CompTIA CySA+ (CS0-001) — Question 217

A security analyst is performing a stealth black-box audit of the local WiFi network and is running a wireless sniffer to capture local WiFi network traffic from a specific wireless access point. The SSID is not appearing in the sniffing logs of the local wireless network traffic. Which of the following is the best action that should be performed NEXT to determine the SSID?

Answer options

• A. Set up a fake wireless access point
• B. Power down the wireless access point
• C. Deauthorize users of that access point
• D. Spoof the MAC addresses of adjacent access points

Correct answer: A

Explanation

Creating a deceptive wireless access point (option A) can lure devices to connect to it, allowing the analyst to capture the SSID. Turning off the access point (option B) would not provide any information about the SSID. Deauthorizing users (option C) might disturb the network but does not help identify the SSID. Spoofing MAC addresses (option D) is also not directly related to discovering the SSID.