CompTIA Security Plus Mock Test Q553

Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring?

A. A user has plugged in a personal access point at their desk to connect to the network wirelessly.
B. The company is currently experiencing an attack on their internal DNS servers.
C. The company’s WEP encryption has been compromised and WPA2 needs to be implemented instead.
D. An attacker has installed an access point nearby in an attempt to capture company information.

Correct Answer: D
Section: Threats and Vulnerabilities

Explanation:
The question implies that users should be required to enter their domain credentials upon connection to the wireless network. The fact that they are connecting to a wireless network without being prompted for their domain credentials and they are unable to access network resources suggests they are connecting to a rogue wireless network.
A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network.
To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.

Incorrect Answers:
A: A personal access point would not have the same SSID as the corporate wireless network. Therefore, other network computers would not attempt to connect to the personal access point.
B: This is not a DNS issue. The users are able to connect to the rogue access point without entering their domain credentials. If the DNS system was compromised, the users would not be able to connect to the wireless network.
C: WEP encryption is considered to be very weak in terms of security and WPA2 is recommended. However, compromised WEP encryption would not cause the symptoms described in this question.

References:
http://en.wikipedia.org/wiki/Rogue_access_point