A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest users.
Guests can obtain their portal password at the service desk. A security consultant alerts the administrator
that the captive portal is easily bypassed, as long as one other wireless guest user is on the network.
Which of the following attacks did the security consultant use?

A.
ARP poisoning

B.
DNS cache poisoning

C.
MAC spoofing

D.
Rouge DHCP server