1500

Question 1

The encryption protocol standard for WPA2.

Answer 1

AES-CCMP

Question 2

An attack that sends unsolicited messages to Bluetooth-enabled devices.

Answer 2

Bluejacking

Question 3

An attack that accesses unauthorized information from a wireless device through a Bluetooth connection - often between cell phones and laptop computers.

Answer 3

Bluesnarfing

Question 4

A wireless technology that uses short-range radio frequency (RF) transmissions and provides for rapid ad hoc device pairings.

Answer 4

Bluetooth

Question 5

An AP set up by an attacker to mimic an authorized AP and capture transmissions - so a user’s device will unknowingly connect to this evil twin instead.

Answer 5

Evil Twin

Question 6

A framework for transporting authentication protocols that defines the format of the messages.

Answer 6

Extensible Authentication Protocol (EAP)

Question 7

A 24-bit value used in WEP that changes each time a packet is encrypted.

Answer 7

Initialization Vector (IV)

Question 8

A method of determining the keystream by analyzing two packets that were created from the same initialization vector (IV).

Answer 8

Keystream Attack (IV Attack)

Question 9

A proprietary EAP method developed by Cisco Systems requiring mutual authentication used for WLAN encryption using Cisco client software.

Answer 9

Lightweight EAP (LEAP)

Question 10

A method for controlling access to a WLAN based on the device’s MAC address.

Answer 10

Media Access Control (MAC) Address Filtering

Question 11

A key value that must be created and entered into both the access point and all wireless devices (“shared”) prior to (“pre”) the devices communicating with the AP.

Answer 11

Preshared Key (PSK)

Question 12

An EAP method designed to simplify the deployment of 802.11x by using Microsoft Windows logins and passwords.

Answer 12

Protected EAP (PEAP)

Question 13

An unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its user to attacks.

Answer 13

Rogue Access Point

Question 14

The user-supplied network name of a WLAN; it can generally be alphanumeric from 2 to 32 characters.

Answer 14

Service Set Identifier (SSID)

Question 15

The transmission of the SSID from the access point to wireless devices.

Answer 15

SSID Broadcast

Question 16

A WPA encryption technology.

Answer 16

Temporal Key Integrity Protocol (TKIP)

Question 17

The process of documenting and then advertising the location of wireless LANs for others to use. Wireless networks were identified by drawing on sidewalks or walls around the area of the network.

Answer 17

War Chalking

Question 18

Searching for wireless signals from an automobile or on foot suing a portable computing device.

Answer 18

War Driving

Question 19

The original set of protections from the Wi-Fi Alliance in 2003 designed to protect both present and future wireless devices.

Answer 19

Wi-Fi Protected Access (WPA)

Question 20

The second generation of WPA security from the Wi-Fi Alliance in 2004 to address authentication and encryption on WLANs.

Answer 20

Wi-Fi Protected Access 2 (WPA2)

Question 21

An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities and is not considered secure.

Answer 21

Wired Equivalent Privacy (WEP)

Question 22

Bluetooth falls under the category of __________. A. local area network (LAN) B. short area network (SAN) C. paired-device network (PDN) D. personal area network (PAN)

Answer 22

D. personal area network (PAN)

Question 23

A Bluetooth network that contains one master and at least one slave using the same RF channel forms a __________. A. cluster B. grouping C. scatteringnet D. piconet

Answer 23

D. piconet

Question 24

____________ is the unauthorized access of information from a wireless device through a Bluetooth connection. A. Bluejacking B. Bluetooth snatching C. Bluetooth spoofing D. Bluesnarfing

Answer 24

D. bluesnarfing

Question 25

The IEEE ___________ standard specifies a maximum rated speed of 54 Mbps using the 5 GHz spectrum. A. 802.11 B. 802.11a C. 802.11b D. 802.11g

Answer 25

B. 802.11a

Question 26

Each of the following is an advantage of IEEE 802.11n except __________. A. smaller coverage area B. faster speed C. less interference D. stronger security

Answer 26

A. smaller coverage area

Question 27

Which of the following is not found in a residential WLAN gateway? A. intrusion detection system (IDS) B. firewall C. router D. dynamic host configuration protocol (DHCP)

Answer 27

A. intrusion detection system (IDS)

Question 28

Which of the following is not a requirement for war driving? A. wireless NIC adapter B. antennas C. GPS receiver D. mobile computer device

Answer 28

C. GPS receiver

Question 29

The primary design of a(n) __________ is to capture the transmission from legitimate users. A. evil twin B. Bluetooth grabber C. WEP D. rogue access point

Answer 29

D. rogue access point

Question 30

Which of the following is a vulnerability of MAC address filtering? A. the user must enter the MAC B. APs use IP addresses instead of MACs C. Not all operating systems support MACs D. MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format

Answer 30

D. MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format

Question 31

Each of the following is a limitation of turning off the SSID broadcast from an AP except ___________. A. the SSID can easily be discovered - even when it is not contained in beacon frames - because it still is transmitted in other management frames sent by AP B. turning off the SSIB broadcast may prevent users form being able to freely roam from one AP coverage area to another C. some versions of operating systems favor a network broadcasting an SSID over one that does not D. users can more easily roam from on WLAN to another

Answer 31

D. users can more easily roam from on WLAN to another

Question 32

The primary weakness of wired equivalent privacy (WEP) is __________. A. it usage creates a detectable pattern B. initialization vectors (IVs) are difficult for users to manage C. its only functions on specific brands of APs D. it slows down a WLAN from 104 Mbps to 16 Mbps

Answer 32

A. its usage creates a detectable pattern

Question 33

The two models for personal wireless security developed by the Wi-Fi Alliance are Wi-Fi Protected Access (WPA) and __________. A. Protected Wireless Security (WPS) B. IEEE 802.11ai C. Postshared Key Protection (PKP) D. Wi-Fi Protected Access 2 (WPA2)

Answer 33

D. Wi-Fi Protected Access 2 (WPA2)

Question 34

WPA replaces WEP with __________. A. Temporal Key Integrity Protocol (TKIP) B. Cyclic Redundancy Check (CRC) C. Message Integrity Check (MIC) D. WPA2

Answer 34

A. Temporal Key Integrity Protocol (TKIP)

Question 35

A preshared key (PSK) of fewer than __________ characters may be subject to an attack if that key is a common dictionary word. A. 6 B. 12 C. 16 D. 20

Answer 35

D. 20

Question 36

A WEP key that is 128 bits in length __________. A. cannot be used on access points that use passphrases B. is less secure than a WEP key of 64 bits because shorter keys are stronger C. has an initialization vector (IV) that is the same length as a WEP key of 64 bits D. cannot be cracked because it is too long

Answer 36

C. has an initialization vector (IV) that is the same length as a WEP key of 64 bits

Question 37

AES-CCMP is the encryption protocol standard used in __________. A. WPA2 B. IEEE 802.11 C. WPA D. Bluetooth

Answer 37

A. WPA2

Question 38

What is the Extensible Authentication Protocol (EAP)? A. a subset of WPA2 B. the protocol used in TCP/IP for authentication C. a framework for transporting authentication protocols D. a technology used by IEEE 802.11 for encryption

Answer 38

C. a framework for transporting authentication protocols

Question 39

Which technology should be used instead of LEAP? A. STREAK B. LEAP-2 C. REAP D. PEAP

Answer 39

D. PEAP

Question 40

Each of the following is a type of wireless AP probe except __________. A. wireless device probe B. dedicated probe C. AP probe D. WNIC probe

Answer 40

D. WNIC probe

Question 41

The most flexible approach for a wireless VLAN is to have which device separate the packets? A. firewall B. AP C. NIC D. router

Answer 41

B. AP

Question 42

The mechanism used in an information system to allow or restrict access to data or devices.

Answer 42

Access Control

Question 43

A set of permissions that are attached to an object.

Answer 43

Access Control List (ACL)

Question 44

A standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications.

Answer 44

Access Control Model

Question 45

The process of setting a user’s account to expire.

Answer 45

Account Expiration

Question 46

The least restrictive access control model in which the owner of the object has total control over it.

