CISA Certified Information Systems Auditor – Question1591

Which of the following attacks targets the Secure Sockets Layer (SSL)?

A.
Man-in-the middle
B. Dictionary
C. Password sniffing
D. Phishing

Correct Answer: A

Explanation:

Explanation:
Attackers can establish a fake Secure Sockets Layer (SSL) server to accept user’s SSL traffic and then route to the real SSL server, so that sensitive information can be discovered. A dictionary attack that has been launched to discover passwords would not attack SSL since SSL does not rely on passwords. SSL traffic is encrypted; thus it is not possible to sniff the password. A phishing attack targets a user and not SSL Phishing attacks attempt to have the user surrender private information by falsely claiming to be a trusted person or enterprise.