What are of some of the common security capabilities often integrated within in access points deployed in a distributed WLAN architecture?
- A . Captive web portal
- B . Firewall
- C . Integrated RADIUS
- D . WIPS
- E . All of the above
In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?
- A . In home networks in which file and printer sharing is enabled
- B . At public hot-spots in which many clients use diverse applications
- C . In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities
- D . In university environments using multicast video training sourced from professor’s laptops
What are some of the purposes of the 4-Way Handshake? (Choose all that apply.)
- A . Transfer the GTK to the supplicant.
- B . Derive a PTK from the PMK.
- C . Transfer the GMK to the supplicant.
- D . Confirm cipher suites.
What kind of remote actions can an MDM administrator send to the mobile device over the Internet?
- A . Configuration changes
- B . Restrictions changes
- C . Locking the device
- D . Wiping the device
- E . Application changes
- F . All of the above
Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).
Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?
- A . Fragmentation threshold
- B . Administrative password
- C . Output power
- D . Cell radius
When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?
- A . The 802.1X Controlled Port is always blocked, but the Uncontrolled Port opens after the EAP authentication process completes.
- B . The 802.1X Controlled Port remains blocked until an IP address is requested and accepted by the Supplicant.
- C . The 4-Way Handshake must be performed before the 802.1X Controlled Port changes to the unblocked state.
- D . The 802.1X Controlled Port is blocked until Vender Specific Attributes (VSAs) are exchanged inside a RADIUS packet between the Authenticator and Authentication Server.
As an auditor you have been asked to determine if the WLAN access points and client devices have been configured with the proper encryption.
What should you use to answer this question for your customer? (Choose all that apply.)
- A . Written corporate security policy
- B . WLAN protocol analyzer
- C . Aircrack-ng
- D . coWPAtty
- E . Asleap
Which RADIUS packets can be sent from a RADIUS server to an access point when 802.1X/EAP is the deployed WLAN security solution? (Choose all that apply.)
- A . RADIUS Access-Request
- B . RADIUS Access-Challenge
- C . RADIUS Access-Accept
- D . RADIUS Access-Reject
What can happen when an intruder compromises the preshared key used during WPA/WPA2-Personal authentication? (Choose all that apply.)
- A . Decryption
- B . Eavesdropping
- C . Spoofing
- D . Encryption cracking
- E . Access to network resources
What are some of the advantages of using SAE authentication over PSK authentication? (Choose all that apply.)
- A . Protects against brute-force dictionary attacks.
- B . Protects against forgery and replay attacks.
- C . Protects against rogue APs and clients.
- D . PMKs cannot be compromised or regenerated.
- E . PMKs are no longer needed.
What protocols allow a network administrator to securely manage the configuration of WLAN controllers and access points? (Choose 2)
- A . SNMPv1
- B . HTTPS
- C . Telnet
- D . TFTP
- E . FTP
- F . SSHv2
What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?
- A . AKM Suite List
- B . Group Cipher Suite
- C . RSN Capabilities
- D . Pairwise Cipher Suite List
Which management protocols are often used between a network management server (NMS) and remote access points for the purpose of monitoring a WLAN? (Choose all that apply.)
- A . IPsec
- B . GRE
- C . CAPWAP
- D . DTLS
- E . SNMP
What would be the intended purpose of simulating Layer 2 deauthentication attacks as part of a WLAN audit?
- A . Audit Layer 1
- B . Audit Layer 2
- C . Audit the wired infrastructure
- D . Audit the WIPS
The science of concealing plaintext and then revealing it is known as ___________, and the science of decrypting the ciphertext without knowledge of the key or cipher is known as ____________.
- A . encryption, decryption
- B . cryptanalysis, cryptology
- C . cryptology, cryptanalysis
- D . cryptography, cryptanalysis
- E . cryptography, steganography
Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)
- A . Configuration distribution for autonomous APs
- B . Wireless vulnerability assessment
- C . Application-layer traffic inspection
- D . Analysis and reporting of AP CPU utilization
- E . Policy enforcement and compliance management
3DES has effective key sizes of how many bits? (Choose all that apply.)
