Which statement best describes the 'sniffing attack surface'?

• A. It is the defensive boundary of a firewall.
• B. It is the set of points where attackers can capture unencrypted data on the network.
• C. It is the physical security of a data center.
• D. It is the memory attack surface of a host.

Answer: (B)

Sniffing attack surface focuses on data in transit that an attacker can eavesdrop on across the network. It centers on how traffic is captured and read, especially when that traffic isn’t protected by encryption. If data traveling over a network is unencrypted, a packet sniffer or attacker on the path can read passwords, credentials, and other sensitive information as it traverses the wires or wireless medium. This is why the set of points where unencrypted data can be captured on the network best describes the sniffing attack surface: it directly maps to where data is exposed to interception.

Other options describe different concepts. The perimeter boundary of a firewall pertains to defensive borders rather than data in motion. Physical security of a data center covers tangible protections, not how data moves and can be intercepted. The memory attack surface relates to exploiting vulnerabilities inside a host’s memory, not network sniffing.