CompTIA Security+ (SY0-501) — Question 840
A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Choose two.)
Answer options
- A. Ping
- B. Ipconfig
- C. Tracert
- D. Netstat
- E. Dig
- F. Nslookup
Correct answer: B, C
Explanation
The correct tools to detect a potential MITM attack are Ipconfig and Tracert. Ipconfig can help verify the current gateway and its settings, while Tracert can show the path taken to reach a destination, revealing any unexpected hops that could indicate an attack. The other options, like Ping, Netstat, Dig, and Nslookup, do not provide the necessary information to effectively identify a MITM attack.