13. Mobile and wireless security Flashcards

1
Q

What are the objectives covered in Chapter 13?

A

Domain 2.0: Threats, Vulnerabilities, and Mitigations; Domain 3.0: Security Architecture; Domain 4.0: Security Operations

Includes specific objectives like explaining vulnerabilities and comparing security strategies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What types of vulnerabilities are discussed in this chapter?

A

Mobile device vulnerabilities: Side loading, Jailbreaking

These vulnerabilities can compromise the security of mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some general data considerations mentioned?

A

Geolocation

Geolocation can impact data security and privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does hardening targets involve?

A

Hardening targets: Mobile devices, Workstations, Switches, Routers, Cloud infrastructure, Servers, ICS/SCADA, Embedded systems, RTOS, IoT devices

Hardening is essential for protecting various types of computing resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the key mobile solutions discussed?

A

Mobile device management (MDM); Deployment models: Bring your own device (BYOD), Corporate-owned, personally enabled (COPE), Choose your own device (CYOD); Connection methods: Cellular, Wi-Fi, Bluetooth

These solutions help manage and secure mobile devices in organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What wireless security settings are mentioned?

A

Wi-Fi Protected Access 3 (WPA3); AAA/Remote Authentication Dial-in User Service (RADIUS); Cryptographic protocols; Authentication protocols

These settings are critical for securing wireless networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or False: Wireless networks have the same security challenges as wired networks.

A

False

Wireless networks broadcast signals and can be accessed from outside organizational spaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some common wireless connectivity options?

A

Bluetooth; Cellular; Wi-Fi

Understanding these options is essential for wireless network design.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the importance of wireless authentication?

A

Ensures secure access to wireless networks

EAP (Extensible Authentication Protocol) is commonly used for this purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the mobile device deployment models?

A

Bring your own device (BYOD); Choose your own device (CYOD); Corporate-owned, personally enabled (COPE)

These models influence how organizations provide devices to users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the role of mobile device management (MDM)?

A

To manage and secure mobile devices throughout their life cycles

MDM tools help ensure devices are secure from issuance to retirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Fill in the blank: The traffic on most cellular and point-to-point commercial wireless networks may need to be treated as if it is traversing a _______.

A

potentially hostile network path

This is due to the lack of customer control over these networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are some best practices for wireless network design?

A

Site surveys; Heat maps

These practices help optimize wireless network performance and security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the three key wireless connectivity options that organizations may deploy?

A

Wi-Fi, cellular, and Bluetooth

These technologies are essential for connecting devices and systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is it important to understand common attacks against wireless networks?

A

It helps security professionals design a secure wireless network

Understanding potential attacks informs better security measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What role do site surveys play in network design?

A

They help understand the environment where the network will be deployed

Site surveys can include heatmaps to visualize signal propagation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What do heatmaps in the context of network design show?

A

Signal propagation

Heatmaps assist in determining optimal device placement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are some concerns when protecting controllers and access points?

A

Patching, maintenance, and secure remote access

Protecting these components is crucial for overall network security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does WPA3 provide in terms of authentication?

A

Simultaneous authentication of equals (SAE) and enterprise models

Enterprise models connect to RADIUS servers for organizational credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are EAP and its variants used for?

A

Authentication protocols

They allow choices based on hardware support and specific authentication needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the two main deployment models for mobile devices?

A

BYOD processes and corporate-owned models

BYOD allows users to bring their own devices, while corporate models deploy locked-down devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the purpose of mobile device management tools?

A

To manage and secure mobile devices

MDM tools provide a range of features necessary for security professionals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does BYOD stand for?

A

Bring Your Own Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the advantages of BYOD?

