CompTIA PenTest+ (PT0-002) — Question 356

A penetration tester would like to conduct an on-path attack against a target system in a local network. Which of the following techniques should the tester use in order to make the tester appear to have an IP address of a trusted server?

Answer options

• A. ARP spoofing
• B. DNS spoofing
• C. MAC spoofing
• D. IP spoofing

Correct answer: A

Explanation

ARP spoofing is the correct technique because it allows the tester to send falsified ARP messages over the network, associating their MAC address with the IP address of a trusted server. DNS spoofing alters DNS records, which is not necessary for an on-path attack. MAC spoofing changes the hardware address, but does not affect IP visibility. IP spoofing can modify the source IP in packets, but it doesn't provide the same level of control over local network traffic as ARP spoofing does.