Which attack method intercepts traffic on a switched network?

1. A. denial of service
2. B. ARP cache poisoning
3. C. DHCP snooping
4. D. command and control

Correct Answer: B
An ARP-based MITM attack is achieved when an attacker poisons the ARP cache of two devices with the MAC address of the attacker's network interface card (NIC). Once the ARP caches have been successfully poisoned, each victim device sends all its packets to the attacker when communicating to the other device and puts the attacker in the middle of the communications path between the two victim devices. It allows an attacker to easily monitor all communication between victim devices. The intent is to intercept and view the information being passed between the two victim devices and potentially introduce sessions and traffic between the two victim devices

An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?

1. A. ransomware communicating after infection
2. B. users downloading copyrighted content
3. C. data exfiltration
4. D. user circumvention of the firewall

Correct Answer: D

Which event is user interaction?

1. A. gaining root access
2. B. executing remote code
3. C. reading and writing file permission
4. D. opening a malicious file

Correct Answer: D

Refer to the exhibit.

An engineer received a ticket about a slowed-down web application The engineer runs the #netstat -an command. How must the engineer interpret the results?

1. A. The web application is receiving a common, legitimate traffic
2. B. The engineer must gather more data.
3. C. The web application server is under a denial-of-service attack.
4. D. The server is under a man-in-the-middle attack between the web application and its database

Correct Answer: C

Refer to the exhibit.

Which type of attack is being executed?

1. A. SQL injection
2. B. cross-site scripting
3. C. cross-site request forgery
4. D. command injection

Correct Answer: A