Network Security (5)

Question 1

Which of the following wireless security protocols uses CCMP-AES for encryption?

WEP

WPA

WPA2

Answer 1

WPA2

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with CCMP-Advanced Encryption Standard (CCMP-AES)

Question 2

Which of the following was the first wireless LAN security protocol to come into common usage?

WEP

WPA

WPA2

Answer 2

WEP

Wired Equivalent Privacy (WEP) was the first wireless LAN security protocol to achieve widespread use in commercial products. This protocol was soon found to be vulnerable to attack, and it was replaced by Wi-Fi Protected Access (WPA), which added a stronger encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with a different type of encryption, called CCMP-Advanced Encryption Standard (CCMP-AES)

Question 3

Which of the following did the second version of the Wi-Fi Protected Access (WPA) protocol add to the standard?

CCMP-AES

MIMO

WEP

Answer 3

CCMP-AES

WPA2 adds Counter Mode Cipher Block Chaining Message Authentication Code Protocol - Advanced Encryption Standard (CCMP-AES), a new symmetric key encryption algorithm that strengthens the protocol’s security. Multiple-input and multiple-output (MIMO) is a multiplexing technology added to the IEEE 802.11n standard, not to WPA2. Wired Equivalent Protocol (WEP) is the predecessor to WPA; it is not part of WPA2. Temporal Key Integrity Protocol (TKIP) is the encryption algorithm used in the first version of WPA; it was not added in the second version

Question 4

You are setting up a wireless LAN in a friend’s home, using devices that conform to the IEEE 802.11g standard. You have installed and successfully tested the devices on an open network, and now you are ready to add security. Which of the following protocols should you choose to provide maximum security for the wireless network?

WEP

WPA2

IPsec

TLS

L2TP

Answer 4

WPA2

Wi-Fi Protected Access 2 (WPA2) will provide the maximum security for the wireless network, in part because it uses long encryption keys that change frequently. Wired Equivalent Privacy (WEP) has a number of vulnerabilities, including short, unchanging encryption keys, that make it less secure than WPA.

IPsec is a network layer security standard that does not provide the security needed for IEEE 802.11 wireless networks. Transport Layer Security (TLS) is a protocol that encrypts data exchanged by web servers and clients at the application layer. It does not provide adequate security for wireless LANs. Layer 2 Tunneling Protocol (L2TP) is a virtual private networking protocol; it does not provide adequate security for wireless networks

Question 5

CCMP-AES is an encryption protocol used with which of the following wireless network security standards?

WEP

WPA

WPA2

Answer 5

WPA2

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES) is an encryption protocol that is used with the Wi-Fi Protected Access II security protocol. WPA was created to replace the insecure Wired Equivalent Privacy (WEP) protocol, and WPA2 was created to replace the Temporal Key Integrity Protocol (TKIP) used in the first version of WPA. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages

Question 6

Which of the following encryption protocols was introduced in the Wi-Fi Protected Access II (WPA2) wireless security standard?

CCMP-AES

TKIP-RC4

EAP-TLS

TACACS+

Answer 6

CCMP-AES

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES) is an encryption protocol that is used with the Wi-Fi Protected Access II (WPA2) security protocol. WPA was created to replace the insecure Wired Equivalent Privacy (WEP) protocol, and WPA2 was created to replace the Temporal Key Integrity Protocol (TKIP) used in the first version of WPA. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages. EAP is used on wireless networks and point-to-point connections and supports dozens of different authentication methods, including Transport Layer Security (TLS). It is not the encryption protocol used with WPA2. Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches

Question 7

Which of the following best describes the process of whitelisting on a wireless network?

Using an access control list to specify the IP addresses that are permitted to access a wireless network

Using port protection to specify the well-known port numbers of applications that users are permitted to run over a wireless network

Using MAC filtering to create a list of devices that are permitted to access a wireless network

Answer 7

Using MAC filtering to create a list of devices that are permitted to access a wireless network

Whitelisting is the process of using MAC filtering to specify the hardware addresses of devices that are permitted to access a wireless network. Blacklisting, by contrast, is making a list of addresses that are denied access to the network

Question 8

Which of the following encryption protocols was introduced in the Wi-Fi Protected Access (WPA) wireless security standard?

CCMP-AES

TKIP-RC4

EAP-TLS

TACACS+

Answer 8

TKIP-RC4

Wi-Fi Protected Access (WPA) was created to replace the insecure Wired Equivalent Privacy (WEP) protocol and used Temporal Key Integrity Protocol (TKIP) with the RC4 cipher for encryption. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES) is an encryption protocol that is used with the Wi-Fi Protected Access II (WPA2) security protocol. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages. EAP is used on wireless networks and point-to-point connections and supports dozens of different authentication methods, including Transport Layer Security (TLS). It is not the encryption protocol used with WPA. Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches

Question 9

WEP

WPA

WPA2

Answer 9

WPA

Wi-Fi Protected Access (WPA) was created to replace the insecure Wired Equivalent Privacy (WEP) protocol and used the Temporal Key Integrity Protocol (TKIP) with the RC4 cipher. WPA was replaced by WPA2, which uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES) for encryption. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages

Question 10

A user calls the help desk, complaining that he can’t access any of the data on his computer. A message has also appeared on his screen stating that his data has been encrypted and that it will only be decrypted after he pays $768 in Bitcoin to an unknown address. Which of the following types of attacks has the user experienced?

