Attackers can decrypt encrypted traffic more easily
b) They prevent MITM attacks
c) They improve connection speed
d) They disable encryption
Answer: a) Attackers can decrypt encrypted traffic more easily
Explanation: Weak ciphers can be broken using cryptographic attacks, enabling MITM interception.
125. What is a potential risk of using Tor in relation to MITM attacks?
a) Exit nodes can be controlled by attackers, enabling interception of traffic
b) Tor prevents all forms of MITM attacks
c) Tor always enforces HTTPS
d) Tor encrypts all DNS queries
Answer: a) Exit nodes can be controlled by attackers, enabling interception of traffic
Explanation: Malicious Tor exit nodes can intercept and modify unencrypted traffic.
126. Why should users avoid clicking on certificate warnings in browsers?
a) It may indicate an MITM attack using a fraudulent SSL certificate
b) It speeds up browsing
c) It prevents websites from tracking users
d) It enables JavaScript execution
Answer: a) It may indicate an MITM attack using a fraudulent SSL certificate
Explanation: Certificate warnings often signal that a website is using an untrusted or compromised SSL certificate.
127. How does a Layer 2 MITM attack differ from a Layer 3 MITM attack?
a) Layer 2 attacks target MAC addresses, while Layer 3 attacks manipulate IP routing
b) Layer 2 attacks always involve malware
c) Layer 3 attacks cannot intercept encrypted data
d) Layer 2 attacks disable TLS encryption
Answer: a) Layer 2 attacks target MAC addresses, while Layer 3 attacks manipulate IP routing
Explanation: Layer 2 attacks (e.g., ARP Spoofing) affect Ethernet traffic, while Layer 3 attacks manipulate IP routing.
128. What is a key weakness of using a shared VPN with unknown providers?
a) The VPN provider may log and intercept traffic, acting as an MITM
b) It prevents all MITM attacks
c) It forces strong encryption
d) It blocks phishing websites
Answer: a) The VPN provider may log and intercept traffic, acting as an MITM
Explanation: Untrustworthy VPN providers may monitor or modify user traffic.
129. How does Network Access Control (NAC) help prevent MITM attacks?
a) It enforces security policies on connected devices before granting access
b) It disables DNS queries
c) It speeds up internet connections
d) It prevents JavaScript execution
Answer: a) It enforces security policies on connected devices before granting access
Explanation: NAC ensures only trusted devices with proper security configurations can access a network.
130. What type of MITM attack can be performed using IPv6 Router Advertisement Spoofing?
a) Redirecting network traffic to an attacker-controlled gateway
b) Forcing devices to use stronger encryption
c) Blocking all HTTP connections
d) Preventing DNS resolution
Answer: a) Redirecting network traffic to an attacker-controlled gateway
Explanation: Rogue IPv6 Router Advertisements allow attackers to control network routing.
131. What is the primary risk of a WebSocket MITM attack?
a) Attackers can intercept real-time communications between a client and server
b) It prevents JavaScript execution
c) It forces all traffic to be encrypted
d) It blocks VPN connections
Answer: a) Attackers can intercept real-time communications between a client and server
Explanation: WebSockets are vulnerable if not properly secured, allowing attackers to intercept and manipulate real-time data.
132. How does Mutual TLS (mTLS) prevent MITM attacks?
a) Both the client and server authenticate each other before communication is established
b) It disables HTTPS connections
c) It blocks all DNS queries
d) It prevents users from visiting non-secure websites
Answer: a) Both the client and server authenticate each other before communication is established
Explanation: mTLS ensures that both parties in a connection verify each other’s identity, making MITM attacks harder.
133. What happens when an attacker performs a Session Replay attack?
a) Captured authentication tokens are replayed to impersonate a user
b) The attacker blocks all traffic
c) The attacker encrypts all communication
d) The attacker disables firewalls
Answer: a) Captured authentication tokens are replayed to impersonate a user
Explanation: Session Replay allows attackers to use stolen session tokens to gain unauthorized access.
134. What type of MITM attack is carried out when an attacker modifies banking transactions in transit?
a) Man-in-the-Browser (MITB) attack
b) SQL Injection attack
c) DNS Tunneling attack
d) Cross-Site Request Forgery (CSRF)
Answer: a) Man-in-the-Browser (MITB) attack
Explanation: MITB attacks use malware-infected browsers to intercept and manipulate online banking transactions.
135. Why is a Public Key Pinning attack dangerous in MITM scenarios?
a) Attackers can forge SSL/TLS certificates and intercept encrypted traffic
b) It speeds up website loading
c) It blocks MITM attacks by default
d) It forces HTTPS usage
Answer: a) Attackers can forge SSL/TLS certificates and intercept encrypted traffic
Explanation: Attackers can use fraudulent certificates to impersonate legitimate sites and intercept communications.
136. How does HSTS (HTTP Strict Transport Security) mitigate MITM attacks?
a) It forces all connections to use HTTPS and prevents SSL Stripping attacks
b) It disables JavaScript execution
c) It allows attackers to modify SSL certificates
d) It replaces TLS with weak encryption
Answer: a) It forces all connections to use HTTPS and prevents SSL Stripping attacks
Explanation: HSTS ensures that browsers always use secure HTTPS connections, protecting against downgrade attacks.
137. What is a key limitation of a Key Reinstallation Attack (KRACK) in MITM attacks?
a) It only works against WPA2 networks
b) It can be used on any network protocol
c) It forces users to use VPNs
d) It does not require proximity to the victim
Answer: a) It only works against WPA2 networks
Explanation: KRACK exploits vulnerabilities in WPA2 to decrypt and manipulate Wi-Fi traffic.
138. What is a main risk of using a self-signed SSL certificate?
a) It makes MITM attacks easier because browsers do not trust them by default
b) It speeds up web browsing
c) It prevents users from accessing phishing websites
d) It blocks all MITM attempts automatically
Answer: a) It makes MITM attacks easier because browsers do not trust them by default
Explanation: Attackers can use self-signed certificates to trick users into accepting untrusted connections.
139. Why is a DNS Tunnel useful for MITM attacks?
a) It can be used to bypass security measures and exfiltrate data
b) It blocks encrypted communications
c) It forces TLS encryption on all traffic
d) It prevents attackers from intercepting DNS queries
Answer: a) It can be used to bypass security measures and exfiltrate data
Explanation: DNS Tunneling hides malicious traffic inside DNS requests, helping attackers avoid detection.
140. What is the main purpose of a rogue Certificate Authority (CA) in a MITM attack?
a) To issue fraudulent SSL/TLS certificates and intercept encrypted traffic
b) To prevent MITM attacks
c) To increase the security of TLS connections
d) To disable JavaScript execution
Answer: a) To issue fraudulent SSL/TLS certificates and intercept encrypted traffic
Explanation: A rogue CA allows attackers to create fake certificates and intercept secure communications.
141. What does a malicious proxy server do in a MITM attack?
a) Intercepts and modifies web traffic before forwarding it to the destination
b) Blocks all HTTPS connections
c) Encrypts all user traffic
d) Forces users to use weak passwords
Answer: a) Intercepts and modifies web traffic before forwarding it to the destination
Explanation: Malicious proxies allow attackers to monitor, alter, and log network traffic.
142. Why is TLS 1.3 considered more secure against MITM attacks compared to previous versions?
a) It removes outdated cryptographic algorithms and prevents downgrade attacks
b) It blocks all network traffic by default
c) It replaces all encryption with hashing
d) It forces users to update their browsers
Answer: a) It removes outdated cryptographic algorithms and prevents downgrade attacks
Explanation: TLS 1.3 eliminates weak ciphers and handshake vulnerabilities, strengthening security against MITM attacks.
143. What makes an Evil Twin attack different from normal MITM attacks?
a) It creates a fake Wi-Fi network to trick users into connecting
b) It disables all encryption on the target network
c) It encrypts all traffic
d) It only works on cellular networks
Answer: a) It creates a fake Wi-Fi network to trick users into connecting
Explanation: Evil Twin attacks involve setting up a rogue access point to capture victim data.
144. What kind of MITM attack involves intercepting API requests and modifying them before reaching the server?
a) API Injection Attack
b) Cross-Site Scripting (XSS)
c) DNS Hijacking
d) SQL Injection
Answer: a) API Injection Attack
Explanation: Attackers can intercept and modify API requests to manipulate server responses.
145. How does MAC Address Filtering help reduce the risk of MITM attacks?
a) It restricts network access to specific, pre-approved MAC addresses
b) It encrypts all network traffic
c) It disables JavaScript execution in browsers
d) It prevents VPN usage
Answer: a) It restricts network access to specific, pre-approved MAC addresses
Explanation: MAC Address Filtering can limit unauthorized devices from connecting to a network.
146. How does a Browser Rootkit enable MITM attacks?
a) It modifies browser behavior to intercept and manipulate web traffic
b) It encrypts all traffic
c) It forces TLS 1.3 encryption
d) It prevents packet sniffing
Answer: a) It modifies browser behavior to intercept and manipulate web traffic
Explanation: Browser Rootkits can inject malicious scripts, capture keystrokes, and intercept encrypted communications.
147. What is the primary function of a Reverse Proxy in a MITM attack?
a) It intercepts client-server communication without user awareness
b) It prevents MITM attacks by blocking network access
c) It disables SSL encryption
d) It forces DNS resolution
Answer: a) It intercepts client-server communication without user awareness
Explanation: Reverse proxies can be used to log or modify traffic before forwarding it to the intended destination.
148. What does an attacker achieve with a GSM MITM attack?
a) Intercepts unencrypted mobile calls and SMS messages
b) Blocks all 4G and 5G traffic
c) Encrypts all VoIP calls
d) Prevents network connections
Answer: a) Intercepts unencrypted mobile calls and SMS messages
Explanation: GSM networks can be vulnerable to interception, allowing attackers to eavesdrop on calls and messages.
149. What is a major risk of using HTTP/2 without proper encryption?
a) It allows attackers to perform MITM attacks on data streams
b) It prevents users from accessing HTTPS sites
c) It disables firewalls
d) It forces all traffic through a VPN
Answer: a) It allows attackers to perform MITM attacks on data streams
Explanation: Without encryption, HTTP/2 traffic can be intercepted and manipulated.
150. What is a “Certificate Injection Attack” in MITM?
a) An attacker injects a fraudulent SSL certificate to intercept encrypted data
b) An attacker forces a user to use a VPN
c) An attacker disables HTTPS on a website
d) An attacker increases encryption strength
Answer: a) An attacker injects a fraudulent SSL certificate to intercept encrypted data
Explanation: Certificate Injection allows attackers to forge SSL certificates and intercept communications.
151. What is the main purpose of a “TLS Spoofing” attack in MITM scenarios?
a) To trick users into thinking they are communicating over a secure channel when they are not
b) To improve the performance of encrypted connections
c) To force clients to use stronger encryption
d) To block MITM attacks
Answer: a) To trick users into thinking they are communicating over a secure channel when they are not
Explanation: TLS Spoofing involves manipulating encryption handshakes to create the illusion of a secure connection while allowing attackers to intercept data.
152. Why is it dangerous to use untrusted public Wi-Fi networks for online banking?
a) Attackers can intercept sensitive data using MITM techniques
b) It slows down the network speed
c) Public Wi-Fi networks automatically block encrypted connections
d) Public Wi-Fi does not support HTTPS
Answer: a) Attackers can intercept sensitive data using MITM techniques
Explanation: Open Wi-Fi networks are vulnerable to MITM attacks, which can compromise banking credentials.
153. What is a primary goal of an HTTP Desynchronization Attack in MITM scenarios?
a) To exploit inconsistencies in HTTP request processing to inject malicious responses
b) To disable HTTPS connections
c) To prevent users from accessing websites
d) To improve encryption strength
Answer: a) To exploit inconsistencies in HTTP request processing to inject malicious responses
Explanation: HTTP Desynchronization manipulates request headers to trick web servers into processing incorrect data, enabling MITM attacks.
154. What is a key limitation of MITM attacks against VPNs using strong encryption?
a) Attackers cannot decrypt intercepted VPN traffic without access to encryption keys
b) VPN traffic is unencrypted by default
c) VPNs do not support encryption
d) VPNs automatically allow MITM attacks
Answer: a) Attackers cannot decrypt intercepted VPN traffic without access to encryption keys
Explanation: Strong VPN encryption prevents attackers from reading intercepted data.
155. How does a “Poisoned Certificate Chain” facilitate MITM attacks?
a) Attackers use compromised intermediate CAs to issue fraudulent certificates
b) It speeds up SSL/TLS handshakes
c) It blocks access to HTTPS sites
d) It forces browsers to ignore certificate warnings
Answer: a) Attackers use compromised intermediate CAs to issue fraudulent certificates
Explanation: Poisoned certificate chains involve issuing fraudulent certificates from a compromised certificate authority.
156. Why is “ARP Cache Poisoning” a common technique in LAN-based MITM attacks?
a) It allows an attacker to impersonate a legitimate device on the network
b) It forces all traffic to be encrypted
c) It blocks all communication
d) It speeds up internet connections
Answer: a) It allows an attacker to impersonate a legitimate device on the network
Explanation: ARP Cache Poisoning redirects network traffic through an attacker’s device, enabling MITM interception.
157. How can attackers manipulate a “Rogue Authentication Server” in a MITM attack?
a) By tricking users into connecting to a fake login portal that captures credentials
b) By forcing encryption on all login pages
c) By preventing users from logging into their accounts
d) By disabling SSL/TLS encryption
Answer: a) By tricking users into connecting to a fake login portal that captures credentials
Explanation: Rogue authentication servers impersonate legitimate ones to capture user credentials.
158. What type of MITM attack exploits flaws in browser encryption to steal cookies and session tokens?
a) BEAST Attack
b) SQL Injection Attack
c) DNS Cache Poisoning
d) XML External Entity (XXE) Attack
Answer: a) BEAST Attack
Explanation: The BEAST attack exploits vulnerabilities in TLS to decrypt encrypted session tokens and cookies.
159. What is the main advantage of using Encrypted SNI (ESNI) against MITM attacks?
a) It hides the hostname of a website during the TLS handshake, preventing attackers from seeing which site a user is visiting
b) It disables TLS encryption
c) It forces websites to use weak encryption
d) It speeds up HTTP connections
Answer: a) It hides the hostname of a website during the TLS handshake, preventing attackers from seeing which site a user is visiting
Explanation: ESNI prevents MITM attackers from identifying the destination website during the initial TLS handshake.
160. How can attackers abuse “MITM over RDP” to gain access to remote desktops?
a) By intercepting Remote Desktop Protocol (RDP) traffic and capturing login credentials
b) By blocking remote desktop sessions
c) By forcing encryption on all RDP connections
d) By modifying firewall rules
Answer: a) By intercepting Remote Desktop Protocol (RDP) traffic and capturing login credentials
Explanation: MITM over RDP allows attackers to capture or modify remote desktop sessions.
161. Why does using DNS-over-TLS (DoT) help mitigate MITM attacks?
a) It encrypts DNS queries, preventing attackers from intercepting and modifying them
b) It disables HTTP traffic
c) It speeds up web browsing
d) It forces users to use VPNs
Answer: a) It encrypts DNS queries, preventing attackers from intercepting and modifying them
Explanation: DoT encrypts DNS traffic, protecting it from MITM manipulation.
162. What is the primary goal of an attacker performing a “MITM in IoT Networks”?
a) To intercept and manipulate data transmitted between IoT devices and their cloud services
b) To disable all IoT devices
c) To encrypt all IoT communications
d) To improve network speed
Answer: a) To intercept and manipulate data transmitted between IoT devices and their cloud services
Explanation: IoT devices often have weak security, making them targets for MITM attacks.
163. What is a major weakness of WPA2 that allows MITM attacks to occur?
a) It is vulnerable to KRACK attacks, which exploit the handshake process
b) It automatically blocks MITM attacks
c) It does not allow encryption
d) It prevents packet sniffing
Answer: a) It is vulnerable to KRACK attacks, which exploit the handshake process
Explanation: KRACK attacks exploit WPA2’s handshake process to intercept encrypted data.
