A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest users. Guests can obtain their portal password at the service
desk. A security consultant alerts the administrator that the captive portal is easily bypassed, as long as one other wireless guest user is on the network. Which of
the following attacks did the security consultant use?

A.
ARP poisoning

B.
DNS cache poisoning

C.
MAC spoofing

D.
Rouge DHCP server