Lesson Test

Threat Landscape Overview : MITM

Validate your understanding with a focused test for this lesson.

5 questions from the MITM notes and lab (different set each time). Choose one answer per question, then submit.

1. In the MITM attack lifecycle, what step typically follows “Positioning” (e.g. ARP or DNS poisoning)?

Interception: capturing traffic with tools like Wireshark or tcpdump.Reporting the vulnerability to the vendor.Encrypting the victim’s traffic.Shutting down the network.

2. Why do modern browsers force or strongly encourage HTTPS?

To protect users from MITM and eavesdropping by encrypting traffic and verifying server identity.To make pages load slower.To block all HTTP sites.To capture more user data.

3. What is the main takeaway of the lab regarding HTTP vs HTTPS and MITM?

HTTP sends data in clear text that anyone on-path can read; HTTPS encrypts data so encryption prevents eavesdropping; MITM relies on weak or unencrypted channels.HTTP and HTTPS are equally secure.MITM only affects HTTPS.Encryption is unnecessary on trusted networks.

4. In a MITM threat model, what is the attacker’s typical goal?

Steal credentials, inject malware, redirect to a fake site, or downgrade security.Improve network speed for the victim.Encrypt the victim’s traffic.Block the victim’s access to the internet.

5. When you capture HTTPS traffic (port 443) in Wireshark and follow the TCP stream, what do you typically see?

Unreadable ciphertext (encrypted application data).Readable GET headers and passwords.Only the domain name in plaintext.The TLS private key.

Answer all 5 questions to submit.

Back to Course Open Notes