War driving

Ransomware

Denial of service

Answer 10

Ransomware

Ransomware is a type of attack in which a user’s access to his or her data is blocked unless a certain amount of money is paid to the attacker. The blockages can vary from simple screen locks to data encryption. War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks. Denial of service is a type of attack that overwhelms a computer with traffic, preventing it from functioning properly. ARP poisoning is the deliberate insertion of fraudulent information into the ARP cache stored on computers and switches

Question 11

Which of the following attack types typically involve modifying network packets while they are in transit? (Choose all correct answers.)

Spoofing

Denial of service

Man in the middle

Logic bomb

Answer 11

Spoofing

Man in the middle

Spoofing is the process of modifying network packets to make them appear as though they are transmitted by or addressed to someone else. One way of doing this is to modify the MAC address in the packets to one that is approved by the MAC filter. A man-in-the-middle attack is one in which an attacker intercepts network traffic, reads the traffic, and can even modify it before sending it on to the destination. Denial of service is a type of attack that overwhelms a computer with traffic, preventing it from functioning properly, whereas a logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. Neither of these last two involves modifying network packets

Question 12

Which of the following types of attack involves the modification of a legitimate software product?

Social engineering

War driving

Logic bomb

Answer 12

Logic bomb

A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks. An evil twin is a fraudulent access point on a wireless network that mimics the SSID of a legitimate access point, in the hope of luring in users

Question 13

Which of the following steps can help to prevent war driving attacks from compromising your wireless network? (Choose all correct answers.)

Configure your access point to use a longer SSID.

Configure your access point not to broadcast its SSID.

Configure your clients and access point to use WPA2 security.

Configure your clients and access point to use WEP security.

Answer 13

Configure your access point not to broadcast its SSID.

Configure your clients and access point to use WPA2 security.

Configuring the access point not to broadcast its SSID will prevent a war driving attacker from seeing the network. Configuring your equipment to use Wi-Fi Protected Access II (WPA2) security will make it difficult for a war driver who detects your network to connect to it. The SSID is just an identifier; its length has no effect on security. Wired Equivalent Privacy (WEP) is a security protocol that has been found to have serious weaknesses

Question 14

On the fence outside your home, you happen to notice a small sticker that has the SSID of your wireless network written on it, along with the name of the security protocol your network is using. To which of the following attacks have you been made a victim?

War driving

War chalking

War tagging

Answer 14

War chalking

When a war driver locates a wireless network and marks it for other attackers, it is called war chalking. There are no such attacks as war tagging and war signing

Question 15

Which of the following is the name for an attack in which an intruder uses a Bluetooth connection to steal information from a wireless device, such as a smart phone?

Bluedogging

Bluesnarfing

Bluesmurfing

Answer 15

Bluesnarfing

Bluesnarfing is an attack in which an intruder connects to a wireless device using Bluetooth, for the purpose of stealing information. Bluejacking is the process of sending unsolicited messages to a device using Bluetooth. The other options do not exist

Question 16

Which of the following is the name for the process by which an individual uses a Bluetooth connection to send unsolicited text messages or other communications to a wireless device, such as a smartphone?

Bluedogging

Bluesmurfing

Bluejacking

Answer 16

Bluejacking

Bluejacking is the process of sending unsolicited text messages, images, or sounds to a smartphone or other device using Bluetooth. Bluesnarfing is an attack in which an intruder connects to a wireless device using Bluetooth, for the purpose of stealing information. The other options do not exist

Question 17

Which of the following types of denial-of-service (DoS) attack does not involve flooding a server with traffic?

Amplified

Reflective

Permanent

Answer 17

Permanent

Although a denial-of-service (DoS) attack typically involves traffic flooding, any attack that prevents a server from functioning can be called a DoS attack. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning. This can be a physical attack that actually damages the hardware, or the attacker can disable the server by altering its software or configuration settings. Flood-based attacks include the distributed denial-of-service (DDoS) attack, one in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website, in an attempt to overwhelm it and prevent it from functioning. An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target

Question 18

Which of the following statements best describes the difference between distributed and reflective denial-of-service (DoS) attacks?

A distributed DoS attack uses other computers to flood a target server with traffic, whereas a reflective DoS attack causes a server to flood itself with loopback messages.

