CompTIA PenTest+ (PT0-001) — Question 78

A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal?

Answer options

• A. Perform an HTTP downgrade attack.
• B. Harvest the user credentials to decrypt traffic.
• C. Perform an MITM attack.
• D. Implement a CA attack by impersonating trusted CAs.

Correct answer: A

Explanation

The correct answer, A, is appropriate because an HTTP downgrade attack forces clients to use unencrypted HTTP instead of HTTPS, allowing easy capture of web traffic. Option B is incorrect as harvesting credentials does not directly allow capturing traffic. Option C, while relevant, does not specifically address the goal of capturing unencrypted web traffic as effectively as A. Option D is also off-target because impersonating CAs is more focused on SSL/TLS traffic rather than capturing unencrypted web traffic.