SY0-301 · Question #578
Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made,
The correct answer is D. An attacker has installed an access point nearby in an attempt to capture company information.. Employees are connecting to a rogue evil twin access point set up by an attacker that mimics the company network but lacks internal routing, explaining why no credentials are required and internal resources are unreachable.
Question
Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring?
Options
- AA user has plugged in a personal access point at their desk to connect to the network wirelessly.
- BThe company is currently experiencing an attack on their internal DNS servers.
- CThe company's WEP encryption has been compromised and WPA2 needs to be implemented instead.
- DAn attacker has installed an access point nearby in an attempt to capture company information.
How the community answered
(24 responses)- A4% (1)
- B21% (5)
- C8% (2)
- D67% (16)
Why each option
Employees are connecting to a rogue evil twin access point set up by an attacker that mimics the company network but lacks internal routing, explaining why no credentials are required and internal resources are unreachable.
A personal access point plugged in by an employee might cause similar connectivity issues, but it would not deliberately suppress credential prompts and is less consistent with a systematic pattern affecting multiple employees.
A DNS server attack would affect name resolution for already-connected users on the internal network - it would not cause the credential bypass or affect the wireless association process.
Compromised WEP encryption would allow an attacker to decrypt traffic or join the network, but it would not result in a separate open AP that bypasses credential prompts entirely.
An evil twin attack involves an attacker deploying a rogue access point that broadcasts the same SSID as the legitimate corporate network. Devices connect automatically or users connect without suspicion. The attacker controls the AP and does not enforce domain credential authentication, and since the AP has no path to internal resources, connected users get no internal access - matching both symptoms described.
Concept tested: Evil twin rogue access point attack recognition
Source: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook/appendc.html
Topics
Community Discussion
No community discussion yet for this question.