- A . 56
- B . 64
- C . 112
- D . 128
- E . 168
- F . 192
What inputs are used by passphrase-PSK mapping to create a final 256-bit PSK during 802.11 PSK authentication? (Choose all that apply.)
- A . BSSID
- B . SNonce
- C . SSID
- D . Client MAC address
- E . AP MAC address
- F . Passphrase
- G . ANonce
A WIDS/WIPS consists of which of the following components? (Choose two.)
- A . WIDS/WIPS server
- B . Midspan injector
- C . Sensors
- D . MDM server
- E . SNMP server
Which encryption types can be used to encrypt and decrypt unicast traffic with the pairwise transient key (PTK) that is generated from a 4-Way Handshake? (Choose all that apply.)
- A . Temporal Key Integrity Protocol
- B . 3-DES
- C . Dynamic WEP
- D . CCMP
- E . Proprietary encryption
- F . Static WEP
What is some of the proper documentation needed prior to the WLAN security audit?
- A . Statement of work
- B . Liability waiver
- C . Nondisclosure agreement
- D . All of the above
What must occur in order for dynamic TKIP/ARC4 or CCMP/AES encryption keys to be generated? (Choose all that apply.)
- A . Shared Key authentication and 4-Way Handshake
- B . 802.1X/EAP authentication and 4-Way Handshake
- C . Open System authentication and 4-Way Handshake
- D . PSK authentication and 4-Way Handshake
What statement accurately describes the functionality of the IEEE 802.1X standard?
- A . Port-based access control with EAP encapsulation over the LAN (EAPoL)
- B . Port-based access control with dynamic encryption key management and distribution
- C . Port-based access control with support for authenticated-user VLANs only
- D . Port-based access control with mandatory support of AES-CCMP encryption
- E . Port-based access control, which allows three frame types to traverse the uncontrolled port: EAP, DHCP, and DNS.
Which of these types of EAP require a server-side certificate to create an encrypted TLS tunnel?
- A . EAP-TTLS
- B . EAP-PEAPv0 (EAP-MSCHAPv2)
- C . EAP-PEAPv0 (EAP-TLS)
- D . EAP-FAST
- E . EAP-PEAPv1 (EAP-GTC)
- F . EAP-LEAP
To calculate the capability Jeff should have on the network, which of the following can the NAC server use to initially identify and set his permission? (Choose all that apply.)
- A . Posture
- B . DHCP fingerprinting
- C . RADIUS attributes
- D . RADIUS CoA
- E . MDM profiles
Which of these attacks are wireless users susceptible to at a public-access hotspot? (Choose all that apply.)
- A . Wi-Fi phishing
- B . Happy AP attack
- C . Peer-to-peer attack
- D . Malicious eavesdropping
- E . 802.11 reverse ARP attack
- F . Man-in-the-middle
- G . Wireless hijacking
For an 802.1X/EAP solution to work properly with a WLAN, which two components must both support the same type of encryption?
- A . Supplicant and authenticator
- B . Authorizer and authenticator
- C . Authenticator and authentication server
- D . Supplicant and authentication server
When an attacker passively captures and examines wireless frames from a victim’s network, what type of attack is taking place?
- A . Injection
- B . Data destruction
- C . Frame manipulation
- D . Man in the middle
- E . Eavesdropping
Wired leakage occurs under which of the following circumstances?
- A . When weak wireless encryption is used
- B . When weak wireless authentication is used
- C . When wired broadcast traffic is passed through an AP
- D . When wired unicast traffic is passed through an AP
- E . When the protection mode is disabled on an AP
These qualifications for interoperability are usually based on key components and functions that are defined in the IEEE 802.11-2012 standard and various 802.11 amendments.
- A . Request for Comments
- B . Wi-Fi Alliance
- C . Federal Information Processing Standards
- D . Internet Engineering Task Force
- E . Wi-Fi CERTIFIED
CCMP is an acronym made up of multiple components.
