1.4 Exercise 2: Wireless Security Advisor | AP Cybersecurity

Unit 1 • Lesson 1.4 • Exercise 2

1.4 Exercise 2: Wireless Security Advisor

Three locations. Three incidents. Diagnose what failed — prescribe the right fix.

25 pts ~30 min 3 clients No hints
Score0 / 25

You are a wireless security consultant. Three clients experienced incidents. For each: identify the attack, explain why the existing control failed, and prescribe the correct defense. Predict before revealing.

Client 1 of 3 — 8 pts
Oakwood Public Library
Oakwood Public Library
Free public Wi-Fi posted as “Oakwood_Library_WiFi.” Patrons include students, seniors, and job seekers submitting applications with personal data.
⚠ Incident

Over three weeks, six patrons reported that accounts accessed at the library were later compromised. A patron notices a second network, “Oakwood_Library_Wifi” (lowercase i), broadcasting a stronger signal near the entrance. Staff have no control panel access for this second network. Existing control: a handwritten sign at the circulation desk listing the correct Wi-Fi name.

C1-Q1 — Identify the attack type and explain the key signal. (2 pts)
✍ Predict First
AJamming. The second network is broadcasting interference that prevents patrons from connecting to the legitimate library network.
BEvil twin attack. The adversary set up a rogue WAP with a near-identical SSID and a boosted signal to attract patrons, intercepting their credentials.
CWar driving. An adversary mapped the library network, identified it as unprotected, and returned later to steal patron data remotely.
DEvil twin attack, but the adversary is high-skilled because creating a network name variation requires custom tool development.
C1-Q2 — Why did the handwritten sign fail as a control? (2 pts)
AHandwritten signs are not permitted as official security controls under library policy.
BThe sign was only at the circulation desk. Patrons near the entrance connected to the stronger-signal rogue network before ever reaching the desk or seeing the sign.
CThe sign listed the correct name but most devices auto-connect to the highest signal regardless of SSID, bypassing manual selection entirely.
DStaff failed to update the sign when the network name changed, causing patron confusion.
C1-Q3 — Which combination of controls BEST addresses the library’s vulnerability? (2 pts)
✍ Predict First
APost the correct SSID prominently at entry points AND advise patrons to verify the network name before connecting AND encourage VPN use for sensitive tasks.
BRequire all patrons to present a library card before receiving Wi-Fi access, ensuring only registered users can connect.
CChange the library Wi-Fi password monthly and post the new password at the circulation desk.
DUse MAC address filtering to block all unregistered devices from connecting to the library network.
C1-Q4 — A patron used a VPN the entire session. Their account was NOT compromised. Which explanation is BEST? (2 pts)
AThe VPN detected the rogue access point and automatically switched the device to the legitimate library network.
BThe VPN encrypted the patron’s traffic end-to-end so that even if they connected to the evil twin, the adversary captured only ciphertext with no usable credential data.
CVPNs prevent devices from connecting to any network that does not match a pre-approved list of trusted SSIDs.
DThe VPN blocked the rogue access point from broadcasting on the same channel as the library’s legitimate network.
Client 2 of 3 — 9 pts
Riverview Conference Center
Riverview Conference Center
Hosts 40+ events per month. Organizers rely on Wi-Fi for live presentations, digital ticketing, and A/V control systems.
⚠ Incident

During a 600-person investor summit, all wireless devices in the main hall lost connectivity for 35 minutes during the keynote. The presentation could not proceed. A/V systems failed. A competing firm’s event was scheduled one hour later in the same venue. Security staff found a device hidden behind a ceiling panel broadcasting on the same 5 GHz frequency as all conference access points. Existing control: WPA2 encryption on all conference networks.

