A security analyst reports a company policy violation in a c - CompTIA Security+ SY0-701
Question
A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?
Answers
-
correct
-
-
-
-
Explanation
Correct Answer: A. Evil twin
An evil twin attack involves a malicious wireless access point (WAP) that mimics the legitimate network’s SSID to trick users into connecting to it. In this scenario, the non-standard DHCP configurations and overlapping channels of the WAPs indicate they are rogue devices. The attackers are likely intercepting or redirecting traffic to their own network, enabling them to steal credentials and conduct unauthorized actions like data exfiltration. The "impossible travel times" suggest the attackers are using stolen credentials from these devices via their rogue WAP.
Explanations for Incorrect Options:
-
Jamming:
Jamming disrupts wireless communication by overwhelming the signal with noise or interference. While it could cause connectivity issues, it does not explain the successful logins, unauthorized downloads, or rogue WAPs seen in this case. -
DNS poisoning:
DNS poisoning redirects users to malicious websites by corrupting the DNS cache. While it could enable attackers to steal data or credentials, it does not involve rogue WAPs or mimic SSIDs as described here. -
Bluesnarfing:
Bluesnarfing is an attack on Bluetooth devices, where an attacker steals information via an unauthorized connection. This scenario involves Wi-Fi networks and WAPs, not Bluetooth, making this option irrelevant. -
DDoS:
A Distributed Denial of Service (DDoS) attack aims to overwhelm a system or network, causing disruption. It does not involve unauthorized downloads, rogue WAPs, or credential theft, making it unrelated to this scenario.
No Payment Cards Needed
