Question 187 of 520
Network SecurityhardMultiple ChoiceObjective-mapped

Quick Answer

The answer is a man-in-the-middle attack. This is correct because a man-in-the-middle attack definition centers on an adversary secretly intercepting and modifying communication between two parties who believe they are directly connected, exactly as described. The attacker places themselves in the logical or physical data path, often by exploiting weak authentication or encryption, to alter data in transit without either party’s knowledge. On the CompTIA Network+ N10-009 exam, this scenario tests your understanding of active interception threats, often appearing in questions about ARP spoofing, session hijacking, or rogue access points. A common trap is confusing this with a replay attack, but remember: MITM involves real-time modification, not just capture and retransmission. For a quick memory tip, think “MITM = Middle Intercepts, Tweaks Messages.”

N10-009 Network Security Practice Question

This N10-009 practice question tests your understanding of network security. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

An attacker intercepts communication between two parties and is able to modify the data in transit without either party's knowledge. Which type of attack is this?

Question 1hardmultiple choice
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Man-in-the-middle

A man-in-the-middle (MITM) attack occurs when an adversary secretly intercepts and potentially alters the communication between two parties who believe they are directly communicating with each other. The attacker can modify data in transit without either party's knowledge by placing themselves in the logical or physical path of the data flow, often by exploiting weaknesses in authentication or encryption. This matches the scenario described, where the attacker both intercepts and modifies the data.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Man-in-the-middle

    Why this is correct

    A man-in-the-middle attack precisely describes an attacker intercepting and modifying communications between two endpoints without their knowledge.

    Related concept

    Read the scenario before looking for a memorised answer.

  • ARP spoofing

    Why it's wrong here

    ARP spoofing is a technique often used to execute a man-in-the-middle attack, but it does not inherently involve modifying data; it only redirects traffic. The question describes the broader attack type.

  • DNS poisoning

    Why it's wrong here

    DNS poisoning corrupts DNS caches to redirect traffic to malicious sites, but it does not directly allow the attacker to modify the intercepted data.

  • Replay attack

    Why it's wrong here

    A replay attack captures legitimate data and retransmits it later; it does not involve real-time interception or modification.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Cisco often tests the distinction between the attack type (MITM) and the technique used to achieve it (ARP spoofing, DNS poisoning), so candidates mistakenly select the technique rather than the overarching attack described in the scenario.

Detailed technical explanation

How to think about this question

In a classic MITM attack, the attacker often uses ARP spoofing to intercept traffic on a switched Ethernet network, then forwards packets after modification. For encrypted sessions, the attacker may perform SSL stripping or present a forged certificate to decrypt and re-encrypt traffic, as seen in tools like ettercap or bettercap. The attack exploits the lack of mutual authentication or integrity checks at the transport layer, which is why protocols like TLS with certificate pinning or SSH with host key verification are critical defenses.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A small business has 20 workstations on the 192.168.1.0/24 network and one public IP from its ISP. The router uses PAT (NAT overload) so all 20 devices share one public address using different source ports. NAT questions test whether you understand the four address terms and which direction each translation applies.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related N10-009 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free N10-009 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this N10-009 question test?

Network Security — This question tests Network Security — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Man-in-the-middle — A man-in-the-middle (MITM) attack occurs when an adversary secretly intercepts and potentially alters the communication between two parties who believe they are directly communicating with each other. The attacker can modify data in transit without either party's knowledge by placing themselves in the logical or physical path of the data flow, often by exploiting weaknesses in authentication or encryption. This matches the scenario described, where the attacker both intercepts and modifies the data.

What should I do if I get this N10-009 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This N10-009 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the N10-009 exam.