Exam SY0-601 topic 1 question 524 discussion

starting to notice every WAP question is evil twin.

In an Evil Twin attack, the attacker sets up a rogue wireless access point (WAP) with the same SSID as a legitimate WAP to mimic it and trick users into connecting to the rogue WAP. The rogue WAP is configured to perform various malicious activities, such as intercepting sensitive data, stealing credentials, and performing man-in-the-middle attacks. In this scenario, the large amount of sensitive data being downloaded from various mobile devices to an external site is likely being intercepted and exfiltrated by the attacker via the rogue WAP. The "impossible travel times" in successful login attempts indicate that the attacker is likely performing man-in-the-middle attacks, intercepting user login credentials, and using them to access the company's internal resources and download the sensitive data. The presence of two WAPs using the same SSID with non-standard DHCP configurations and overlapping channels suggests the existence of the rogue WAP, which is characteristic of an Evil Twin attack.

Comptia is in love with CASB, SIEM and Evil Twin.... :)

A. Evil twin

GPT: In this scenario, the presence of wireless access points (WAPs) using the same SSID as the legitimate network, but with non-standard DHCP configurations and overlapping channels, points to an "evil twin" attack. An evil twin attack involves setting up a rogue wireless access point that impersonates a legitimate one, in an attempt to trick users into connecting to it. Once users are connected to the evil twin, the attacker can monitor network traffic, capture sensitive data, and even launch further attacks. The "impossible travel times" could indicate that the users' connections are being redirected through the rogue access point, hence the seemingly improbable login times.