CompTIA Security+ (SY0-601) — Question 849

A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

Answer options

• A. Man-in-the-middle
• B. Spear-phishing
• C. Evil twin
• D. DNS poisoning

Correct answer: D

Explanation

DNS poisoning is the most plausible attack here because it involves altering DNS records, which can change the IP address associated with a domain. The change lasting eight hours aligns with typical DNS cache expiration times, while the other options, such as Man-in-the-middle and Evil twin, do not specifically account for the alteration of DNS records.