nerdexam
CompTIA

SY0-301 · Question #578

Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made,

The correct answer is D. An attacker has installed an access point nearby in an attempt to capture company information.. Employees are connecting to a rogue evil twin access point set up by an attacker that mimics the company network but lacks internal routing, explaining why no credentials are required and internal resources are unreachable.

Threats, vulnerabilities, and mitigations

Question

Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring?

Options

  • AA user has plugged in a personal access point at their desk to connect to the network wirelessly.
  • BThe company is currently experiencing an attack on their internal DNS servers.
  • CThe company's WEP encryption has been compromised and WPA2 needs to be implemented instead.
  • DAn attacker has installed an access point nearby in an attempt to capture company information.

How the community answered

(24 responses)
  • A
    4% (1)
  • B
    21% (5)
  • C
    8% (2)
  • D
    67% (16)

Why each option

Employees are connecting to a rogue evil twin access point set up by an attacker that mimics the company network but lacks internal routing, explaining why no credentials are required and internal resources are unreachable.

AA user has plugged in a personal access point at their desk to connect to the network wirelessly.

A personal access point plugged in by an employee might cause similar connectivity issues, but it would not deliberately suppress credential prompts and is less consistent with a systematic pattern affecting multiple employees.

BThe company is currently experiencing an attack on their internal DNS servers.

A DNS server attack would affect name resolution for already-connected users on the internal network - it would not cause the credential bypass or affect the wireless association process.

CThe company's WEP encryption has been compromised and WPA2 needs to be implemented instead.

Compromised WEP encryption would allow an attacker to decrypt traffic or join the network, but it would not result in a separate open AP that bypasses credential prompts entirely.

DAn attacker has installed an access point nearby in an attempt to capture company information.Correct

An evil twin attack involves an attacker deploying a rogue access point that broadcasts the same SSID as the legitimate corporate network. Devices connect automatically or users connect without suspicion. The attacker controls the AP and does not enforce domain credential authentication, and since the AP has no path to internal resources, connected users get no internal access - matching both symptoms described.

Concept tested: Evil twin rogue access point attack recognition

Source: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook/appendc.html

Topics

#evil twin#rogue access point#wireless attack#credential capture

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice