Exam 312-49v10 topic 1 question 314 discussion

In CHFI training materials book definition claims that Rogue Access Point attack occurs when AP is created inside victims network while Client Miss Assotiation happens outisde of victims network. Thus B is correct as far as book definitions go.

B. Client Misassociation ▪ Client Misassociation A client misassociation attack begins when a client attaches to an access point that is not in their own network. Due to the manner in which wireless signals propagate through walls and other structures, a client system may detect an access point belonging to another network and attach to it, either accidently or intentionally. In either case, the client may attach to a network that is unsafe, perhaps while still being connected to a secure network. This last scenario can result in a malicious party gaining access into a protected network Official EC Council Curriculum Computer Hacking Forensic Investigator Exam 312-49 Network Forensics Module 08 Page 786

B: The AP allows connectivity to the Internet but is not actually on your corporate wired network. Using tools that are easily available on the Internet, another client connected to the same rogue AP attacks the misassociated client and steals valuable corporate data.

The answer is B. Client misassociation. Rogue access point cannot be correct, as a rogue access point by definition is ON the corporate network.

B. Client Misassociation just describes that the client will automatically connect to the device since it assumes that it is a previously trusted one, i.e. same SSID and maybe same MAC too. Rogue AP just means that the AP is malicious

None are 100% correct since this is an evil twin (or as CFHI training materials call it, a Honeypot Access point Attack). The question says which attack allows users to set up a rogue access point outside of the network so the answer can't be "rogue access point". The best answer, given our choices and in my opinion only, is mis-association because 1) it's outside the network 2) attackers are trying to lure people to connect so the SSID must be something that people have connected to before.

D is the correct answer

D. Rogue access points

I think option D is the right option. The context of the question goes moreover the mis association.