Answer 46

Discretionary Access Control (DAC)

Question 47

The second version of the Terminal Access Control Access Control System (TCACAS) authentication service.

Answer 47

Extended TACACS

Question 48

Rejecting access unless a condition is explicitly met.

Answer 48

Implicit Deny

Question 49

The act of moving individuals from one job responsibility to another.

Answer 49

Job Rotation

Question 50

An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.

Answer 50

Kerberos

Question 51

Providing only the minimum amount of privileges necessary to perform a job or function.

Answer 51

Least Privilege

Question 52

An attack that constructs LDAP statements based on user input statements - allowing the attacker to retrieve information from the LDAP database or modify its contents.

Answer 52

LDAP Injection Attack

Question 53

A protocol for a client application to access an X.500 directory.

Answer 53

Lightweight Directory Access Protocol (LDAP)

Question 54

The most restrictive access control model - typically found in military settings in which security is of supreme importance.

Answer 54

Mandatory Access Control (MAC)

Question 55

Requiring that all employees take vacations.

Answer 55

Mandatory Vacations

Question 56

An industry standard authentication service with widespread support across nearly all vendors of networking equipment.

Answer 56

Remote Authentication Dial In User Service (RADIUS)

Question 57

A “real-world” access control model in which access is based on a user’s job function within the organization.

Answer 57

Role Based Access Control (RBAC)

Question 58

An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian.

Answer 58

Rule Based Access Control (RBAC)

Question 59

The practice of requiring that processes should be divided between two or more individuals.

Answer 59

Separation of Duties

Question 60

The current version of the Terminal Access Control Access Control System (TACACS) authentication services.

Answer 60

TACACS+

Question 61

An authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. The current version is TACACS+.

Answer 61

Terminal Access Control Access Control System (TACACS)

Question 62

Limitations imposed as to when a user can log on to a system.

Answer 62

Time of Day Restrictions

Question 63

A RADIUS authentication server requires that the __________ be authenticated first. A. authentication server B. supplicant C. authenticator D. user

Answer 63

B. supplicant

Question 64

Each of the following make up the AAA elements in network security - except __________. A. controlling access to network resources (authentication) B. enforcing security policies (authorization) C. determining user need (analyzing) D. auditing usage (accounting)

Answer 64

C. determining user need (analyzing)

Question 65

With the development of IEEE 802.1x port security - the authentication server ___________ has seen even greater usage. A. RDAP B. DAP C. RADIUS D. AAA

Answer 65

C. RADIUS

Question 66

__________ is an authentication protocol available as a free download that runs on Microsoft Windows 7/Vista - Windows Server 2008 - Apple Mac OS X - and Linux. A. IEEE 802.1x B. RADIUS C. Kerberos D. LDAP

Answer 66

C. Kerberos

Question 67

The version of the X.500 standard that runs on a personal computer over TCP/IP is __________. A. DAP B. LDAP C. IEEE X.501 D. Lite RDAP

Answer 67

B. LDAP

Question 68

A user entering her username would correspond to the _______ action in access control. A. authentication B. identification C. authorization D. access

Answer 68

B. identification

Question 69

A process functioning on behalf of the user that attempts to access a file is known as a(n) __________. A. object B. subject C. resource D. operation check

Answer 69

B. subject

Question 70

The individual who periodically reviews security settings and maintains records of access by users is called the __________. A. supervisor B. owner C. custodian D. manager

Answer 70

C. custodian

Question 71

In the __________ model - the end user cannot change any security settings. A. Discretionary Access Control B. Security Access Control C. Mandatory Access Control D. Restricted Access Control

Answer 71

C. Mandatory Access Control

Question 72

Rule Bases Access Control __________. A. is considered obsolete today. B. dynamically assigns roles to subjects based on rules C. is considered a real-world approach by linking a user’s job function with security D. requires that a custodian set all rules

Answer 72

B. dynamically assigns roles to subjects based on rules

Question 73

Separation of duties requires that __________. A. processes should be divided between two or more individuals B. end users cannot set security for themselves C. managers must monitor owners for security purposes D. jobs be rotated among different individuals

