1.4 Exercise 1: Wireless Threat Classification | AP Cybersecurity

AP Cyber Hub Unit 1 1.1 ▼ Lesson Ex 1 Ex 2 Lab Quiz 1.2 ▼ Lesson Ex 1 Ex 2 Lab Quiz 1.3 ▼ Lesson Ex 1 Ex 2 Lab Quiz 1.4 ▼ Lesson Ex 1 Ex 2 Lab Quiz 1.5 ▼ Lesson Ex 1 Ex 2 Lab Quiz

Unit 1 • Lesson 1.4 • Exercise 1

1.4 Exercise 1: Wireless Threat Classification

Classify attacks, identify adversaries, and match protections — guided with hints.

25 pts ~25 min 3 sections Hints available

Score 0 / 25

Key Terms for This Exercise

Evil Twin Attack

Jamming

War Driving

SSID / WAP

Low-Skilled Adversary

High-Skilled Adversary

Zero-Day Vulnerability

VPN

Section 1 of 3

Scenario Sort — Classify the Attack (10 pts, 2 pts each)

Predict the attack type before selecting. Use hints if needed — they cost no points.

Scenario 1

Jordan is at an airport gate and opens their laptop. A network named “AirportFreeWifi” appears with full signal strength. Jordan connects. The real airport network is named “Airport_WiFi_Official.” Twenty minutes later, Jordan’s banking session is hijacked. An adversary on a nearby laptop was running a rogue access point.

Key signal: rogue access point with a deceptively similar network name. The adversary created a fake WAP. Victims connect thinking it is legitimate. All traffic flows through the adversary’s device.

Scenario 2

During a high-stakes negotiation, all wireless devices in a conference room suddenly lose connectivity. Phones, laptops, and tablets cannot connect to any network. Wired computers in the same building are unaffected. After 45 minutes, connectivity is restored spontaneously. Security staff find no physical intruder and no network configuration change.

Key signal: all wireless affected, wired unaffected, no config change. Something is broadcasting interference on the radio frequency. No data is stolen — the goal is denial of service.

Scenario 3

A security researcher drives slowly through a residential neighborhood with a laptop running wireless scanning software. The software records every detected SSID, signal strength, GPS coordinates, and security protocol. The researcher uploads this data to a publicly accessible database to show how many home networks use outdated encryption.

Key signal: moving vehicle, scanning for networks, recording SSIDs and GPS. No one is connecting to the networks — this is passive reconnaissance, mapping the wireless landscape from a distance.

Scenario 4

A city transit system installs Wi-Fi on buses. Passengers report they cannot connect to “Transit_Guest” during morning rush hour, even though their devices show full signal bars. An engineer discovers a device hidden under a seat broadcasting meaningless signals on the same 2.4 GHz channel as the router, flooding it with noise.

Key signal: same channel, meaningless signals, full signal bars but cannot connect. Not a rogue network — no one is being tricked into a wrong connection. A device is causing interference. Goal is disruption, not data theft.

Scenario 5

A hotel guest opens their device’s Wi-Fi list and sees both “HiltonGuest” and “HiItonGuest” (capital I replacing lowercase l). The second network has a slightly stronger signal. The guest connects to the stronger signal and submits their credit card on the hotel’s booking portal. An adversary in Room 204 is operating the second network.

Key signal: deceptively similar SSID, rogue WAP, stronger signal as lure. Compare to Scenario 1 — same attack category, different venue. The one-character typo is intentional visual camouflage.

Section 2 of 3

Adversary Classification — Spot the Error (10 pts, 2.5 pts each)

Predict your answer before revealing options. Classification depends on tool origin and vulnerability type — not damage, target, or motivation.

Question 1 of 4

An adversary purchases a pre-built Wi-Fi pineapple device online, reads a 10-minute tutorial, and deploys it in a coffee shop to capture unencrypted HTTP traffic. The device exploits a known weakness in open networks. Which classification is MOST accurate?

✍ Predict First

AHigh-skilled, because the adversary successfully captured real user traffic and caused financial harm.

