A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest
users. Guests can obtain their portal password at the service desk. A security consultant alerts the

administrator that the captive portal is easily bypassed, as long as one other wireless guest user is
on the network. Which of the following attacks did the security consultant use?

A.
ARP poisoning

B.
DNS cache poisoning

C.
MAC spoofing

D.
Rouge DHCP server