16, 17, 19 Flashcards
Which of these attacks are considered denial-of-service attacks? (Choose all that apply.) 2
A. Man-in-the-middle
B. Jamming
C. Deauthentication spoofing
D. MAC spoofing
E. Peer-to-peer
B. Jamming
C. Deauthentication spoofing
Which of these attacks would be considered malicious eavesdropping? (Choose all that apply.)
A. NetStumbler
B. Peer-to-peer
C. Protocol analyzer capture
D. Packet reconstruction
E. PS-Poll floods
C. Protocol analyzer capture
D. Packet reconstruction
Which of these attacks will not be detected by a wireless intrusion prevention system (WIPS)?
A. Deauthentication spoofing
B. MAC spoofing
C. Rogue access point
D. Eavesdropping with a protocol analyzer
E. Association flood
D. Eavesdropping with a protocol analyzer
Which of these attacks can be mitigated with a mutual authentication solution? (Choose all that apply.)
A. Malicious eavesdropping
B. Deauthentication
C. Man-in-the-middle
D. Wireless hijacking
E. Authentication flood
C. Man-in-the-middle
D. Wireless hijacking
What type of security can be used to stop attackers from seeing the MAC addresses used by your legitimate 802.11 WLAN devices?
A. MAC filtering
B. CCMP/AES encryption
C. MAC spoofing
D. Rogue mitigation
E. Rogue detection
F. None of the above
F. None of the above
When you are designing a wireless policy document, what two major areas of policy should be addressed?
A. General policy
B. Functional policy
C. Rogue AP policy
D. Authentication policy
E. Physical security
A. General policy
B. Functional policy
What can happen when an intruder compromises the PSK or passphrase used during WPA/WPA2-Personal authentication? (Choose all that apply.)
A. Decryption
B. ASLEAP attack
C. Spoofing
D. Encryption cracking
E. Access to network resources
A. Decryption
E. Access to network resources
Which of these attacks are considered layer 2 DoS attacks? (Choose all that apply.) 4
A. Deauthentication spoofing
B. Jamming
C. Virtual carrier attacks
D. PS-Poll floods
E. Authentication floods
A. Deauthentication spoofing
C. Virtual carrier attacks
D. PS-Poll floods
E. Authentication floods
Jamming is not a layer 2 DoS attack.
Which of these can cause unintentional RF jamming attacks against an 802.11 wireless network? (Choose all that apply.)
A. Microwave oven
B. Signal generator
C. 2.4 GHz cordless phones
D. 900 MHz cordless phones
E. Deauthentication transmitter
A. Microwave oven
C. 2.4 GHz cordless phones
Rogue WLAN devices are commonly installed by whom? (Choose all that apply.) 3
A. Attackers
B. Wardrivers
C. Contractors
D. Visitors
E. Employees
C. Contractors
D. Visitors
E. Employees
Which two solutions help mitigate peer-to-peer attacks from other clients associated to the same 802.11 access point?
A. Personal firewall
B. WPA2 encryption
C. Client isolation
D. MAC filter
A. Personal firewall
C. Client isolation
What type of solution can be used to perform countermeasures against a rogue access point?
A. CCMP
B. PEAP
C. WIPS
D. TKIP
E. WINS
C. WIPS
A WIPS uses which four labels to classify an 802.11 device? (Choose the best four answers.)
A. Authorized
B. Neighbor
C. Enabled
D. Disabled
E. Rogue
F. Unauthorized/unknown
A. Authorized
B. Neighbor
E. Rogue
F. Unauthorized/unknown
No enable or disabled
Scott is an administrator at the Williams Lumber Company, and his WIPS has detected a rogue access point. What actions should he take after the WIPS detects the rogue AP?
(Choose the best two answers.)
A. Enable the layer 2 rogue containment feature that his WIPS provides.
B. Unplug the rogue AP from the electrical outlet upon discovery.
C. Call the police.
D. Call his mother.
E. Unplug the rogue AP from the data port upon discovery.
A. Enable the layer 2 rogue containment feature that his WIPS provides.
E. Unplug the rogue AP from the data port upon discovery.
Which of these attacks are wireless users susceptible to at a public-access hotspot? (Choose all that apply.) 5
A. Wi-Fi phishing
B. Happy AP attack
C. Peer-to-peer attack
D. Malicious eavesdropping
E. 802.11 sky monkey attack
F. Man-in-the-middle attack
G. Wireless hijacking
A. Wi-Fi phishing
C. Peer-to-peer attack
D. Malicious eavesdropping
F. Man-in-the-middle attack
G. Wireless hijacking
Which two components should be mandatory in every public access wireless security policy? (Choose the best two answers.)
A. Encrypted VPN
B. 802.1X/EAP
C. Personal firewall
D. Captive portal
E. Wireless stun gun
A. Encrypted VPN
C. Personal firewall
MAC filters are typically considered to be a weak security implementation because of what type of attack?
A. Spamming
B. Spoofing
C. Phishing
D. Cracking
E. Eavesdropping
B. Spoofing
Which WIPS architecture is the most commonly deployed?
A. Integrated
B. Overlay
C. Access
D. Core
A. Integrated
Which of these encryption technologies have been cracked? (Choose all that apply.)
A. 64-bit WEP
B. 3DES
C. CCMP/AES
D. 128-bit WEP
A. 64-bit WEP
D. 128-bit WEP
What is another name for a wireless hijacking attack?
A. Wi-Fi phishing
B. Man-in-the-middle
C. Fake AP
D. Evil twin
E. AirSpy
D. Evil twin
Which WLAN security mechanisms require that each WLAN user have unique authentication credentials? (Choose all that apply.)
A. Open System
B. WPA-Personal
C. WPA2-Personal
D. WPA2-Enterprise
E. WPA3-Personal
F. WPA3-Enterprise
D. WPA2-Enterprise
F. WPA3-Enterprise
As defined by the Wi-Fi Alliance’s WPA3 security certification, which mode of operation requires the use of 256-bit Galois/Counter Mode Protocol (GCMP-256) for encryption of data?
A. WPA3-Personal only
B. WPA3-Personal transition
C. WPA3-Enterprise only
D. WPA3-Enterprise transition
E. WPA3-Enterprise 192-bit
E. WPA3-Enterprise 192-bit
128-bit WEP encryption uses a user- provided static key of what size?
A. 104 bytes
B. 64 bits
C. 124 bits
D. 128 bits
E. 104 bits
E. 104 bits
no bytes
Which three main components constitute an 802.1X authorization framework?
A. Supplicant
B. LDAP database
C. Authentication server
D. Intentional radiator
E. Authenticator
A. Supplicant
C. Authentication server
E. Authenticator
Which of these security methods is the replacement for PSK authentication as defined by WPA3?
A. Per-user/per-device PSK
B. Wi-Fi Protected Setup (WPS)
C. Simultaneous authentication of equals (SAE)
D. EAP-SIM
E. WPA2-Personal
C. Simultaneous authentication of equals (SAE)
The ACME Company is using WPA2-Personal to secure IoT devices that are not capable of 802.1X/EAP authentication. Because an employee was recently fired, all of the company wireless IoT devices and APs had to be reconfigured with a new static 64-bit PSK. What type of WLAN security solution may have avoided this administrative headache?
A. MAC filter
B. Hidden SSID
C. Changing the default settings
D. Per-device, per-user PSK
D. Per-device, per-user PSK
Which of the following encryption methods use symmetric ciphers? (Choose all that apply.) 3
A. WEP
B. TKIP
C. Public-key cryptography
D. CCMP
A. WEP
B. TKIP
D. CCMP
The IEEE 802.11-2020 standard states which of the following regarding 802.11n, 802.11ac, and 802.11ax data rates and encryption? (Choose all that apply.) 2
A. WEP and TKIP must not be used.
B. CCMP and GCMP can be used.
C. WEP cannot be used; however, TKIP can be used if also using 802.1X.
D. Any encryption method defined by the standard can be used.
A. WEP and TKIP must not be used.
B. CCMP and GCMP can be used.
When 802.1X/EAP security is deployed, RADIUS attributes can also be leveraged for rolebased assignment of which type of user access permissions? (Choose all that apply.)
A. Stateful firewall rules
B. Time
C. VLANS
D. ACLs
E. Bandwidth
A. Stateful firewall rules
B. Time
C. VLANS
D. ACLs
E. Bandwidth
How are IPsec VPNs used to provide security in combination with 802.11 WLANs?