164. What is the purpose of “Network Segmentation” in preventing MITM attacks?
a) It isolates critical systems, preventing attackers from easily intercepting traffic
b) It disables encryption
c) It forces all traffic to use public Wi-Fi
d) It speeds up internet browsing
Answer: a) It isolates critical systems, preventing attackers from easily intercepting traffic
Explanation: Segmentation limits an attacker’s ability to move laterally within a network.
165. What is a key security risk when using outdated VPN protocols like PPTP?
a) They use weak encryption that can be easily broken in a MITM attack
b) They improve encryption security
c) They block all network traffic
d) They force all traffic through HTTP
Answer: a) They use weak encryption that can be easily broken in a MITM attack
Explanation: Outdated VPN protocols like PPTP have known vulnerabilities that attackers can exploit.
166. Why is “Zero Trust Architecture” effective in mitigating MITM attacks?
a) It requires continuous authentication, reducing the risk of intercepted credentials being reused
b) It disables TLS encryption
c) It forces all traffic through HTTP
d) It blocks all encrypted communications
Answer: a) It requires continuous authentication, reducing the risk of intercepted credentials being reused
Explanation: Zero Trust minimizes the effectiveness of MITM attacks by enforcing strict access controls.
167. How can attackers use a “Forced Proxy Attack” in a MITM scenario?
a) By forcing a victim’s browser to use a malicious proxy server
b) By encrypting all traffic
c) By disabling SSL encryption
d) By modifying DNS queries
Answer: a) By forcing a victim’s browser to use a malicious proxy server
Explanation: Forced Proxy Attacks redirect user traffic through an attacker’s proxy to intercept and modify data.
168. What is a key reason why older SSL/TLS protocols are deprecated?
a) They contain vulnerabilities that allow MITM decryption attacks
b) They improve encryption
c) They block all web traffic
d) They force users to update browsers
Answer: a) They contain vulnerabilities that allow MITM decryption attacks
Explanation: Older SSL/TLS versions have cryptographic flaws that attackers can exploit.
169. What is a key risk of using unencrypted SMTP for email?
a) Attackers can intercept and modify email content in transit
b) It improves email delivery speed
c) It automatically blocks phishing emails
d) It disables network encryption
Answer: a) Attackers can intercept and modify email content in transit
Explanation: Unencrypted email traffic is vulnerable to MITM attacks.
170. What is a primary goal of “MITM in Software Updates”?
a) To inject malicious updates by intercepting software downloads
b) To speed up update installation
c) To block software updates
d) To encrypt all traffic
Answer: a) To inject malicious updates by intercepting software downloads
Explanation: Attackers can modify software updates to inject malware via MITM attacks.
171. What is the primary risk of using outdated browser plugins in MITM attacks?
a) Attackers can exploit vulnerabilities to intercept and modify web traffic
b) They force users to connect to a VPN
c) They disable TLS encryption by default
d) They prevent JavaScript execution
Answer: a) Attackers can exploit vulnerabilities to intercept and modify web traffic
Explanation: Outdated browser plugins may have security flaws that allow MITM attackers to inject or intercept traffic.
172. How does a malicious “Transparent Proxy” facilitate MITM attacks?
a) By intercepting and modifying network traffic without user awareness
b) By encrypting all communications
c) By blocking all unencrypted traffic
d) By forcing users to change their passwords
Answer: a) By intercepting and modifying network traffic without user awareness
Explanation: Transparent proxies sit between the user and the internet, potentially logging and altering data in transit.
173. What is a key purpose of “Secure Cookie Flags” in preventing MITM attacks?
a) They ensure cookies are only sent over secure HTTPS connections
b) They disable cookie storage on browsers
c) They encrypt all network traffic
d) They block attackers from intercepting Wi-Fi connections
Answer: a) They ensure cookies are only sent over secure HTTPS connections
Explanation: Secure Cookie Flags prevent session hijacking by ensuring cookies are only transmitted over encrypted connections.
174. How does an attacker perform an “SSL Downgrade Attack” in a MITM scenario?
a) By forcing a client-server connection to use an older, weaker encryption protocol
b) By blocking all SSL certificates
c) By disabling all JavaScript execution
d) By encrypting all HTTP traffic
Answer: a) By forcing a client-server connection to use an older, weaker encryption protocol
Explanation: SSL Downgrade Attacks trick clients into using outdated encryption, making traffic easier to decrypt.
