During a wireless penetration test, you notice that a significant amount of data traffic is directed to a particular wireless access point. Upon further inspection, you discover that this access point is operating with a signal stronger than the company's legitimate access points and is not listed in the company's network documentation. What type of attack could be occurring and what would be your next step as a pentester to confirm the nature of this access point?
It suggests an 'Evil Twin' attack; capture the handshake and compare it to legitimate access points.
This could be a signal jamming attack; use a spectrum analyzer to identify interference.
It could be an AP misconfiguration; inspect IP address assignments within the network.
It might indicate a VLAN hopping attack; inspect the VLAN configurations on the switches.
An unusual high-power and undocumented wireless access point suggests the presence of an 'Evil Twin' access point, which is set up by an attacker to mimic a legitimate access point. To confirm this, capturing and analyzing the handshake to verify if it mimics the Service Set Identifier (SSID) of a legitimate access point is an appropriate step. The incorrect options indicate other types of attacks or methods that do not align with the clues given in the scenario (unusually strong signal and not listed in the company's documentation), or an unrelated action (inspect IP address assignments) that does not specifically help identify an 'Evil Twin' AP.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an 'Evil Twin' attack?
Open an interactive chat with Bash
What is a handshake in wireless networks?
Open an interactive chat with Bash
How do I capture the handshake during a wireless penetration test?