CompTIA Security+ (SY0-601) — Question 459

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

Answer options

• A. Evil twin
• B. Jamming
• C. DNS poisoning
• D. Bluesnarfing
• E. DDoS

Correct answer: A

Explanation

The correct answer is 'Evil twin' because the presence of multiple WAPs with the same SSID and conflicting configurations suggests a malicious access point designed to impersonate a legitimate one. The other options do not fit the scenario; jamming refers to disrupting signals, DNS poisoning involves tampering with domain name resolution, Bluesnarfing is unauthorized access to Bluetooth devices, and DDoS is a denial of service attack which does not align with the described behavior.