175. Why are free, public VPNs a potential risk for MITM attacks?
a) The VPN provider can monitor, log, and modify user traffic
b) They encrypt all data, making MITM impossible
c) They block all JavaScript execution
d) They disable network firewalls
Answer: a) The VPN provider can monitor, log, and modify user traffic
Explanation: Free VPNs often lack transparency and may engage in traffic interception or data logging.
176. What type of MITM attack involves injecting malicious JavaScript into an encrypted session?
a) JavaScript Injection via MITM
b) DNS Spoofing
c) Clickjacking
d) SQL Injection
Answer: a) JavaScript Injection via MITM
Explanation: Attackers inject JavaScript into intercepted traffic to steal user data or modify webpage behavior.
177. What is a “Man-in-the-Middle-as-a-Service” (MITMaaS)?
a) A cybercriminal service that provides MITM attack tools and infrastructure
b) A cloud-based security solution to prevent MITM attacks
c) A tool that encrypts MITM attacks
d) A service that blocks phishing websites
Answer: a) A cybercriminal service that provides MITM attack tools and infrastructure
Explanation: MITMaaS refers to underground cybercrime services that sell or rent MITM attack capabilities.
178. How does “Eavesdropping on VoIP Calls” occur in a MITM attack?
a) Attackers intercept and listen to unencrypted VoIP communications
b) Attackers block all VoIP traffic
c) Attackers force encryption on all VoIP calls
d) Attackers disable audio in VoIP calls
Answer: a) Attackers intercept and listen to unencrypted VoIP communications
Explanation: Unsecured VoIP calls can be intercepted by attackers using packet sniffing techniques.
179. What role does “Application Layer Encryption” play in preventing MITM attacks?
a) It encrypts data before transmission, making it unreadable to MITM attackers
b) It disables firewalls
c) It forces users to connect through a VPN
d) It prevents users from accessing public Wi-Fi
Answer: a) It encrypts data before transmission, making it unreadable to MITM attackers
Explanation: Application Layer Encryption protects sensitive data before transmission, reducing MITM risks.
180. How can attackers use an “Evil Twin Access Point” for credential theft?
a) By tricking users into entering their login credentials on a fake login page
b) By encrypting all traffic on the network
c) By disabling JavaScript execution
d) By preventing users from accessing HTTP websites
Answer: a) By tricking users into entering their login credentials on a fake login page
Explanation: Evil Twin attacks mimic legitimate Wi-Fi networks, leading users to phishing pages where credentials are stolen.
181. Why does forcing DNSSEC help prevent MITM attacks?
a) It ensures that DNS responses are authenticated and not modified by attackers
b) It disables all encryption
c) It blocks all JavaScript execution
d) It prevents users from using HTTPS
Answer: a) It ensures that DNS responses are authenticated and not modified by attackers
Explanation: DNSSEC digitally signs DNS responses, preventing spoofing and redirection attacks.
182. What is the purpose of “Extended Validation (EV) Certificates” in preventing MITM attacks?
a) They provide additional identity verification for websites, making it harder for attackers to impersonate them
b) They disable TLS encryption
c) They block all encrypted traffic
d) They prevent users from connecting to public Wi-Fi
Answer: a) They provide additional identity verification for websites, making it harder for attackers to impersonate them
Explanation: EV Certificates verify a website’s legitimacy, reducing the risk of MITM phishing attacks.
183. How does an attacker perform an “SSL Proxy Attack” in a MITM scenario?
a) By acting as an intermediary that decrypts and re-encrypts SSL/TLS traffic
b) By blocking SSL/TLS connections
c) By disabling encryption in browsers
d) By forcing all connections to use public Wi-Fi
Answer: a) By acting as an intermediary that decrypts and re-encrypts SSL/TLS traffic
Explanation: SSL Proxy Attacks allow attackers to intercept and manipulate encrypted communications.