A
  • More user freedom
  • Lower cost to the organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is a disadvantage of BYOD?
Greater risk since the organization does not control, secure, or manage the device
26
What does CYOD stand for?
Choose Your Own Device
27
In a CYOD model, who owns the device?
The organization
28
What is the main advantage of the COPE model?
Allows reasonable personal use while meeting enterprise security and control needs
29
What does COBO stand for?
Company-Owned Business Only
30
What is the key feature of COBO devices?
Used only for business work with no personal use
31
What is Virtual Desktop Infrastructure (VDI)?
A technology that allows low-security devices to access a secured, managed environment
32
What is mobile device hardening?
The process of securing mobile devices to resist threats
33
Name two benchmarks available for mobile device hardening.
* iOS benchmark * Android benchmark
34
What is a key practice in hardening mobile devices?
Updating and patching the OS
35
What is the function of remote wipe capability?
Used to erase data on a device when lost or stolen
36
True or False: Remote wipe can only wipe organizational data and applications.
False
37
What does MDM stand for?
Mobile Device Management
38
What is the main purpose of MDM tools?
To manage mobile devices and ensure data security
39
What does UEM stand for?
Unified Endpoint Management
40
What is the difference between MDM and UEM?
MDM focuses on mobile devices, while UEM integrates management of various devices including desktops and laptops
41
What are application management features in MDM?
* Deploying specific applications * Limiting application installations * Monitoring application usage
42
What is content management in the context of mobile devices?
Ensures secure access and control of organizational files on mobile devices
43
What is geolocation used for in mobile device management?
To make decisions about device operation based on its location
44
What is the purpose of screen locks, passwords, and PINs?
To prevent unauthorized access to mobile devices
45
What are biometrics in mobile devices?
Authentication methods like fingerprints and facial recognition
46
What is context-aware authentication?
Authentication that considers user behavior and context, such as location and usage patterns
47
What does containerization do for mobile devices?
Separates work and personal-use contexts to reduce risk of data exposure
48
What is full-device encryption (FDE)?
A security measure to protect data on lost or stolen devices
49
What is the benefit of push notifications in MDM?
To alert users or communicate important messages from a central location
50
What is the role of storage segmentation?
To keep personal and business data separate on mobile devices
51
What is the impact of rooting or jailbreaking a device?
Allows users to bypass security controls and install unauthorized software
52
What are some controls organizations may implement for wireless connectivity?
* Limiting Wi-Fi network connections * Preventing ad hoc networks * Disabling tethering
53
What are some features MDM tools may include?
* Per-application VPN * Onboarding tools for BYOD * Advanced threat detection
54
What is a challenge of managing mobile devices?
Variability between hardware manufacturers and operating system limitations
55
Fill in the blank: The _______ model provides the greatest control but the least flexibility.
Fully corporate-owned
56
What is one of the key best practices recommended by the NSA for mobile device security?
Implementing strong authentication measures
57
What are the types of wireless networks commonly found in organizations?
Wi-Fi, Bluetooth, cellular, Zigbee ## Footnote These networks differ in functionality and security challenges.
58
What is the primary function of cellular networks?
Provide connectivity for mobile devices by dividing areas into 'cells' with tower coverage ## Footnote Modern cellular networks use technologies like LTE and 5G.
59
What are the key differences between 4G and 5G networks?
4G requires fewer antennas; 5G requires greater antenna density and provides greater bandwidth and throughput ## Footnote 5G networks also necessitate careful antenna placement in building designs.
60
How is cellular connectivity typically provided?
By a cellular carrier rather than the organization itself ## Footnote This means cellular networks are managed outside the organization's control.
61
What does Wi-Fi primarily rely on for wireless networking?
2.4 GHz and 5 GHz radio bands ## Footnote Wi-Fi signals can be blocked by obstacles like walls or trees.
62
List the current and historical Wi-Fi standards mentioned.
* 802.11b * 802.11a * 802.11g * 802.11n * 802.11ac * 802.11ax * 802.11be ## Footnote Each has its own maximum speed and frequency.
