CompTIA PenTest+ (PT0-002) — Question 26
A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP. Which of the following attacks is the MOST effective to allow the penetration tester to capture a handshake?
Answer options
- A. Key reinstallation
- B. Deauthentication
- C. Evil twin
- D. Replay
Correct answer: B
Explanation
The deauthentication attack is the most effective method for capturing a handshake because it forces clients to disconnect and reconnect to the access point, thus generating a handshake that can be captured. Key reinstallation attacks exploit vulnerabilities in the handshake process but do not guarantee capture. An evil twin attack may deceive clients but does not ensure a handshake capture. Replay attacks are used to repeat captured packets but do not help in obtaining a new handshake.