I'm still thinking about it. A hospital has the highest security for L1,2,7. Your best bet to hack into the network is to...and one of the choices was 'plug a rogue AP in a unused RJ'. Highest security would imply 802.1X/EAP, which would require mutual authentication btw user and AP??
I guess we are to assume the hospital isn't running any kind of security on their wired network. If that is the case plugging a rogue AP (which you have configured) in will give you wireless access.
another vague certification question...my take is that legit users would reject the rogue AP, but the hacker would be on a machine without 802.1X/EAP, so he just might get on to the intranet, but would still need a username/password. And any competent security admin would have switchport security, eg. mac address violations, on any port. He would have a better chance with stealing an authorized laptop
Some building perimiters are difficult to get past - locks, security, and live escorts, etc. Laptops end up travelling outside the company perimiter more often - airports, home, coffee shops, etc.
I would also agree that stealing an authorized laptop would be easier. A real industrial (or other) spy is not going to worry about breaking still another law.
Many times people don't even realize the laptop is missing until they go to use it, so over a long weekend there is lots of time available to poke around.