A. Client-based security on public access WLANs
B. Point-to-point wireless bridge links
C. Connectivity across WAN links
D. All of the above
D. All of the above
When enabled, WLAN encryption provides data privacy for which portion of an 802.11 data frame?
A. MPDU
B. MSDU
C. PPDU
D. PSDU
B. MSDU
Which of the following methods of authentication must occur along with the 4-Way Handshake in order to generate dynamic CCMP/AES encryption keys? (Choose all that apply.) 3
A. Shared Key authentication and 4-Way Handshake
B. 802.1X/EAP authentication and 4-Way Handshake
C. Static WEP and 4-Way Handshake
D. PSK authentication and 4-Way Handshake
E. SAE authentication and 4-Way Handshake
B. 802.1X/EAP authentication and 4-Way Handshake
D. PSK authentication and 4-Way Handshake
E. SAE authentication and 4-Way Handshake
no shared or static
For an 802.1X/EAP solution to work properly, which two components must both support the same type of EAP?
A. Supplicant
B. Authorizer
C. Authenticator
D. Authentication server
A. Supplicant
D. Authentication server
When you are using an 802.11 wireless controller solution, which device would usually function as the authenticator?
A. Access point
B. LDAP server
C. WLAN controller
D. RADIUS server
C. WLAN controller
Which of these use cases for a per-user/per-device implementationof PSK authentication is not recommended?
A. Unique credentials for BYOD devices
B. Unique credentials for IoT devices
C. Unique credentials for guest Wi-Fi access
D. Unique credentials for legacy enterprise devices without 802.1X/EAP support
E. Unique credentials for enterprise devices with 802.1X/EAP support
E. Unique credentials for enterprise devices with 802.1X/EAP support
What does successful 802.1X/EAP provide when properly implemented for WLAN security? (Choose all that apply.)
A. Access to network resources
B. Verification of access point credentials
C. Dynamic authentication
D. Dynamic encryption-key generation
E. Verification of user credentials
A. Access to network resources
D. Dynamic encryption-key generation
E. Verification of user credentials
CCMP encryption uses which AES key size?
A. 192 bits
B. 64 bits
C. 256 bits
D. 128 bits
D. 128 bits
Identify the security solutions that are defined by the Wi-Fi Alliance WPA2 certification. (Choose all that apply.)
A. 802.1X/EAP authentication
B. Dynamic WEP encryption
C. SAE authentication
D. PSK authentication
E. DES encryption
F. CCMP encryption
A. 802.1X/EAP authentication
D. PSK authentication
F. CCMP encryption
What are some of the requirements of the optional WPA3-Enterprise 192-bit mode that is defined by the Wi-Fi Alliance?
(Choose all that apply.)
A. CCMP/AES with 128-bit encryption of data frames
B. BIP-GMAC-256 for management frame protection
C. EAP-TLS authentication protocol
D. EAP-TTLS authentication protocol
E. 256-bit GCMP/AES encryption of data frames
F. BIP-CMAC-128 for management frame protection
B. BIP-GMAC-256 for management frame protection
C. EAP-TLS authentication protocol
F. BIP-CMAC-128 for management frame protection
2 BIPS and TLS not TTLS
Which layer 2 protocol is used for authentication in an 802.1X framework?
A. RSN
B. SAE
C. EAP
D. PAP
E. CHAP
C. EAP
What is the maximum number of resource units that can be used for a 20 MHz OFDMA channel?
A. 2
B. 4
C. 9
D. 26
E. 52
C. 9
Which type of 802.11 frame is required for either uplink MU-MIMO or uplink MUOFDMA communication?
A. Trigger
B. Probe
C. ACK
D. Beacon
E. Data
A. Trigger
Which 802.11ax technology defines new power-saving capabilities that could be beneficial for IoT devices?
A. Buffer status report
B. Target wake time
C. BSS color
D. Guard interval
E. Long symbol time
B. Target wake time
Which 802.11ax technology has the potential to decrease co-channel interference (CCI)? (Choose all that apply.)
A. Buffer status report
B. Target wake time
C. BSS color
D. Guard interval
E. Long symbol time
F. Spatial reuse operation
C. BSS color
F. Spatial reuse operation
Which 802.11ax technology will result in higher data rates as opposed to enhanced efficiency?
