Exam SY0-601 topic 1 question 342 discussion

A SSL/TLS downgrade refers to a situation where the secure HTTPS protocol is being downgraded to the insecure HTTP protocol. This can happen when an attacker is manipulating the network connection or performing a man-in-the-middle (MITM) attack. By intercepting the network traffic, the attacker can manipulate the communication between the attendee's device and the network, forcing the HTTPS requests to be redirected to insecure HTTP. This can result in delays in the connection and a loss of security as the data transmitted over HTTP is not encrypted and can be intercepted or modified by attackers.

this is an SSL downgrade attack.

A downgrade attack is a type of attack that forces a system to downgrade its security. The attacker then exploits the lesser security control. It is most often associated with cryptographic attacks due to weak implementations of cipher suites. An example is with Transport Layer Security (TLS) and Secure Sockets Layer (SSL). Imagine a server has both SSL and TLS installed. If a client is not able to use TLS, the server would downgrade its security and use SSL to accommodate the client.

"HTTPS site requests are reverting to HTTP" Obvious sentence Answer is D. A SSL/TLS downgrade

Secure Sockets Layer (SSL) Stripping [AKA SSL downgrade attack] - SSL stripping is a man-in-the-middle attack to get users to connect to an HTTP Web site when they mean to go to an HTTPS Web site. Discovered around 2010, an SSL stripping attack detects a legitimate HTTPS request from a client, strips away the HTTPS data, and redirects the user to a look-alike site, hoping the user will enter a user name and password. You can protect against SSL stripping by configuring a Web browser to treat any non-secure Web page as a security risk." -Mike Meyers' Security+ Certification Guide Third Edition Exam SY0-601

D In an HTTPS downgrade attack, visitors to your website may be forced to use HTTP connections instead of HTTPS. https://www.crowdstrike.com/cybersecurity-101/attack-types/downgrade-attacks/

People are not being re-directed to a new site entirely (rules out DNS Poisoning), but the same sight, only downgraded from HTTPS to HTTP. This is a downgrade! D.

http=plaintext so ssl/tls are only for https... correct me if I'm wrong

DNS hijacking can indeed be a cause of the issue described in the scenario where an attendee at a CISO convention experiences delays and a downgrade from HTTPS to HTTP. DNS hijacking is a type of attack where an attacker intercepts DNS queries and returns a false IP address, which can then redirect traffic to a malicious website or a website that is not the intended destination. This can result in delays and an insecure connection due to the downgrade from HTTPS to HTTP. Thank you for bringing this to my attention.

its a downgrade attack

The most likely cause of the issue described is a SSL/TLS downgrade.

Clear example of a downgrade attack. It forces a lower security protocol to be used.