A distributed DoS attack uses malware-infected computers to flood a target, whereas a reflective DoS attack takes advantage of other servers’ native functions to make them flood a target.

A reflective DoS attack uses malware-infected computers to flood a target, whereas a distributed DoS attack takes advantage of other servers’ native functions to make them flood a target.

Answer 18

A distributed DoS attack uses malware-infected computers to flood a target, whereas a reflective DoS attack takes advantage of other servers’ native functions to make them flood a target.

Distributed DoS attacks use hundreds or thousands of computers that have been infected with malware, called zombies, to flood a target server with traffic, in an attempt to overwhelm it and prevent it from functioning. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target. Neither attack type causes a computer to flood itself

Question 19

Which of the following terms refers to a denial-of-service (DoS) attack that places more of a burden on the target server than that of the flood of incoming traffic?

Amplified

Reflective

Distributed

Answer 19

Amplified

An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. Reflective and distributed DoS attacks use other computers to flood a target with traffic. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target. A distributed denial-of-service (DDoS) attack is one in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website, in an attempt to overwhelm it and prevent it from functioning. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning

Question 20

Which of the following types of attacks require no additional hardware or software components? (Choose all correct answers.)

Brute force

Social engineering

Denial of service

Phishing

Answer 20

Brute force

Social engineering

Denial of service

A brute-force attack is one in which an attacker uses repeated guesses to find a password, an open port, or some other type of sensitive data. A denial-of-service (DoS) attack floods a target server with traffic so that it is unable to function normally. While both of these attack types can be mounted using specialized software, they can also be the work of a lone attacker using nothing more than the tools provided on a standard workstation. Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. It requires nothing more than a telephone or an email client. Phishing is the term for an attack that uses bogus emails or websites designed to infect users with some type of malware

Question 21

Which of the following attack types are specifically targeted at wireless network clients? (Choose all correct answers.)

Logic bomb

Deauthentication

Evil twin

ARP poisoning

Answer 21

Deauthentication

Evil twin

Deauthentication is a type of denial-of-service (DoS) attack in which the attacker targets a wireless client by sending a deauthentication frame that causes the client to be disconnected from the network. The object of the attack is often to compel the client to connect to a rogue access point called an evil twin. An evil twin is a fraudulent access point on a wireless network that mimics the SSID of a legitimate access point, in the hope of luring in users. A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. ARP poisoning is the deliberate insertion of fraudulent information into the ARP cache stored on computers and switches. Neither of these last two is specifically targeted at wireless clients

Question 22

Which of the following is an effective method for preventing sensitive data from being compromised through social engineering?

Implement a program of user education and corporate policies.

Install an antivirus software product on all user workstations.

Install a firewall between the internal network and the Internet.

Answer 22

Implement a program of user education and corporate policies.

Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. No software or hardware solution can prevent it; the only way is to educate users of the potential dangers and establish policies that inform users what to do when they experience a social engineering attempt. Social engineering is not a virus or other form of malware, so an antivirus product has no effect against it. Social engineering is not implemented in network traffic, so a firewall cannot filter it. Social engineering is not implemented in network traffic, so IPsec cannot protect it

Question 23

Which of the following terms refer to denial-of-service (DoS) attacks that use other computers to flood a target server with traffic? (Choose all correct answers.)

Amplified

Reflective

Distributed

Permanent

Answer 23

Reflective

Distributed

Reflective and distributed DoS attacks use other computers to flood a target with traffic. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target. A distributed denial-of-service (DDoS) attack is one in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website, in an attempt to overwhelm it and prevent it from functioning. An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning

Question 24

In which of the following ways is VLAN hopping a potential threat?

VLAN hopping enables an attacker to scramble a switch’s patch panel connections.

VLAN hopping enables an attacker to rename the default VLAN on a switch.

VLAN hopping enables an attacker to access different VLANs using 802.1q spoofing.

Answer 24

VLAN hopping enables an attacker to access different VLANs using 802.1q spoofing.

VLAN hopping is a method for sending commands to switches to transfer a port from one VLAN to another. This can enable the attacker to connect his or her device to a potentially sensitive VLAN. VLAN hopping does not modify the switch’s patch panel connections, only its VAN assignments. It is not possible to rename a switch’s default VLAN. VLAN hopping does not enable an attacker to change a switch’s native VLAN

Question 25

Which of the following tools are needed by an individual performing a war driving attack? (Choose all correct answers.)

A stolen credit card number

A wireless-equipped computer or other device

A screwdriver

An automobile or other vehicle

A telephone

Answer 25

A wireless-equipped computer or other device

An automobile or other vehicle

War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks. It therefore requires nothing more than a vehicle and a wireless-equipped computer. The term driving in war driving refers to driving a vehicle, not a screw. A screwdriver is not required. War driving uses a wireless computer or other device to scan for open networks. A telephone is not required. War driving is means for locating unprotected networks; it does not require a credit card number, nor does it involve stealing them