Pass Your DP-750 Exam Faster – U.S. Independence Day Sale – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CWNP CWSP-207 Exam - Topic 1 Question 38 Discussion

Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?
B) John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.
A) John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.
C) John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.
D) The bank's web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
E) Before connecting to the bank's website, John's association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank's web server and has decrypted John's login credentials in near real-time.

CWNP CWSP-207 Exam - Topic 1 Question 38 Discussion

Actual exam question for CWNP's CWSP-207 exam
Question #: 38
Topic #: 1
[All CWSP-207 Questions]

Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.

What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

0/2000 characters
Crista
2 days ago
Wow, I didn't know using public Wi-Fi could be so risky.
upvoted 0 times
...
Maddie
2 months ago
I disagree, E seems more plausible. That kind of attack is scary!
upvoted 0 times
...
Elliot
2 months ago
Sounds like B is the most likely scenario. Same password everywhere is a bad idea!
upvoted 0 times
...
Mignon
3 months ago
I’m a bit confused about the X.509 certificates; I thought they were supposed to protect data, but I’m not clear on how an untrusted certificate would affect the security.
upvoted 0 times
...
Florencia
3 months ago
I practiced a question similar to this, and I feel like option E could be the right answer since it mentions hijacking the connection, which sounds really dangerous.
upvoted 0 times
...
Tamesha
3 months ago
I think option B makes sense because using the same credentials for email and banking could lead to a breach, especially if the email wasn't encrypted.
upvoted 0 times
...
Nana
3 months ago
I remember studying about how unencrypted connections can expose sensitive information, but I'm not sure if it's related to the expired certificate scenario.
upvoted 0 times
...

Save Cancel