Question 6 - GAQM CFA-001 Real Exam Questions [Feb 2026 Update]

Q: 6

Wireless access control attacks aim to penetrate a network by evading WLAN access control measures, such as AP MAC filters and Wi-Fi port access controls. Which of the following wireless access control attacks allows the attacker to set up a rogue access point outside the corporate perimeter, and then lure the employees of the organization to connect to it?

Options

Correct Answer:

Explanation

Client mis-association is an attack where an attacker sets up a malicious access point (AP), often referred to as an "evil twin," that appears to be a legitimate one. This is typically done by using the same SSID as the trusted corporate network. By broadcasting a stronger signal than the legitimate AP, the attacker's device can lure or trick client devices into automatically connecting (associating) with it. Once the client mis-associates with the malicious AP, the attacker can intercept traffic, steal credentials, or launch further attacks against the user's device.

Why Incorrect

A. War driving: This is the practice of searching for and mapping Wi-Fi networks from a moving vehicle; it is a reconnaissance technique, not an attack that lures users.

B. Rogue access points: While the attack uses a rogue access point, this term broadly refers to any unauthorized AP. "Client mis-association" specifically describes the attack of luring clients to connect to it.

C. MAC spoofing: This is a technique used to change a device's MAC address to impersonate a legitimate, authorized device, primarily to bypass MAC filtering controls, not to lure clients.

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs), February 2012.

Section 3.3.1, "Rogue APs", discusses "Evil Twin APs," which are the mechanism for this attack: "An evil twin AP is a rogue AP that is configured to impersonate a legitimate AP... The evil twin AP can then be used to eavesdrop on traffic from the clients that associate with it." This process of clients connecting to the evil twin is client mis-association.

2. Bellardo, J., & Savage, S. (2003). 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions. In Proceedings of the 12th USENIX Security Symposium.

Section 3.2, "AP and Client Mis-association", explicitly details this attack vector, describing how an attacker can force a client to deauthenticate from its legitimate AP and re-associate with an attacker-controlled AP.

3. Holt, A., & Huang, C. Y. (2010). 802.11 Wireless Networks: Security and Analysis. Springer.

Chapter 5, "Wireless Attacks and Threat Assessment", describes mis-association attacks where a client is tricked into associating with a malicious AP, often through an evil twin setup, allowing for man-in-the-middle attacks. (Specific reference in section on "Evil Twin Access Points").

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE