A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest users.
Guests can obtain their portal password at the service desk. A security consultant alerts the administrator that
the captive portal is easily bypassed, as long as one other wireless guest user is on the network. Which of the
following attacks did the security consultant use?

A.
ARP poisoning

B.
DNS cache poisoning

C.
MAC spoofing

D.
Rouge DHCP server