CWNP CWSP-207 Exam - Topic 1 Question 38 Discussion

Actual exam question for CWNP's CWSP-207 exam

Question #: 38
Topic #: 1

Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.

What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?

AJohn's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.

BJohn uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.

CJohn accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.

DThe bank's web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

EBefore connecting to the bank's website, John's association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank's web server and has decrypted John's login credentials in near real-time.

Show Suggested Answer

Suggested Answer: B

by Felicia at Apr 04, 2026, 08:55 AM

Limited Time Offer

25%

Off

Get Premium CWSP-207 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Nana

5 hours ago

I remember studying about how unencrypted connections can expose sensitive information, but I'm not sure if it's related to the expired certificate scenario.

upvoted 0 times

...