63
What are the maximum speeds of 802.11ax and 802.11be?
802.11ax: 9.6 Gbit/s; 802.11be: 40+ Gbit/s ## Footnote 802.11be also supports multiple frequency bands.
64
What security features do WPA2 and WPA3 provide?
* Encryption options * Protection for network frames * Authentication options ## Footnote These features help secure Wi-Fi networks.
65
What is the typical range for Bluetooth connections?
Less than 100 meters, typically 5–30 meters ## Footnote Bluetooth is designed for low-power, short-range connections.
66
What are the four security modes of Bluetooth?
* Security Mode 1: No security * Security Mode 2: Service-level enforced security * Security Mode 3: Link-level enforced security * Security Mode 4: Standard pairing with Security Simple Pairing ## Footnote These modes determine the security level of Bluetooth connections.
67
What types of RFID tags exist?
* Active tags * Semi-active tags * Passive tags ## Footnote Each type has different power sources and functionalities.
68
What are the frequency ranges used by RFID tags?
* Low-frequency * High-frequency * Ultra-high-frequency ## Footnote Different ranges cater to various applications and distances.
69
What is the primary function of GPS technology?
To provide positioning and navigation using a constellation of satellites ## Footnote GPS can position devices within a foot of their actual location.
70
True or False: GPS signals can be jammed or spoofed.
True ## Footnote GPS jamming is illegal in the United States.
71
What is NFC primarily used for?
Very short-range communication between devices ## Footnote Commonly used in payment systems like Apple Pay and Google Pay.
72
What are the characteristics of infrared (IR) networking?
Works in line of sight; supports low to gigabit speeds ## Footnote IR networks are less common today, having been largely replaced by Bluetooth and Wi-Fi.
73
What are the four major wireless connection models?
* Point-to-point * Point-to-multipoint * Mesh * Broadcast ## Footnote Each model describes different ways devices can connect and communicate.
74
What is an 'evil twin' in wireless network security?
A malicious access point that appears to be a legitimate network ## Footnote Attackers use it to capture sensitive data from connected clients.
75
What is a rogue access point?
An access point added to a network without authorization ## Footnote It can provide attackers with a point of entry into the network.
76
What are rogue access points?
APs added to your network either intentionally or unintentionally ## Footnote They can offer a point of entry to attackers or unwanted users.
77
What is the purpose of wireless intrusion detection systems?
To continuously scan for unknown access points and determine if they are connected to your network ## Footnote This involves combining wireless network testing with wired network logs and traffic information.
78
Define bluejacking.
Sending unsolicited messages to Bluetooth-enabled devices
79
What is bluesnarfing?
Unauthorized access to a Bluetooth device to gather information
80
What is a Bluetooth impersonation attack (BIA)?
Exploits weaknesses in Bluetooth specification, lacking mutual authentication ## Footnote They have not yet been seen in the wild but pose a potential threat.
81
True or False: The security model for Bluetooth has significantly improved over the years.
False
82
What is disassociation in the context of wireless networks?
When a device disconnects from an access point
83
How do attackers typically force a device to disassociate?
By sending a deauthentication frame to the access point
84
What is the difference between Wi-Fi jammers and deauthers?
Deauthers send deauthentication frames; jammers send powerful traffic to drown out signals
85
What is sideloading?
Transferring files to a mobile device to install applications outside of the official app store
86
What does jailbreaking allow a user to do?
Gain more access to a mobile device than is typically allowed
87
What is the purpose of conducting a site survey?
To determine existing networks and physical structure for access point placement
88
Fill in the blank: In the 2.4 GHz band, channels 1, 6, and 11 are used to avoid _______.
Overlap and interference
89
What is the function of Wi-Fi analyzer software?
To gather data for surveying and planning networks, creating heatmaps, and identifying channels
90
What is WPA2?
Wi-Fi Protected Access 2, a widely used security standard for wireless networks
91
List the two major usage modes of WPA2.
* WPA2-Personal * WPA2-Enterprise
92
What encryption does CCMP use in WPA2?
Advanced Encryption Standard (AES)
93
What is WPA3?
The replacement for WPA2, required to be supported in all Wi-Fi devices since mid-2020
94
