312-50V13 · Question #222
You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID "Brakeme-lnternal." You realize tha
The correct answer is A. Dragonblood. WPA3 Wireless Vulnerability Explanation Dragonblood (A) is the correct answer because it is a set of vulnerabilities specifically discovered in WPA3's Dragonfly handshake (SAE - Simultaneous Authentication of Equals), allowing attackers to perform side-channel attacks, denial-of-
Question
Options
- ADragonblood
- BCross-site request forgery
- CKey reinstallation attack
- DAP Myconfiguration
How the community answered
(18 responses)- A89% (16)
- B6% (1)
- D6% (1)
Explanation
WPA3 Wireless Vulnerability Explanation
Dragonblood (A) is the correct answer because it is a set of vulnerabilities specifically discovered in WPA3's Dragonfly handshake (SAE - Simultaneous Authentication of Equals), allowing attackers to perform side-channel attacks, denial-of-service, and downgrade attacks against WPA3-protected networks - making it the most promising exploit in this scenario.
Why the distractors are wrong:
- Cross-site request forgery (B) is a web application attack targeting authenticated browser sessions - it has no relevance to wireless encryption protocols
- Key reinstallation attack (C), known as KRACK, targets WPA2's four-way handshake, not WPA3, which was specifically designed to address KRACK's weaknesses
- AP Misconfiguration (D) is a general administrative issue, not a specific, targeted vulnerability against WPA3 encryption itself
Memory Tip: Think "Dragon" for WPA3 - WPA3 uses the Dragonfly handshake, and Dragonblood is the exploit that "bleeds" the dragon. Just as KRACK ≠ WPA3, remember: new protocol (WPA3) = new named vulnerability (Dragonblood).
Topics
Community Discussion
No community discussion yet for this question.