Answer 73

A. processes should be divided between two or more individuals

Question 74

___________ in access control means that if a condition is not explicitly met - then access is to be rejected. A. Denial of duties B. Implicitly deny C. Explicit rejection D. Prevention control

Answer 74

B. Implicitly deny

Question 75

A(n) ___________ is a set of permissions that is attached to an object. A. access control list (ACL) B. Subject Access Entity (SAE) C. object modifier D. security entry designator

Answer 75

A. access control list (ACL)

Question 76

__________ is a Microsoft Windows feature that provides centralized management and configuration of computers and remote users who are using Active Directory. A. Windows Register Settings B. group policy C. Resource Allocation Entities D. AD management services (ADMS)

Answer 76

B. group policy

Question 77

A(n) __________ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents. A. SQL/LDAP insert attack B. modified Trojan attack C. LDAP injection attack D. RBASE plug-in attack

Answer 77

C. LDAP injection attack

Question 78

The least restrictive access control model is __________. A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Discretionary Access Control (DAC) D. Rule Based Access Control (RBAC)

Answer 78

C. Discretionary Access Control (DAC)

Question 79

The principle known as __________ in access control means that each user should only be given the minimal amount of privileges necessary for that person to perform their job function. A. enterprise security B. least privilege C. deny all D. Mandatory limitations

Answer 79

B. least privilege

Question 80

A(n) __________ is the person responsible for the information and determines the level of security needed for the data and delegates security duties as required. A. owner B. custodian C. end user D. administrator

Answer 80

A. owner

Question 81

In the Mandatory Access Contol (MAC) model - every subject and object ___________. A. is restricted and cannot be accessed B. is assigned a label C. can be changed by the owner D. must be given a number from 200-900

Answer 81

B. is assigned a label

Question 82

A user account that has not been accessed for a lengthy period of time is called a(n) ___________ account. A. orphaned B. limbo C. static D. dormant

Answer 82

D. dormant

Question 83

Authenticating a user by the normal actions that the user performs.

Answer 83

Behavioral Biometrics

Question 84

A password attack in which every possible combination of letter - numbers - and characters is used to create encrypted passwords that are matched with those in a stolen password file.

Answer 84

Brute Force Attack

Question 85

Authenticating a user through the perception - thought process - and understanding of the user.

Answer 85

Cognitive Biometrics

Question 86

A Department of Defense (DoD) smart card used for identification for active-duty and reserve military personnel along with civilian employees and special contractors.

Answer 86

Common Access Card (CAC)

Question 87

A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.

Answer 87

Dictionary Attack

Question 88

A password attack that slightly alters dictionary words by adding numbers to the end of the password - spelling words backward - slightly misspelling words - or including special characters.

Answer 88

Hybrid Attack

Question 89

Using more than one type of authentication credential.

Answer 89

Multifactor Authentication

Question 90

A secret combination of letters - numbers - and/or characters that only the user should know.

Answer 90

Password

Question 91

A government standard for smart cards that covers all government employees.

Answer 91

Personal Identity Verification (PIV)

Question 92

Large pregenerated data sets of encrypted passwords used in password attacks.

Answer 92

Rainbow Tables

Question 93

Using one authentication credential to access multiple accounts or applications.

Answer 93

Single Sign-On (SSO)

Question 94

Using one type of authentication credentials.

Answer 94

Single-Factor Authentication

Question 95

A card that contains an integrated circuit chip that can hold information used as part of the authentication process.

Answer 95

Smart Card

Question 96

Using fingerprints or other unique physical characteristics of a person’s face - hands - or eyes for authentication.

Answer 96

Standard Biometrics

Question 97

A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication.

Answer 97

Token

Question 98

A hardened operating system that can keep attackers from accessing and controlling critical parts of a computer system.

Answer 98

Trusted Operating System (Trusted OS)

Question 99

Each of the following is a type of authentication credential except __________.

Answer 99

C. what you discover

Question 100

Which of the following is not a reason users create weak passwords? A. a lengthy and complex password can be difficult to memorize B. a security policy requires a password to be changed regularly C. having multiple passwords makes it hard to remember all of them D. most sites force users to create weak passwords although they do not want to

Answer 100

D. most sites force users to create weak passwords although they do not want to