My Story Partners Podcasts Blog Resources Contact CISSP Training Program
Academy Login

Weekly CISSP Practice

Exam Questions

Week 37 - Question 2

Which of the following is NOT a form of Wireless Attack?

A. Rogue Access Point
B. War Driving
C. Packet Sniffing
D. IP Spoofing

Answer: D

Explanation:

A. Rogue Access Point

A Rogue AP is an unauthorized wireless access point connected to a secure corporate network without the knowledge of the IT department.  

  • The Mechanism: An employee might bring a cheap home router and plug it into a wall jack to get better Wi-Fi. This creates a "backdoor" into the network that bypasses the company's enterprise-grade security controls.  

  •  Evil Twin: A malicious version of this is the "Evil Twin," where an attacker sets up a Rogue AP with the exact same SSID as the legitimate network to steal user credentials.  

B. War Driving

War Driving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a laptop or smartphone.  

  • The Goal: To map out wireless networks, their signal strengths, and their security protocols (e.g., WEP, WPA2, WPA3).

  •  The Risk: Attackers use this to find "low-hanging fruit"—networks that are either unencrypted or use outdated security like WEP that can be cracked in seconds.  

C. Packet Sniffing (Wireless)

Wireless packet sniffing involves capturing data packets as they travel through the air.  

  • The Vulnerability: Unlike wired networks where you need physical access to a switch, wireless signals are broadcast in all directions.  Anyone within range with a wireless adapter in Monitor Mode can capture these packets.  

     

  • The Defense: This is why strong encryption (WPA3) is mandatory; even if an attacker sniffs the packets, they should not be able to read the contents.

D. IP Spoofing

This is the correct answer because it is a Network Layer (Layer 3) attack, not an 802.11-specific attack.

  • Why it's the Answer: IP Spoofing involves modifying the source IP address in an IP packet header to impersonate another system.  This can be done on a wired network, a wireless network, or across the internet. It does not target the wireless medium itself; it targets the way the Internet Protocol (IP) handles addressing. 

Podcasts

Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.

Listen Podcasts

CISSP Cyber Training Academy

Tired of not knowing how to study for the CISSP Exam? 

Check out the CISSP Cyber Training Academy to help you on your journey!

Learn about the Academy!

CISSP Cyber Training - YouTube

Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.   

Check out channel