CompTIA
PT0-001 · Question #137
PT0-001 Question #137: Real Exam Question with Answer & Explanation
The correct answer is B: Deauthentication attack. To capture a WPA2-PSK 4-way handshake, the tester must force a client to re-authenticate by sending deauthentication frames, which triggers a new handshake exchange.
Attacks and exploits
Question
A penetration tester is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network. The tester is monitoring the correct channel for the identified network, but has been unsuccessful in capturing a handshake. Given the scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?
Options
- AKarma attack
- BDeauthentication attack
- CFragmentation attack
- DSSDI broadcast flood
Explanation
To capture a WPA2-PSK 4-way handshake, the tester must force a client to re-authenticate by sending deauthentication frames, which triggers a new handshake exchange.
Common mistakes.
- A. A Karma attack responds to client probe requests by impersonating any requested SSID to lure clients to a rogue AP, which is an evil twin technique unrelated to capturing a legitimate WPA2 handshake.
- C. A fragmentation attack exploits weaknesses in the WEP protocol to reconstruct keystreams and is not applicable to WPA2-secured networks.
- D. An SSID broadcast flood is not a recognized standard attack technique for forcing handshake capture and would not cause a targeted client to re-authenticate to its legitimate AP.
Concept tested. Forcing WPA2 handshake capture via deauthentication
Reference. https://www.aircrack-ng.org/doku.php?id=deauthentication
Topics
#WPA2-PSK#wireless attacks#deauthentication attack#handshake capture
Community Discussion
No community discussion yet for this question.