nerdexam
GIAC

GSEC · Question #139

GSEC Question #139: Real Exam Question with Answer & Explanation

The correct answer is D. Another access point is attempting to intercept the data.. A security or certificate warning on a wireless captive portal typically signals an evil twin rogue access point presenting an invalid certificate while attempting to intercept traffic.

Question

An employee attempting to use your wireless portal reports receiving the error shown below. Which scenario is occurring?

Exhibit

GSEC question #139 exhibit

Options

  • AA denial-of-service attack is preventing a response from the portal.
  • BAnother access point is deauthenticating legitimate clients.
  • CThe encrypted data is being intercepted and decrypted.
  • DAnother access point is attempting to intercept the data.

Explanation

A security or certificate warning on a wireless captive portal typically signals an evil twin rogue access point presenting an invalid certificate while attempting to intercept traffic.

Common mistakes.

  • A. A denial-of-service attack would block all responses entirely rather than allow a client to reach a portal and receive a specific error message.
  • B. A deauthentication attack forcibly disconnects clients from the network at the 802.11 layer and would not produce a portal-level error visible in a browser.
  • C. Passive interception and offline decryption of already-captured encrypted data occurs silently and does not cause the client to receive a real-time visible error during the connection attempt.

Concept tested. Evil twin rogue AP certificate warning identification

Reference. https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/wifi/wireless-security-scenarios

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice