A user reports that a bank’s website no longer displays a padlock symbol. A security analyst views the user's screen and notices the connection is using HTTP instead of HTTPS. Which of the following attacks is most likely occurring?
SSL stripping is an attack that downgrades HTTPS connections to insecure HTTP connections. When an attacker is able to intercept network traffic between a client and server, they can remove the SSL/TLS encryption from the HTTPS connection and replace it with a plain HTTP connection, which does not provide any security for the user's sensitive data. This can be achieved through a number of techniques, such as man-in-the-middle (MITM) attacks or by using malicious software. When SSL stripping is successful, the padlock symbol indicating a secure HTTPS connection will not be displayed, as in the scenario described in the question.
- B
SSL stripping is a type of man-in-the-middle (MitM) attack where the attacker intercepts the communication between the client and the server, and downgrades the secure HTTPS connection to an insecure HTTP connection. The attacker then impersonates the server and continues the communication with the client over the unencrypted HTTP connection.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Gamsje
1 year, 9 months agoApplebeesWaiter1122
1 year, 11 months agoApplebeesWaiter1122
1 year, 11 months agomouettespaghetti
1 year, 12 months ago