Which of the following is an expanded version of this acronym? (Choose all that apply)
- A . Counter Mode with Cipher-Block Chaining Message Authentication Code Protocol
- B . Counter Message with Cipher-Block Chaining Mode Authentication Code Protocol
- C . CTR with CBC-MAC Protocol
- D . Counter Mode with CBC-MAC Protocol
- E . None of these is accurate.
Which RADIUS attribute is used to protect encapsulated EAP frames within RADIUS packets?
- A . (11) Filter-Id
- B . (26) Vendor-Specific
- C . (40) Acct-Status-Type
- D . (79) EAP-Message
- E . (80) Message-Authenticator
Which of these security methods is being considered by the Wi-Fi Alliance as a replacement for PSK authentication?
- A . Per-user/per-device PSK
- B . Wi-Fi Protected Setup (WPS)
- C . Simultaneous Authentication of Equals (SAE)
- D . EAP-PSK
- E . WPA2 Personal
After consulting your written security policy, to meet the new demands of an industry standard with which your organization must be compliant, an administrator logs into your WLAN controller and changes the authentication and encryption configurations on all your APs.
The help desk becomes overwhelmed with calls from angry users stating that they can no longer access the network. One by one, the users are reconfigured to reconnect to the network, causing significant loss of time.
Which portion of a well-written security policy is most likely missing from your company’s wireless security policy that caused this problem?
- A . External influence compliance
- B . Authentication requirements
- C . Encryption compliance
- D . Change control process
- E . User notification process
After consulting your written security policy, to meet the new demands of an industry standard with which your organization must be compliant, an administrator logs into your WLAN controller and changes the authentication and encryption configurations on all your APs.
The help desk becomes overwhelmed with calls from angry users stating that they can no longer access the network. One by one, the users are reconfigured to reconnect to the network, causing significant loss of time.
Which portion of a well-written security policy is most likely missing from your company’s wireless security policy that caused this problem?
- A . External influence compliance
- B . Authentication requirements
- C . Encryption compliance
- D . Change control process
- E . User notification process
168.80.5/24
User VLANS:
VLAN 201
VLAN 202
VLAN 203
SSIDs:
SSID-1: (employee) security: (802.1X/EAP/CCMP) – VLAN 201 – BSSID (00:08:12:43:0F:30)
SSID-2 (voice) security: (PSK/TKIP and WEP) – VLAN 202 – BSSID (00:08:12:43:0F:31)
SSID-3: (guest) security: (WEP) – VLAN 203 – BSSID (00:08:12:43:0F:32)
Based on the settings on Bob’s access point, what type of WLAN security exits within the coverage area of the AP? (Choose all that apply.)
- A . Closed security network
- B . Transition security network
- C . Pre-RSNA security network
- D . Open security network
- E . Robust security network
802.11 pre-RSNA security defines which wireless security solution?
- A . Dynamic WEP
- B . 802.1X/EAP
- C . 128-bit static WEP
- D . Temporal Key Integrity Protocol
- E . CCMP/AES
Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security.
The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).
How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?
- A . The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.
- B . The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.
- C . The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.
- D . The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4- Way Handshake prior to user authentication.
After viewing the frame capture in the graphic shown here, identify which type of encryption method is being used.
- A . TKIP
- B . CCMP
- C . xSec
- D . Fortress
- E . WEP
- F . AES
Given: In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation’s wireless network.
Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user’s connections. XYZ’s legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices.
With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?
- A . All WLAN clients will reassociate to the consultant’s software AP if the consultant’s software AP provides the same SSID on any channel with a 10 dB SNR improvement over the authorized AP.
- B . A higher SSID priority value configured in the Beacon frames of the consultant’s software AP will take priority over the SSID in the authorized AP, causing the clients to reassociate.
- C . When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant’s software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software AP.
- D . If the consultant’s software AP broadcasts Beacon frames that advertise 802.11g data rates that are faster rates than XYZ’s current 802.11b data rates, all WLAN clients will reassociate to the faster AP.