184. Why is “Dynamic ARP Inspection (DAI)” useful in preventing MITM attacks?
a) It detects and blocks ARP Spoofing attempts on a network
b) It disables all ARP traffic
c) It blocks JavaScript execution in browsers
d) It forces all DNS requests through a VPN
Answer: a) It detects and blocks ARP Spoofing attempts on a network
Explanation: DAI helps prevent MITM attacks by monitoring and verifying ARP responses.
185. How does an “HTTP Host Header Attack” facilitate MITM?
a) Attackers manipulate the Host header to redirect traffic to a malicious server
b) Attackers encrypt all HTTP traffic
c) Attackers disable TLS encryption
d) Attackers force users to update their browsers
Answer: a) Attackers manipulate the Host header to redirect traffic to a malicious server
Explanation: Host Header Manipulation can trick web servers into responding to incorrect or malicious requests.
186. What is a key reason attackers target “IoT MITM Attacks”?
a) Many IoT devices lack strong encryption, making them easy to intercept
b) IoT devices automatically block MITM attacks
c) IoT devices force strong TLS encryption
d) IoT devices cannot connect to networks
Answer: a) Many IoT devices lack strong encryption, making them easy to intercept
Explanation: IoT devices often have weak security, making them prime targets for MITM attacks.
187. What is a “Wi-Fi Deauthentication Attack” used for in MITM scenarios?
a) To force users to disconnect and reconnect to a rogue access point
b) To encrypt all wireless traffic
c) To prevent users from accessing Wi-Fi networks
d) To block VPN connections
Answer: a) To force users to disconnect and reconnect to a rogue access point
Explanation: Wi-Fi Deauthentication Attacks disrupt legitimate connections, making users reconnect to malicious networks.
188. How does “SSL/TLS Certificate Pinning” protect against MITM?
a) It ensures that only a trusted certificate is accepted for a given domain
b) It blocks all encrypted communications
c) It prevents users from accessing HTTPS websites
d) It disables all DNS queries
Answer: a) It ensures that only a trusted certificate is accepted for a given domain
Explanation: Certificate Pinning prevents attackers from using fake certificates in MITM attacks.
191. What is a major security risk of using outdated TLS versions (e.g., TLS 1.0, TLS 1.1)?
a) Attackers can exploit known vulnerabilities to decrypt intercepted traffic
b) They improve encryption security
c) They prevent MITM attacks by default
d) They block all encrypted connections
Answer: a) Attackers can exploit known vulnerabilities to decrypt intercepted traffic
Explanation: Older TLS versions have weaknesses that attackers can exploit to intercept and decrypt communications.
192. How does a “SIP MITM Attack” affect VoIP communications?
a) It allows attackers to intercept and manipulate VoIP call data
b) It speeds up VoIP connections
c) It blocks all VoIP calls
d) It forces users to use strong passwords
Answer: a) It allows attackers to intercept and manipulate VoIP call data
Explanation: SIP-based MITM attacks allow eavesdropping, call redirection, and manipulation of VoIP traffic.
193. Why is an SSL Strip attack effective on public Wi-Fi networks?
a) Users are more likely to connect to unencrypted HTTP versions of websites
b) It disables all encryption on HTTPS websites
c) It forces users to enter their credentials twice
d) It blocks access to non-secure websites
Answer: a) Users are more likely to connect to unencrypted HTTP versions of websites
Explanation: SSL Strip attacks downgrade secure HTTPS connections to HTTP, making users more vulnerable to data interception.
194. What is a primary defense mechanism against DNS Spoofing in MITM attacks?
a) Implementing DNSSEC to verify DNS responses
b) Using HTTP instead of HTTPS
c) Clearing browser cache regularly
d) Disabling antivirus software
Answer: a) Implementing DNSSEC to verify DNS responses
Explanation: DNSSEC ensures that DNS responses are digitally signed and not altered by attackers.
195. How does a “Compression Side-Channel Attack” like CRIME or BREACH facilitate MITM?
a) It exploits compression vulnerabilities to extract encrypted information
b) It encrypts all traffic for security
c) It blocks all HTTP traffic
d) It speeds up network connections
Answer: a) It exploits compression vulnerabilities to extract encrypted information
Explanation: These attacks leverage data compression weaknesses to recover sensitive information from encrypted traffic.