C2-Q1 — Identify the attack type. Why does WPA2 encryption NOT address this attack? (3 pts)
✍ Predict First
AEvil twin attack. WPA2 does not prevent rogue access points from broadcasting — attackers can create WPA2-protected evil twins that still intercept credentials.
BJamming attack. WPA2 encrypts data content after a connection is established, but it does not protect the radio frequency channel from interference. RF flooding prevents the wireless handshake from forming in the first place.
CJamming attack. WPA2 was cracked by the adversary’s device, which used the decrypted key to flood the network with authentication requests.
DWar driving attack. The competitor collected WPA2 handshakes while driving past and later used them to disrupt the network remotely.
C2-Q2 — Given the timing (competitor event one hour later), which adversary classification and motivation is MOST consistent? (3 pts)
✍ Predict First
AHigh-skilled; motivation: recognition. The adversary developed a custom jamming device to demonstrate technical superiority over the venue’s security team.
BLow-skilled; motivation: competitive advantage (greed). The adversary used a commercially available jamming device to disrupt a competitor’s investor keynote, potentially devaluing the target company.
CHigh-skilled; motivation: revenge. Only a highly technical adversary could configure a device to target a specific 5 GHz channel in a multi-AP venue.
DCannot be determined — adversary skill requires knowledge of tool origin, which the incident report does not provide.
C2-Q3 — Which control would MOST directly prevent a future jamming attack at this venue? (3 pts)
AUpgrade to WPA3 encryption, which includes radio-frequency authentication that blocks jamming signals at the physical layer.
BConduct physical security sweeps of the venue before high-value events to locate and remove unauthorized transmitting devices, combined with RF spectrum monitoring to detect interference in real time.
CRequire all attendees to use a VPN, which encrypts traffic in a way that cannot be disrupted by RF interference.
DSwitch all systems to 6 GHz Wi-Fi, which is not susceptible to jamming because commercial jamming devices do not operate on that band.
Client 3 of 3 — 8 pts
Greenfield Residential HOA
Greenfield Residential HOA
240-home residential development. Several residents report their router names and open-network status appeared on a publicly accessible Wi-Fi mapping website they had never heard of.
⚠ Incident

23 of 240 homes have open (no password) Wi-Fi networks. 14 others use WEP encryption, documented as broken since 2001. Their exact addresses, router names, and encryption status now appear on WiGLE.net, a public war driving database. No home has been directly hacked yet. The HOA board asks whether to act now or wait for a confirmed attack.

C3-Q1 — Identify the attack type and classify the likely adversary. (2 pts)
AEvil twin attack; high-skilled adversary who built a custom mapping application to target residential neighborhoods.
BWar driving; low-skilled adversary using a publicly available scanning tool to collect and publish wireless reconnaissance data.
CJamming; the published data identifies which frequency channels to jam for maximum neighborhood disruption.
DWar driving; high-skilled adversary because identifying WEP encryption requires advanced knowledge of wireless security protocols.
C3-Q2 — The HOA board argues: “No home has been hacked yet, so this is not urgent.” Which response BEST refutes this? (3 pts)
✍ Predict First
AThe HOA board is correct — no action is warranted until a resident reports a confirmed intrusion.
BWar driving is the only threat; once reconnaissance data is published, no further attack is possible because the adversary has achieved their goal.
CThe reconnaissance phase is complete. The public database gives any adversary a ready-made target list of 37 vulnerable homes. War driving enables follow-on attacks — and “no confirmed attack” is not evidence that no attack has occurred or is planned, only that none has been detected.
DThe HOA should contact law enforcement immediately, as publishing home address data to a public database is a federal crime regardless of whether any network was accessed.
C3-Q3 — Which remediation should the HOA recommend to affected residents? (3 pts)
AContact WiGLE.net to remove their home from the database, which prevents adversaries from locating the vulnerable network.
BChange router names to generic names that do not identify the home address or family, making it harder for adversaries to associate the network with a specific residence.
CEnable WPA2 or WPA3 encryption with a strong passphrase on all home routers. Residents using open networks or WEP should treat this as urgent — WEP can be cracked in minutes with freely available tools.
DInstall a VPN on all home devices, which protects data even if the network remains open or uses WEP.
AP Exam Tip: The key concept tested across all three clients is layer matching. WPA2/WPA3 cannot stop jamming (encryption operates above the physical RF layer). SSID signs fail when placed after the decision point. VPNs protect data in transit but do not prevent network access or detect rogue APs. Match the defense layer to the attack layer — this is the core AP Cybersecurity skill for wireless topics.
Extension Challenge: A coffee shop installs a network analyzer that monitors for any device broadcasting an SSID similar to “CafeRoast_WiFi.” When detected, it alerts staff. (1) What attack does this control address? (2) What limitation does it have? (3) What individual protection should the shop still recommend to customers even with this technical control deployed?
0
out of 25 points
← Exercise 1 Quiz →

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

tanner@apcsexamprep.com

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at tanner@apcsexamprep.com