Which statement best defines an IP address spoofing attack?

• A. When a threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet.
• B. When traffic is encrypted with a strong cipher.
• C. When a packet is dropped due to a firewall rule.
• D. When a user logs in with multi-factor authentication.

Answer: (A)

IP address spoofing is forging the source address in a network packet so it looks like it came from a trusted host. The statement describes constructing a packet that appears to originate from a valid address inside the corporate intranet, which is exactly the deceptive act of spoofing the source IP to impersonate a trusted internal system. This technique is used to bypass trust based on source addresses and can enable attacks like unauthorized access, data leakage, or man-in-the-middle scenarios. Other options don’t involve impersonating another device: encryption protects content, a firewall dropping a packet is just filtering, and multi-factor authentication is about proving identity during login.