What feature does WPA3-Personal implement to enhance password-based authentication?
Simultaneous Authentication of Equals (SAE)
95
Define perfect forward secrecy.
A process that changes encryption keys regularly to protect communication
96
What is the main advantage of WPA3-Enterprise over WPA2?
Stronger encryption with an optional 192-bit security mode
97
What is an open network?
A network that does not require authentication and often uses a captive portal
98
Describe preshared keys (PSKs) in network authentication.
Require a shared passphrase for encryption but do not uniquely identify users
99
What does enterprise authentication rely on?
A RADIUS server and utilizes 802.1X for authentication
100
What is a captive portal?
A captive portal redirects traffic to a website or registration page before allowing access to the network ## Footnote Captive portals often require users to provide information to gain access to open networks
101
What is the risk associated with open networks?
Open networks do not provide encryption, leaving user data at risk unless traffic is sent via secure protocols like HTTPS ## Footnote This means that sensitive information can be intercepted by malicious actors
102
What does preshared keys (PSKs) require?
A passphrase or key that is shared with anyone who wants to use the network ## Footnote This allows traffic to be encrypted but does not uniquely identify users
103
What is enterprise authentication reliant on?
A RADIUS server and utilizes an Extensible Authentication Protocol (EAP) for authentication
104
What is 802.1X?
An IEEE standard for access control used for both wired and wireless devices ## Footnote In wireless networks, it integrates with RADIUS servers for user authentication
105
What actions can be taken based on user information after authentication?
Users can be placed in groups or network zones or have other actions taken based on attributes
106
What is the role of EAP in wireless networks?
EAP is used by 802.1X as part of the authentication process when devices authenticate to a RADIUS server
107
Name a common EAP variant.
Protected EAP (PEAP) ## Footnote Other variants include EAP-FAST, EAP-TLS, and EAP-TTLS
108
How does Protected EAP (PEAP) enhance security?
Authenticates servers using a certificate and wraps EAP in a TLS tunnel for security
109
What is the focus of EAP-FAST?
Providing faster reauthentication while devices are roaming ## Footnote It improves on vulnerabilities in the Lightweight Extensible Authentication Protocol (LEAP)
110
What does EAP-TLS implement?
Certificate-based authentication and mutual authentication of the device and network
111
Fill in the blank: EAP-TTLS extends EAP-TLS and does not require client devices to have a _______.
certificate
112
What is a concern for EAP-TTLS deployments?
It may require additional software to be installed on some devices ## Footnote This can be a barrier compared to PEAP, which does not have this requirement
113
What is RADIUS?
Remote Authentication Dial-in User Service ## Footnote It is used for authenticating individuals to remote networks using their home organization's accounts
114
What is the purpose of federating RADIUS servers?
To allow individuals from other organizations to authenticate to remote networks using their home organization's credentials
115
What is eduroam?
A federated authentication service for wireless that allows users from any participating institution to authenticate and use networks ## Footnote It is widely used in higher education
116
What does the Security+ exam outline focus on?
WPA3, RADIUS, cryptographic protocols, and authentication protocols ## Footnote It does not go into specifics about cryptographic protocols and authentication protocols
117
What should you consider while preparing for the Security+ exam regarding WPA3?
The new security features of WPA3 and its improvements over WPA2
118
What are the types of wireless networks commonly found in organizations?
Wi-Fi, Bluetooth, cellular, Zigbee ## Footnote These networks differ in functionality and security challenges.
119
What is the primary function of cellular networks?
Provide connectivity for mobile devices by dividing areas into 'cells' with tower coverage ## Footnote Modern cellular networks use technologies like LTE and 5G.
120
What are the key differences between 4G and 5G networks?
4G requires fewer antennas; 5G requires greater antenna density and provides greater bandwidth and throughput ## Footnote 5G networks also necessitate careful antenna placement in building designs.
121
How is cellular connectivity typically provided?
By a cellular carrier rather than the organization itself ## Footnote This means cellular networks are managed outside the organization's control.
122
What does Wi-Fi primarily rely on for wireless networking?
