CompTIA PenTest+ (PT0-001) — Question 68

A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:

IP: 192.168.1.20 -

NETMASK: 255.255.255.0 -

DEFAULT GATEWAY: 192.168.1.254 -

DHCP: 192.168.1.253 -
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?

Answer options

• A. arpspoof -c both -r -t 192.168.1.1 192.168.1.20
• B. arpspoof -t 192.168.1.20 192.168.1.254
• C. arpspoof -c both -t 192.168.1.20 192.168.1.253
• D. arpspoof -r -t 192.168.1.253 192.168.1.20

Correct answer: B

Explanation

The correct command is B because it targets the computer's IP address (192.168.1.20) and the default gateway (192.168.1.254), allowing the attacker to intercept traffic. Option A is incorrect as it targets an IP outside of the network. Options C and D are not suitable for a standard MITM against the default gateway, focusing instead on the DHCP server.