A. OFDMA
B. TWT
C. 1024-QAM
D. BSS color
E. SRO
C. 1024-QAM
What is the default minimum size of a resource unit if 1024-QAM modulation is used by an 802.11ax radio?
A. 26-tone
B. 52-tone
C. 106-tone
D. 242-tone
E. 484-tone
D. 242-tone
Which 802.11ax technologies provide for multi-user communications?
A. OFDM
B. OFDMA
C. MIMO
D. SU-MIMO
E. MU-MIMO
F. TWT
G. SRO
B. OFDMA
E. MU-MIMO
How many subcarriers (tones) are in a 20 MHz OFDMA channel?
A. 52
B. 64
C. 78
D. 256
E. 312
D. 256
Which 802.11ax technology provides for mixing different QoS access categories of data when aggregating 802.11 frames?
A. OFDMA
B. Multi-TID AMPDU
C. MU-MIMO
D. TWT
E. SRO
B. Multi-TID AMPDU
Which frequency bands are defined for High Efficiency (HE) wireless communications? (Choose all that apply.)
A. 1 GHz
B. 2.4 GHz
C. 5 GHz
D. 6 GHz
E. 60 GHz
B. 2.4 GHz
C. 5 GHz
D. 6 GHz
Which multi-user technology is considered optional by the Wi-Fi Alliance? (Choose all that apply.)
A. Downlink OFDMA
B. Uplink OFDMA
C. Downlink MU-MIMO
D. Uplink MU-MIMO
D. Uplink MU-MIMO
When either DL-OFDMA or UL-OFDMA is employed, what is the purpose of a Wi-Fi 6 AP sending a multi-user request-to-send (MU-RTS) frame? (Choose all that apply.)
A. Reserve the RF medium
B. Contend for the RF medium
C. Resource unit allocation
D. Scheduled TWT
E. Intra-BSS deferral
A. Reserve the RF medium
Which of these 802.11ax PPDU formats is used for trigger frames?
A. HE SU
B. HE MU
C. HE ER SU
D. HE TB
B. HE MU
Which 802.11ax guard interval (GI) is intended solely for outdoor communications?
A. 0.4 microseconds
B. 0.8 microseconds
C. 1.6 microseconds
D. 3.2 microseconds
E. 6.4 microseconds
D. 3.2 microseconds
MU-MIMO communications is ideal for which real-world Wi-Fi environment?
A. High client density indoor Wi-Fi deployment
B. Active client roaming indoor Wi-Fi deployment
C. Point-to-point outdoor Wi-Fi bridge link
D. Point-to-multipoint outdoor Wi-Fi bridge link
D. Point-to-multipoint outdoor Wi-Fi bridge link
Which 802.11ax capability gives a Wi-Fi 6 client the capability to opt out of synchronized uplink communications and contend for the RF medium independently?
A. ROM
B. TOM
C. QAM
D. TWT
E. OBSS
B. TOM
Which type of wired access switch technology is the most important consideration when deploying 4×4:4 or 8×8:8 Wi-Fi 6 access points?
A. STP
B. SPB
C. AVB
D. PoE
E. IGMP
D. PoE
Which type of 802.11 frame is used during UL-OFDMA by Wi-Fi 6 clients to communicate to the AP about their transmit needs?
A. BSR
B. BSRP
C. MU-RTS
D. MU-BAR
E. BQRP
A. BSR
What are some of the key differences and advantages of OFDMA over MU-MIMO with 802.11ax radios? (Choose all that apply.)
A. Increased efficiency
B. Increased capacity
C. Best for high-bandwidth applications
D. Best for low-bandwidth applications
E. Best with small packets
F. Best with large packets
A. Increased efficiency
D. Best for low-bandwidth application
E. Best with small packets
802.11ax BSS color information is communicated at both the PHY layer and the MAC sublayer. Which of these statements are true about BSS color? (Choose all that apply.)
A. The primary BSS color identifiers are blue, red, and yellow.
B. The secondary BSS color identifiers are green, orange, and purple.
C. BSS color is a numerical identifier.
D. BSS color is an identifier of the basic service set.
E. BSS color is an identifier of the basic service area.
C. BSS color is a numerical identifier.
D. BSS color is an identifier of the basic service set.
2x BSS color and **set*