2.4 GHz and 5 GHz radio bands ## Footnote Wi-Fi signals can be blocked by obstacles like walls or trees.
123
List the current and historical Wi-Fi standards mentioned.
* 802.11b * 802.11a * 802.11g * 802.11n * 802.11ac * 802.11ax * 802.11be ## Footnote Each has its own maximum speed and frequency.
124
What are the maximum speeds of 802.11ax and 802.11be?
802.11ax: 9.6 Gbit/s; 802.11be: 40+ Gbit/s ## Footnote 802.11be also supports multiple frequency bands.
125
What security features do WPA2 and WPA3 provide?
* Encryption options * Protection for network frames * Authentication options ## Footnote These features help secure Wi-Fi networks.
126
What is the typical range for Bluetooth connections?
Less than 100 meters, typically 5–30 meters ## Footnote Bluetooth is designed for low-power, short-range connections.
127
What are the four security modes of Bluetooth?
* Security Mode 1: No security * Security Mode 2: Service-level enforced security * Security Mode 3: Link-level enforced security * Security Mode 4: Standard pairing with Security Simple Pairing ## Footnote These modes determine the security level of Bluetooth connections.
128
What types of RFID tags exist?
* Active tags * Semi-active tags * Passive tags ## Footnote Each type has different power sources and functionalities.
129
What are the frequency ranges used by RFID tags?
* Low-frequency * High-frequency * Ultra-high-frequency ## Footnote Different ranges cater to various applications and distances.
130
What is the primary function of GPS technology?
To provide positioning and navigation using a constellation of satellites ## Footnote GPS can position devices within a foot of their actual location.
131
True or False: GPS signals can be jammed or spoofed.
True ## Footnote GPS jamming is illegal in the United States.
132
What is NFC primarily used for?
Very short-range communication between devices ## Footnote Commonly used in payment systems like Apple Pay and Google Pay.
133
What are the characteristics of infrared (IR) networking?
Works in line of sight; supports low to gigabit speeds ## Footnote IR networks are less common today, having been largely replaced by Bluetooth and Wi-Fi.
134
What are the four major wireless connection models?
* Point-to-point * Point-to-multipoint * Mesh * Broadcast ## Footnote Each model describes different ways devices can connect and communicate.
135
What is an 'evil twin' in wireless network security?
A malicious access point that appears to be a legitimate network ## Footnote Attackers use it to capture sensitive data from connected clients.
136
What is a rogue access point?
An access point added to a network without authorization ## Footnote It can provide attackers with a point of entry into the network.
137
What are rogue access points?
APs added to your network either intentionally or unintentionally ## Footnote They can offer a point of entry to attackers or unwanted users.
138
What is the purpose of wireless intrusion detection systems?
To continuously scan for unknown access points and determine if they are connected to your network ## Footnote This involves combining wireless network testing with wired network logs and traffic information.
139
Define bluejacking.
Sending unsolicited messages to Bluetooth-enabled devices
140
What is bluesnarfing?
Unauthorized access to a Bluetooth device to gather information
141
What is a Bluetooth impersonation attack (BIA)?
Exploits weaknesses in Bluetooth specification, lacking mutual authentication ## Footnote They have not yet been seen in the wild but pose a potential threat.
142
True or False: The security model for Bluetooth has significantly improved over the years.
False
143
What is disassociation in the context of wireless networks?
When a device disconnects from an access point
144
How do attackers typically force a device to disassociate?
By sending a deauthentication frame to the access point
145
What is the difference between Wi-Fi jammers and deauthers?
Deauthers send deauthentication frames; jammers send powerful traffic to drown out signals
146
What is sideloading?
Transferring files to a mobile device to install applications outside of the official app store
147
What does jailbreaking allow a user to do?
Gain more access to a mobile device than is typically allowed
148
What is the purpose of conducting a site survey?
To determine existing networks and physical structure for access point placement
149
Fill in the blank: In the 2.4 GHz band, channels 1, 6, and 11 are used to avoid _______.
Overlap and interference
150
What is the function of Wi-Fi analyzer software?
To gather data for surveying and planning networks, creating heatmaps, and identifying channels
151
What is WPA2?
Wi-Fi Protected Access 2, a widely used security standard for wireless networks
152
