Ethical Hacking Essentials Practice Test

In which type of attack does an attacker create a soft access point to impersonate a legitimate AP?

• A. Client mis-association attack
• B. Unauthorized association
• C. WEP attack
• D. Jamming attack

The correct answer is: Unauthorized association

The scenario described involves an attacker setting up a soft access point to impersonate a legitimate access point (AP). This is characteristic of an unauthorized association attack, where the attacker seeks to trick clients into connecting to a fake AP that mimics a legitimate one. When clients connect to this rogue access point, the attacker can intercept communications, capture sensitive information, and potentially launch further attacks. By creating an unauthorized access point, the attacker effectively bypasses any security measures that might be in place on the legitimate AP, making it a particularly stealthy and effective method for gaining access to a network. This strategy exploits the trust users place in recognizable network environments, highlighting vulnerabilities in wireless network security practices. The other options do not align with the specifics of the attack described. Client mis-association attacks involve manipulation of client connections not through impersonation but through sending deauthentication frames. WEP attacks refer specifically to vulnerabilities in the Wired Equivalent Privacy protocol. Jamming attacks disrupt communications but do not involve impersonation. Thus, the focus on creating a false but convincing access point clarifies why unauthorized association is the correct classification of this technique.