BHigh-skilled, because using specialized hardware like a Wi-Fi pineapple requires advanced technical knowledge to deploy.

CLow-skilled, because the adversary relied on a tool created by others and exploited a documented, known vulnerability in open networks.

DLow-skilled, because the adversary targeted a coffee shop rather than a high-value corporate network, indicating limited ambition.

Question 2 of 4

A nation-state hacker discovers a previously unknown vulnerability in widely deployed router firmware and writes a custom exploit from scratch that allows silent credential harvesting. No patch exists. Which classification applies?

✍ Predict First

ALow-skilled, because government-affiliated adversaries follow pre-written attack playbooks and do not develop original exploits.

BHigh-skilled, because the adversary created a new tool and discovered an undocumented (zero-day) vulnerability.

CHigh-skilled, because political motivation is associated with more sophisticated and well-resourced threat actors.

DLow-skilled, because router firmware vulnerabilities are commonly documented and the attack technique is well understood.

Question 3 of 4

A teacher tells students: “Low-skilled adversaries are not dangerous because they only run simple scripts and don’t understand what they are doing.” Which statement BEST identifies what is wrong with this claim?

✍ Predict First

AThe claim is correct — low-skilled adversaries are limited to basic scripts and rarely cause significant damage.

BThe claim is wrong — low-skilled adversaries deploy tools built by high-skilled adversaries, which can be highly sophisticated and cause serious damage even when the deployer does not understand how they work.

CThe claim is partially correct — low-skilled adversaries are only dangerous if they obtain leaked zero-day exploits from nation-state groups.

DThe claim is wrong only because low-skilled adversaries can improve their skills over time and eventually become high-skilled.

Question 4 of 4

A war driving adversary uses a free downloaded tool to scan for open Wi-Fi networks and publishes a map of unprotected home routers. The adversary has NOT connected to any network and has NOT exploited any vulnerability. Which statement is MOST accurate about this adversary’s skill level and the resulting risk?

✍ Predict First

ALow-skilled adversary; low risk because no data has been stolen and war driving alone does not compromise any device.

BLow-skilled adversary; elevated risk because the published map is reconnaissance data that enables follow-on attacks by this adversary or anyone else who accesses it.

CHigh-skilled adversary, because identifying unprotected networks and GPS coordinates requires technical knowledge of radio frequency scanning.

DHigh-skilled adversary; publishing the map constitutes a direct network attack and causes immediate harm to all listed networks.

Section 3 of 3

Match: Individual Protection to the Attack It Addresses (5 pts)

The CED identifies three individual protections against wireless attacks. For each protection, select the attack type it most directly addresses. 1 pt each.

Individual Protection

Primary Attack Addressed

Use a VPN on public Wi-Fi

Verify network name with staff before connecting

Avoid sensitive transactions on public Wi-Fi

Bonus (no points): Which attack type has NO individual CED protection?

No individual protection (CED)

AP Exam Tip: All three CED individual protections address the evil twin attack. VPN encrypts traffic even if you connect to a rogue AP. Verifying the SSID prevents connecting to the wrong network. Avoiding sensitive transactions limits damage if you do connect to a rogue network. Jamming has no individual CED protection — it is a physical-layer denial-of-service attack that an individual user cannot stop.

Extension Challenge: You are advising a corporate travel team that handles sensitive financial data and frequently uses hotel, airport, and conference Wi-Fi. Write a 3-rule wireless security policy. For each rule: name the attack it defends against, explain the mechanism of protection, and note the adversary skill level most likely to use that attack.

out of 25 points

← Back to Lesson Exercise 2 →

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Typically responds within 24 hours

✓

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

Name *

Email *

I am a... (optional)

Which course? (optional)

Phone (optional)

How did you find us? (optional)

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Message (optional — leave blank if just subscribing)

✉

tanner@apcsexamprep.com

📚

Courses

AP CSA, CSP, & Cybersecurity

⏱

Response Time

Within 24 hours

Prefer email? Reach me directly at tanner@apcsexamprep.com