List the two major usage modes of WPA2.
* WPA2-Personal * WPA2-Enterprise
153
What encryption does CCMP use in WPA2?
Advanced Encryption Standard (AES)
154
What is WPA3?
The replacement for WPA2, required to be supported in all Wi-Fi devices since mid-2020
155
What feature does WPA3-Personal implement to enhance password-based authentication?
Simultaneous Authentication of Equals (SAE)
156
Define perfect forward secrecy.
A process that changes encryption keys regularly to protect communication
157
What is the main advantage of WPA3-Enterprise over WPA2?
Stronger encryption with an optional 192-bit security mode
158
What is an open network?
A network that does not require authentication and often uses a captive portal
159
Describe preshared keys (PSKs) in network authentication.
Require a shared passphrase for encryption but do not uniquely identify users
160
What does enterprise authentication rely on?
A RADIUS server and utilizes 802.1X for authentication
161
What is a captive portal?
A captive portal redirects traffic to a website or registration page before allowing access to the network ## Footnote Captive portals often require users to provide information to gain access to open networks
162
What is the risk associated with open networks?
Open networks do not provide encryption, leaving user data at risk unless traffic is sent via secure protocols like HTTPS ## Footnote This means that sensitive information can be intercepted by malicious actors
163
What does preshared keys (PSKs) require?
A passphrase or key that is shared with anyone who wants to use the network ## Footnote This allows traffic to be encrypted but does not uniquely identify users
164
What is enterprise authentication reliant on?
A RADIUS server and utilizes an Extensible Authentication Protocol (EAP) for authentication
165
What is 802.1X?
An IEEE standard for access control used for both wired and wireless devices ## Footnote In wireless networks, it integrates with RADIUS servers for user authentication
166
What actions can be taken based on user information after authentication?
Users can be placed in groups or network zones or have other actions taken based on attributes
167
What is the role of EAP in wireless networks?
EAP is used by 802.1X as part of the authentication process when devices authenticate to a RADIUS server
168
Name a common EAP variant.
Protected EAP (PEAP) ## Footnote Other variants include EAP-FAST, EAP-TLS, and EAP-TTLS
169
How does Protected EAP (PEAP) enhance security?
Authenticates servers using a certificate and wraps EAP in a TLS tunnel for security
170
What is the focus of EAP-FAST?
Providing faster reauthentication while devices are roaming ## Footnote It improves on vulnerabilities in the Lightweight Extensible Authentication Protocol (LEAP)
171
What does EAP-TLS implement?
Certificate-based authentication and mutual authentication of the device and network
172
Fill in the blank: EAP-TTLS extends EAP-TLS and does not require client devices to have a _______.
certificate
173
What is a concern for EAP-TTLS deployments?
It may require additional software to be installed on some devices ## Footnote This can be a barrier compared to PEAP, which does not have this requirement
174
What is RADIUS?
Remote Authentication Dial-in User Service ## Footnote It is used for authenticating individuals to remote networks using their home organization's accounts
175
What is the purpose of federating RADIUS servers?
To allow individuals from other organizations to authenticate to remote networks using their home organization's credentials
176
What is eduroam?
A federated authentication service for wireless that allows users from any participating institution to authenticate and use networks ## Footnote It is widely used in higher education
177
What does the Security+ exam outline focus on?
WPA3, RADIUS, cryptographic protocols, and authentication protocols ## Footnote It does not go into specifics about cryptographic protocols and authentication protocols
178
What should you consider while preparing for the Security+ exam regarding WPA3?
The new security features of WPA3 and its improvements over WPA2
179
What does BYOD stand for?
Bring Your Own Device
180
What are the advantages of BYOD?
* More user freedom * Lower cost to the organization
181
What is a disadvantage of BYOD?
Greater risk since the organization does not control, secure, or manage the device
182
What does CYOD stand for?
Choose Your Own Device
183
In a CYOD model, who owns the device?
The organization
184
What is the main advantage of the COPE model?
Allows reasonable personal use while meeting enterprise security and control needs
185
What does COBO stand for?
Company-Owned Business Only
186
What is the key feature of COBO devices?
Used only for business work with no personal use
