What WLAN client device behavior is exploited by an attacker during a hijacking attack?
A.
After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake even if connectivity is lost.
B.
When the RF signal between a client and an access point is lost, the client will seek to reassociate with another access point with a different SSID and stronger high quality signal.
C.
Client drivers typically scan for a connect to access points in the 22.4GHz band before scanning the 5GHz band.
D.
When the RF signal between a client and in an access point is disrupted for more than a few seconds, the client device will repeatedly attempt the reestablish both layer 2 and layer 3 connections.
E.
As specified by 802.11 standard, clients using open system authentication must allow direct client-to-client connections, even in infrastructure mode
Explanation:
Authentication consists of two standard processes – open system authentication and shared key authentication. In the first method, management frames are transmitted unprotected, even if a user has enabled WEP. The second method uses a shared secret along with the standard challenge and response system.
http://www.spamlaws.com/client-to-client-attacks.html