CompTIA Security+ (SY0-701) — Question 440

A malicious actor is trying to access sensitive financial information from a company's database by intercepting and reusing log-in credentials. Which of the following attacks is the malicious actor attempting?

Answer options

• A. SQL injection
• B. On-path
• C. Brute-force
• D. Password spraying

Correct answer: B

Explanation

The correct answer is B, as an On-path attack involves intercepting communications to capture credentials and other sensitive information. The other options, such as SQL injection, brute-force, and password spraying, refer to different methods of exploiting vulnerabilities or attempting to guess passwords, rather than intercepting existing credentials.