A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following: The legitimate website's IP address is 10.1.1.20 and eRecruit.local resolves to this IP. The forged website's IP address appears to be 10.2.12.99, based on NetFlow records. All three of the organization's DNS servers show the website correctly resolves to the legitimate IP. DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise. Which of the following MOST likely occurred?
A) A reverse proxy was used to redirect network traffic.
B) An SSL strip MITM attack was performed.
C) An attacker temporarily poisoned a name server.
D) An ARP poisoning attack was successfully executed.

Question

Quizplus · Accepted Answer

The Answer of A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following: The legitimate website's IP address is 10.1.1.20 and eRecruit.local resolves to this IP. The forged website's IP address appears to be 10.2.12.99, based on NetFlow records. All three of the organization's DNS servers show the website correctly resolves to the legitimate IP. DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise. Which of the following MOST likely occurred?
A) A reverse proxy was used to redirect network traffic.
B) An SSL strip MITM attack was performed.
C) An attacker temporarily poisoned a name server.
D) An ARP poisoning attack was successfully executed.

A User Recently Entered a Username and Password into a Recruiting