Section 8: Securing Wireless and Mobile Solutions Flashcards
What two groups of people might use a guest wireless network?
- Visitors
- Employees on their lunch break
What is the difference between fat and thin wireless controllers?
Fat: standalone, has its own setting and DHCP addresses configured locally.
Thin: Pushes out the setting to multiple WAPs.
What is the WAP master password, and how would you protect it?
The admin password. Should be encrypted.
What two tasks can a Wi-Fi Analyzer perform?
- Troubleshoot wireless connectivity
- Discover a disabled SSID, which is inside a packet going to the WAP.
What is the purpose of MAC filtering?
Controls who can access a WAP. If your MAC address is not added to the WAP, then you are denied access.
Why should you place you first WAP on channel 1, your second WAP on channel 11, and you third WAP on channel 6?
To prevent interference by overlapping the wireless channels.
Why would an engineer carry out a site survey before installing a wireless network?
To ensure that the WAPs are placed where there is no interference.
Would you use online banking if you were in a hotel that uses Open Authentication? If not, what would you do instead?
No, because it is not secure. You could tether your 4G phone and then open a VPN connection to the bank.
What is the weakest version of wireless encryption?
WEP. Only has 40-bit encryption.
If a friend comes to visit you in your house and asks for the wireless password, what are you given them?
The Pre-Shared Key (PSK).
What is the most secure version of WPA2?
WPA2-CCMP. It uses AES encryption that is 128 bits.
When using WPA3-Personal, what replaces the pre-shared key?
Simultaneous Authentication of Equals (SAE). It is more secure as the password is never transmitted and is immune to offline attacks.
When using WPA3 wireless, what replaces WPA2-Open Authentication?
WiFi Enhanced Open. Does not use a password and prevents eavesdropping.
What is the most secure version of wireless?
WAP3. Uses AES encryption up to 256 bit. WPA2 only uses 128 bit encryption.
How do you access a wireless network if you use WPS, and what type of attack is it vulnerable against?
With WPS, you push the button to connect. Susceptible to a brute-force attack as it has a password stored on the device.
What is the purpose of a captive portal for a wireless network?
Can ask you to agree to an AUP and provide additional validation like email address/Facebook/Google account details. Can handle billing for premium connections.
What benefit does WPA3 bring to IoT devices?
WiFi Easy Connect makes it easy to connect IoT devices like smartphones by using a QR code.
What needs to be installed on the endpoint if you are going to use EAP-TLS for wireless authentication?
A x509 certificate.
If a user installs pirate software on their corporate laptop, which policy have they violated?
Acceptable Use Policy (AUP).
What would be the benefit of first-line support if the company were to adopt CYOD instead of BYOD?
There would be a limited number of devices to make support easier.
If you are staying in a hotel and their Wi-Fi is not working, how can you get access to the internet?
Use cellular phone as a hotspot.
If your cell phone has been lost or stolen, what should be done using MDM?
Remote wipe.
What three things should you do to protect the data stored on your smartphone?
- Screen locks
- Strong passwords
- FDE
If a company has suffered several thefts of company laptops, what could you use to prevent further thefts?
Tag the laptops, set up geofencing, RFID
How can you prevent company data separate from personal data on a cell phone that is being used as a BYOD device so that offboarding is easy to achieve?
Storage segmentation or containerization.
What is the purpose of SE Android?
To segment business data and prevent applications outside of the Knox container from accessing resources inside the container.
What is a wireless short-range payment type?
Near-Field Communication (NFC).
