What does a man-in-the-middle attack involve?

• A. An attacker floods a network with traffic
• B. An attacker intercepts and potentially alters the communication between two parties
• C. An attacker uses malware to exfiltrate data
• D. An attacker performs ARP spoof only on wireless networks

Answer: (B)

In a man-in-the-middle attack, the attacker positions themselves between two communicating parties so they can observe the traffic, and potentially modify or inject data as it passes, all while the endpoints believe they are talking directly to each other. This capture and possible alteration of messages is what defines MITM—the attacker is effectively in the middle of the conversation.

That’s why the best description is: intercepts and potentially alters the communication between two parties. The other ideas describe different security concerns: flooding a network with traffic is a denial-of-service scenario, not MITM; using malware to exfiltrate data focuses on stolen data from one host rather than in-transit interception; and ARP spoofing is a common technique to enable MITM, but it is not limited to wireless networks—the attack can occur on wired LANs as well, so claiming it’s only on wireless is inaccurate.