196. How does “PKI (Public Key Infrastructure)” help prevent MITM attacks?
a) It ensures secure key exchange and certificate validation
b) It disables encryption on public networks
c) It forces websites to use HTTP
d) It speeds up SSL/TLS handshakes
Answer: a) It ensures secure key exchange and certificate validation
Explanation: PKI provides mechanisms for secure key management and certificate verification to prevent MITM attacks.
197. What is a key risk of using email services that do not support STARTTLS?
a) Emails can be intercepted and read in plaintext during transmission
b) It forces emails to use stronger encryption
c) It blocks phishing emails
d) It prevents users from sending emails
Answer: a) Emails can be intercepted and read in plaintext during transmission
Explanation: STARTTLS ensures that emails are encrypted in transit, preventing MITM interception.
198. Why is it important to verify SSH fingerprints when connecting to a remote server?
a) It ensures the SSH session is not being intercepted by an MITM attacker
b) It speeds up remote connections
c) It forces all traffic to be encrypted
d) It blocks unauthorized logins
Answer: a) It ensures the SSH session is not being intercepted by an MITM attacker
Explanation: Verifying SSH fingerprints prevents attackers from performing MITM attacks by impersonating trusted hosts.
199. What type of MITM attack targets TLS session resumption to hijack secure connections?
a) Session Hijacking via TLS Session Resumption
b) SQL Injection
c) DNS Spoofing
d) Buffer Overflow
Answer: a) Session Hijacking via TLS Session Resumption
Explanation: Attackers exploit session resumption mechanisms to hijack existing encrypted connections.
200. How does a “ClientHello MITM Attack” work against TLS?
a) It manipulates the ClientHello message to force a weaker cipher suite
b) It blocks all TLS connections
c) It encrypts all plaintext data
d) It forces the server to use HTTP instead of HTTPS
Answer: a) It manipulates the ClientHello message to force a weaker cipher suite
Explanation: By modifying the ClientHello message, attackers can downgrade security settings and enable weaker encryption.
201. Why are expired or revoked SSL/TLS certificates a security risk?
a) Attackers can use them to perform MITM attacks by impersonating trusted websites
b) They improve network security
c) They prevent users from accessing HTTPS sites
d) They automatically encrypt all data
Answer: a) Attackers can use them to perform MITM attacks by impersonating trusted websites
Explanation: Expired or revoked certificates can be exploited in MITM attacks by tricking users into accepting fake credentials.
202. How can a “Browser Extension MITM Attack” occur?
a) A malicious extension intercepts and modifies web requests
b) A browser extension blocks all encrypted connections
c) A browser extension disables JavaScript execution
d) A browser extension forces all traffic through a VPN
Answer: a) A malicious extension intercepts and modifies web requests
Explanation: Compromised browser extensions can alter web requests and steal sensitive data.
203. How does “HPKP (HTTP Public Key Pinning)” prevent MITM attacks?
a) It allows browsers to remember valid SSL/TLS certificates for a website, preventing certificate forgery
b) It disables TLS encryption
c) It blocks all HTTP connections
d) It forces websites to use self-signed certificates
Answer: a) It allows browsers to remember valid SSL/TLS certificates for a website, preventing certificate forgery
Explanation: HPKP ensures that a browser only trusts predefined certificates, blocking fake ones used in MITM attacks.
204. What is the risk of using “Weak Diffie-Hellman Keys” in TLS connections?
a) Attackers can break the encryption and intercept secure communications
b) It improves encryption speed
c) It forces all connections to use HTTPS
d) It disables all DNS requests
Answer: a) Attackers can break the encryption and intercept secure communications
Explanation: Weak Diffie-Hellman keys can be cracked, allowing attackers to decrypt MITM-intercepted traffic.
205. How does “Secure Boot” help protect against MITM attacks on devices?
a) It ensures that only trusted firmware and operating system components are loaded during startup
b) It disables encryption
c) It blocks all network traffic
d) It speeds up device startup
Answer: a) It ensures that only trusted firmware and operating system components are loaded during startup
Explanation: Secure Boot prevents unauthorized modifications to a device’s boot process, reducing the risk of MITM backdoors.