Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer...

In this scenario, although the bank’s website uses HTTPS (which encrypts communications between John’s browser and the bank’s server), the compromise did not occur during the banking session itself. Instead, the attacker exploited a common security mistake: credential reuse.

John reused his email credentials for his bank login, and he accessed his email using a POP3 client without encryption at a public hotspot. This means his username and password were sent in cleartext, which is trivially easy to sniff on an open wireless network. Once an attacker obtained those credentials, they could use them to log into his bank account if the same credentials were used there.

Here's how this aligns with CWSP knowledge domains:

CWSP Security Threats & Attacks: This is a classic example of credential harvesting via cleartext protocols (POP3), and password reuse, both of which are significant risks in WLAN environments.

CWSP Secure Network Design: Recommends use of encrypted protocols (e.g., POP3S or IMAPS) and user education against password reuse.

CWSP WLAN Security Fundamentals: Emphasizes that open Wi-Fi networks offer no encryption by default, leaving unprotected protocols vulnerable to sniffing and interception.

Other answer options and why they are incorrect:

A & D are invalid because an expired or unsigned certificate may cause browser warnings but won’t result in sending credentials unencrypted unless the user bypasses HTTPS (which wasn’t stated).

C is incorrect: IPSec VPNs encrypt all data between the client and VPN endpoint—including credentials.

E is technically incorrect and misleading: intercepting the public key of an HTTPS session doesn't allow decryption of the credentials due to asymmetric encryption and session key security. Real-time decryption of HTTPS traffic without endpoint compromise is not feasible.