CompTIA CySA+ (CS0-003) — Question 6

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?

Answer options

• A. There is an issue with the SSL certificate causing port 443 to become unavailable for HTTPS access
• B. An on-path attack is being performed by someone with internal access that forces users into port 80
• C. The web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80
• D. An error was caused by BGP due to new rules applied over the company's internal routers

Correct answer: B

Explanation

The correct answer is B because an on-path attack can manipulate users' connections, forcing them to use HTTP instead of HTTPS. Options A and C are unlikely since they do not explain the inconsistent access experienced by users, and D is unrelated to the behavior described in the scenario.