Which of these alarms should be configured to send an automatic notification to the WIPS administrator’s phone and/or email account? (Choose all that apply.)
- A . Man-in-the-middle attack detected
- B . Unauthorized client detected
- C . Rogue AP detected
- D . Unauthorized AP detected
What is another name for a wireless hijacking attack?
- A . Wi-Fi phishing
- B . Man-in-the-middle
- C . Fake AP
- D . Evil twin
- E . AirSpy
Which of these terms best describes a measure of uncertainty associated with a random variable?
- A . Entropy
- B . Encryption
- C . Encapsulation
- D . Encoding
Which of these tools are required for a proper WLAN security audit? (Choose all that apply.)
- A . Spectrum analyzer
- B . WLAN protocol analyzer
- C . WLAN penetration testing software tools
- D . Global positioning sensor (GPS)
- E . Cameras
In an IEEE 802.11-compliant WLAN, when is the 802.1X Controlled Port placed into the unblocked state?
- A . After EAP authentication is successful
- B . After Open System authentication
- C . After the 4-Way Handshake
- D . After any Group Handshake
Which of these authentication methods are supported by RADIUS and can be used for WLAN security? (Choose all that apply.)
- A . Hologram authentication
- B . Captive web portal authentication
- C . MAC authentication
- D . TSA authentication
- E . 802.1X/EAP authentication
Tammy, the WLAN security engineer, has recommended to management that WPA-Personal security not be deployed within the ACME Company’s WLAN.
What are some of the reasons for Tammy’s recommendation? (Choose all that apply.)
- A . Static passphrases and PSKs are susceptible to social engineering attacks.
- B . WPA-Personal is susceptible to brute-force dictionary attacks, but WPA-Personal is not at risk.
- C . WPA-Personal uses static encryption keys.
- D . WPA-Personal uses weaker TKIP encryption.
- E . 802.11 data frames can be decrypted if the passphrase is compromised.
What is the recommended ratio of WIPS sensors providing security monitoring to access points that are providing access for WLAN clients?
- A . 1:2
- B . 1:3
- C . 1:4
- D . 1:5
- E . Depends on the customer’s needs
Laura is attempting to diagnose a WLAN by using a packet analyzer to capture the exchange of frames and packets between a wireless client and the AP.
In the process of analyzing the packets, she sees two 802.11 authentication frames, two 802.11 association frames, and DHCP requests and responses, and then she begins to see encrypted data.
Which of the following could the client be using? (Choose all that apply.)
- A . Open System authentication
- B . Shared Key authentication
- C . 802.1X/EAP
- D . WEP
- E . IPsec
What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)
- A . 802.11w frame protection protects against some Layer 2 denial-of-service (DoS) attacks, but it cannot prevent all types of Layer 2 DoS attacks.
- B . When frame protection is in use, the PHY preamble and header as well as the MAC header are encrypted with 256- or 512-bit AES.
- C . Authentication, association, and acknowledgment frames are protected if management frame protection is enabled, but deauthentication and disassociation frames are not.
- D . Management frame protection protects disassociation and deauthentication frames.
The IEEE 802.11-2012 standard requires an authentication and key management protocol (AKMP) that can be either a preshared (PSK) or an EAP protocol used during 802.1X/EAP authentication.
What is another name for PSK authentication? (Choose all that apply.)
- A . Wi-Fi Protected Setup
- B . WPA/WPA2-Personal
- C . WPA/WPA2-PSK
- D . WPA/WPA2-Preshared Key
- E . WPA/WPA2-Passphrase
When two client stations are already associated to an AP, which handshake is used to create a different unicast key that the two client stations can use for a private conversation while they remain associated to the AP?
- A . Mesh Group Key Handshake
- B . Group Key Handshake
- C . 4-Way Handshake
- D . 2-Way Handshake
- E . TDLS Peer Key Handshake
What operations must occur before the virtual controlled port of the authenticator becomes unblocked? (Choose all that apply.)
