Mod 6: Active 802 Exploitation - PE

Question 1

What device/devices does a de-authentication attack target?

• Access Point
• Client
• Both of the above
• None of the above

Answer 1

Client

Question 2

Which two of the following are goals an attacker might have when conducting a de-authentication attack?

• Increasing latency between Access Point and client, degrading service
• Forcing the target to flush it’s ARP cache and send an ARP request
• Causing the target to connect to an Access Point controlled by the attacker
• Capture the password being transmitted from the client to the Access Point

Answer 2

Forcing the target to flush it’s ARP cache and send an ARP request

Question 3

[TRUE / FALSE]

WEP is inherently more secure than WPA due to it’s usage of a static key.

Answer 3

FALSE

Question 4

What is the purpose of an ARP request replay attack?

• Actively gather initialization vectors (IVs)
• Overloading the Access Point in order to degrade service
• Passively gather initialization vectors(IV’s)
• Overload the Access Point in order to deny service

Answer 4

Actively gather initialization vectors (IVs)

Question 5

What encryption standard was adopted by WPA/WPA2 as an improvement over the previous standard?

• DES
• RSA
• PGP
• AES

Answer 5

AES

Question 6

[TRUE / FALSE]

WEP is inherently more secure than WPA due to it’s usage of a static key.

Answer 6

FALSE

Question 7

[TRUE / FALSE]

TKIP ( Temporal Key Integrity Protocol) prevents replay attacks by implementing a sequence counter.

Answer 7

TRUE

Question 8

What encryption standard was adopted by WPA/WPA2 as an improvement over the previous standard?

• DES
• RSA
• PGP
• AES

Answer 8

AES

Question 9

[TRUE / FALSE]

When using WPA-PSK, since the encryption strength is constant, password complexity provides no benefit.

Answer 9

FALSE