Which risk is associated with using an unsecured wireless access point in a public setting during a penetration test?

When a wireless access point is unsecured in a public setting, data transmitted over the air is not protected by encryption, so anyone in range can passively listen to the traffic. This makes it easy for an attacker to eavesdrop on communications and potentially capture credentials, session tokens, or other sensitive information as users connect and send data. The risk isn’t eliminated by user authentication alone—open networks can still expose confidential data if it’s transmitted without protection or if applications don’t use encryption end-to-end. So the most accurate description is that it allows attackers to eavesdrop on traffic and possibly capture credentials. The other statements are incorrect because intercepting data is possible on an open network, attackers can connect to an unsecured network, and there isn’t any mechanism that automatically prevents all compromises.