187
What is Virtual Desktop Infrastructure (VDI)?
A technology that allows low-security devices to access a secured, managed environment
188
What is mobile device hardening?
The process of securing mobile devices to resist threats
189
Name two benchmarks available for mobile device hardening.
* iOS benchmark * Android benchmark
190
What is a key practice in hardening mobile devices?
Updating and patching the OS
191
What is the function of remote wipe capability?
Used to erase data on a device when lost or stolen
192
True or False: Remote wipe can only wipe organizational data and applications.
False
193
What does MDM stand for?
Mobile Device Management
194
What is the main purpose of MDM tools?
To manage mobile devices and ensure data security
195
What does UEM stand for?
Unified Endpoint Management
196
What is the difference between MDM and UEM?
MDM focuses on mobile devices, while UEM integrates management of various devices including desktops and laptops
197
What are application management features in MDM?
* Deploying specific applications * Limiting application installations * Monitoring application usage
198
What is content management in the context of mobile devices?
Ensures secure access and control of organizational files on mobile devices
199
What is geolocation used for in mobile device management?
To make decisions about device operation based on its location
200
What is the purpose of screen locks, passwords, and PINs?
To prevent unauthorized access to mobile devices
201
What are biometrics in mobile devices?
Authentication methods like fingerprints and facial recognition
202
What is context-aware authentication?
Authentication that considers user behavior and context, such as location and usage patterns
203
What does containerization do for mobile devices?
Separates work and personal-use contexts to reduce risk of data exposure
204
What is full-device encryption (FDE)?
A security measure to protect data on lost or stolen devices
205
What is the benefit of push notifications in MDM?
To alert users or communicate important messages from a central location
206
What is the role of storage segmentation?
To keep personal and business data separate on mobile devices
207
What is the impact of rooting or jailbreaking a device?
Allows users to bypass security controls and install unauthorized software
208
What are some controls organizations may implement for wireless connectivity?
* Limiting Wi-Fi network connections * Preventing ad hoc networks * Disabling tethering
209
What are some features MDM tools may include?
* Per-application VPN * Onboarding tools for BYOD * Advanced threat detection
210
What is a challenge of managing mobile devices?
Variability between hardware manufacturers and operating system limitations
211
Fill in the blank: The _______ model provides the greatest control but the least flexibility.
Fully corporate-owned
212
What is one of the key best practices recommended by the NSA for mobile device security?
Implementing strong authentication measures
213
What are the three key wireless connectivity options that organizations may deploy?
Wi-Fi, cellular, and Bluetooth ## Footnote These technologies are essential for connecting devices and systems.
214
Why is it important to understand common attacks against wireless networks?
It helps security professionals design a secure wireless network ## Footnote Understanding potential attacks informs better security measures.
215
What role do site surveys play in network design?
They help understand the environment where the network will be deployed ## Footnote Site surveys can include heatmaps to visualize signal propagation.
216
What do heatmaps in the context of network design show?
Signal propagation ## Footnote Heatmaps assist in determining optimal device placement.
217
What are some concerns when protecting controllers and access points?
Patching, maintenance, and secure remote access ## Footnote Protecting these components is crucial for overall network security.
218
What does WPA3 provide in terms of authentication?
Simultaneous authentication of equals (SAE) and enterprise models ## Footnote Enterprise models connect to RADIUS servers for organizational credentials.
219
What are EAP and its variants used for?
Authentication protocols ## Footnote They allow choices based on hardware support and specific authentication needs.
220
What are the two main deployment models for mobile devices?
BYOD processes and corporate-owned models ## Footnote BYOD allows users to bring their own devices, while corporate models deploy locked-down devices.
221
What is the purpose of mobile device management tools?
To manage and secure mobile devices ## Footnote MDM tools provide a range of features necessary for security professionals.