- A . 802.1X/EAP authentication
- B . 4-Way Handshake
- C . 2-Way Handshake
- D . RADIUS proxy
Bob the WLAN administrator is troubleshooting an IPsec VPN problem that has been deployed as the security solution over a point-to-point 802.11 wireless bridge link between two buildings. Bob cannot get the VPN tunnel to establish and notices that there is a certificate error during the IKE Phase 1 exchange.
What are the possible causes of this problem? (Choose all that apply.)
- A . The VPN server behind the root bridge is using AES-256 encryption, and the VPN endpoint device behind the nonroot bridge is using AES-192 encryption.
- B . The VPN server behind the root bridge is using SHA-1 hash for data integrity, and the VPN endpoint device behind the nonroot bridge is using MD-5 for data integrity.
- C . The root CA certificate installed on the VPN device behind the nonroot bridge was not used to sign the server certificate on the VPN server behind the root bridge.
- D . The clock settings of the VPN server that is deployed behind the root bridge predate the creation of the server certificate.
- E . The public/private IP address settings are misconfigured on the VPN device behind the nonroot bridge.
Which of the following are the security measures that are needed to maintain the security of wireless LAN?
Each correct answer represents a complete solution. Choose all that apply.
- A . WIDS
- B . Firewalls
- C . WLAN controller
- D . WIPS
This graphic shows a WLAN discovery tool screen capture.
How many SSIDs are configured with cloaking enabled? (Choose all that apply.)
- A . None
- B . At least ten
- C . One
- D . Ten
- E . Exact number cannot be determined
Which technologies use the RC4 or ARC4 cipher? (Choose all that apply.)
- A . Static WEP
- B . Dynamic WEP
- C . PPTP
- D . L2TP
- E . MPPE
You have been tasked with configuring a secure WLAN for 600 APs at the corporate offices. All the APs and employee Windows laptops have been configured for 802.1X/EAP.
The domain user accounts are failing authentication with every attempt. After looking at some packet captures of the authentication failures, you have determined that an SSL/TLS tunnel is never created.
After viewing the graphic shown here, determine the possible causes of the problem. (Choose all that apply.)
- A . The Windows laptops are missing a client certificate.
- B . The incorrect root certificate is selected in the supplicant.
- C . The server certificate has expired.
- D . PACs have not been provisioned properly.
- E . The root certificate has expired.
You must locate non-compliant 802.11 devices.
Which one of the following tools will you use and why?
- A . A spectrum analyzer, because it can show the energy footprint of a device using WPA differently from a device using WPA2.
- B . A spectrum analyzer, because it can decode the PHY preamble of a non-compliant device.
- C . A protocol analyzer, because it can be used to view the spectrum energy of non-compliant 802.11 devices, which is always different from compliant devices.
- D . A protocol analyzer, because it can be used to report on security settings and regulatory or rule compliance
What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in an 802.11 WLAN?
- A . EAP-TTLS sends encrypted supplicant credentials to the authentication server, but EAP-TLS uses unencrypted user credentials.
- B . EAP-TTLS supports client certificates, but EAP-TLS does not.
- C . EAP-TTLS does not require an authentication server, but EAP-TLS does.
- D . EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP-TLS does.
As defined by the 802.11-2012 standard, which of these authentication methods can be used by a client station to establish a pairwise master key security association (PMKSA)? (Choose all that apply.)
- A . PSK authentication
- B . WEP authentication
- C . 802.1X/EAP authentication
- D . Open authentication
- E . SAE authentication
Which of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?
- A . It does not support a RADIUS server.
- B . It is not a valid EAP type.
- C . It does not support mutual authentication.
- D . It does not support the outer identity.
Which WLAN architectural models typically require support for 802.1Q tagging at the edge on the network when multiple user VLANs are required? (Choose all that apply.)
- A . Autonomous WLAN architecture
- B . Centralized WLAN architecture
- C . Distributed WLAN architecture
- D . None of the above
What software and hardware tools are used in the process performed to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network?
