Q: 10
A malicious user is attempting to connect to a blocked website by crafting a packet using a fake SNI
and the correct website in the HTTP host header.
Which option will prevent this form of attack?
Options
Discussion
Its D here. Only SSL Decryption set to block on SNI mismatch will actually stop the user when they try this packet trick. The others just won't catch it fully, I think.
Had something like this in a mock, definitely D. Only SSL Decryption with block-on-SNI-mismatch will shut down packets trying to fake SNI while sneaking the real site in the HTTP header. Others won't stop it, at least not fully. Agree?
D, not C . SNI mismatch block in SSL Decryption stops this technique, C is more about alerting than blocking.
Makes sense to me, it's D. SSL Decryption catches the SNI mismatch trick here.
A is wrong, D. Saw this on a recent practice set, SNI mismatch block under SSL Decryption matches the scenario.
D imo. The session gets blocked only if SSL Decryption flags the SNI mismatch with cert SAN/CN, not just URL filtering.
C or D? Both look close but D seems to match what I've seen in exam reports. Nice straightforward scenario.
Be respectful. No spam.
