312-50V13 Question #315: Real Exam Question with Answer & Explanation

Question

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

Options

• AChop chop attack
• BKRACK
• CEvil twin
• DWardriving

Explanation

KRACK (Key Reinstallation Attack) is correct because it precisely describes the attack where an adversary manipulates and replays cryptographic handshake messages (specifically the WPA2 four-way handshake) to force a victim to reinstall an already-in-use encryption key, resetting nonces and replay counters to their initial values - allowing the attacker to decrypt, replay, or forge packets.

Why the distractors are wrong:

• Chop Chop is a legacy WEP attack that exploits weaknesses to decrypt packets one byte at a time - it doesn't involve key reinstallation.
• Evil Twin is a rogue access point attack where an attacker mimics a legitimate Wi-Fi network to intercept traffic - no handshake manipulation or key reinstallation is involved.
• Wardriving is simply the practice of driving around to discover and map Wi-Fi networks - it's reconnaissance, not an active cryptographic attack.

Memory Tip: Think of KRACK as literally "cracking" a key by forcing it to be re-installed - the "K" stands for Key and the "R" stands for Reinstallation, making the acronym itself a built-in reminder of exactly what the attack does.

No community discussion yet for this question.