- A . A low-gain patch antenna and terminal emulation software
- B . MAC spoofing software and MAC DoS software
- C . RF jamming device and a wireless radio card
- D . A wireless workgroup bridge and a protocol analyzer
Given: An 802.1X/EAP implementation includes an Active Directory domain controller running Windows Server 2012 and an AP from a major vendor. A Linux server is running RADIUS and it queries the domain controller for user credentials.
A Windows client is accessing the network.
What device functions as the EAP Supplicant?
- A . Linux server
- B . Windows client
- C . Access point
- D . Windows server
- E . An unlisted switch
- F . An unlisted WLAN controller
What preventative measures are performed by a WIPS against intrusions?
- A . EAPoL Reject frame flood against a rogue AP
- B . Evil twin attack against a rogue AP
- C . Deauthentication attack against a classified neighbor AP
- D . ASLEAP attack against a rogue AP
- E . Uses SNMP to disable the switch port to which rogue APs connect
Which organization is responsible for the creation of documents known as Requests for Comments?
- A . IEEE
- B . ISO
- C . IETF
- D . Wi-Fi Alliance
- E . RFC Consortium
You must support a TSN as you have older wireless equipment that will not support the required processing of AES encryption.
Which one of the following technologies will you use on the network so that a TSN can be implemented that would not be required in a network compliant with 802.11-2012 non-deprecated technologies?
- A . WEP
- B . RC4
- C . CCMP
- D . WPA2
What 802.11 WLAN security problem is directly addressed by mutual authentication?
- A . Wireless hijacking attacks
- B . Weak password policies
- C . MAC spoofing
- D . Disassociation attacks
- E . Offline dictionary attacks
- F . Weak Initialization Vectors
Although your organization’s written policy and many external policy influences may require only periodic scanning for rogue devices, you are trying to make a case for deploying a WIPS.
What are some of the benefits of using a WIPS to achieve policy compliance that make it more desirable than using periodic handheld or laptop-based scanning solutions? (Choose all that apply.)
- A . WIPSs are less expensive and easier to implement.
- B . WIPSs can provide 24-hour scanning and protection.
- C . WIPSs are a more scalable solution for security.
- D . WIPSs can correlate across multiple locations.
- E . WIPSs can provide both compliance and security.
What security vulnerabilities may result from a lack of staging, change management, and installation procedures for WLAN infrastructure equipment? (Choose 2)
- A . The WLAN system may be open to RF Denial-of-Service attacks
- B . WIPS may not classify authorized, rogue, and neighbor APs accurately
- C . Authentication cracking of 64-bit Hex WPA-Personal PSK
- D . Management interface exploits due to the use of default usernames and passwords for AP management
- E . AES-CCMP encryption keys may be decrypted
In a point-to-point bridge environment where 802.1X/EAP is used for bridge authentication, what device in the network acts as the 802.1X supplicant?
- A . Nonroot bridge
- B . WLAN controller
- C . Root bridge
- D . RADIUS server
- E . Layer 3 core switch
What are some of the recommendations that might be made to a customer after a successful WLAN security audit? (Choose all that apply.)
- A . Physical security
- B . Employee training
- C . Dynamic RF configuration
- D . Monitoring capabilities
- E . AP and client power settings
What encryption methods are defined by the IEEE 802.11-2012 standard? (Choose all that apply.)
- A . 3DES
- B . WPA-2
- C . SSL
- D . TKIP
- E . CCMP
- F . WEP
Evan has configured a laptop and an AP, each with two WEP keys. WEP key 1 is the same on both devices, and WEP key 2 is the same on both devices.
He configured the laptop to use WEP key 1 to encrypt its data. He configured the AP to use WEP key 2 to encrypt its data. Will this configuration work?
- A . No, since there is only one WEP key on each device.
- B . No, since the value of the WEP key must be identical on both the laptop and the AP.
- C . Yes, as long as the value of WEP key 1 is identical on both computers and the value of WEP key 2 is identical on both computers.
- D . Yes. The laptop and AP will only use the first WEP key, so as long as the value of these keys is identical, the configuration will work.
- E . Yes. The laptop and AP will attempt to use each of the WEP keys when decrypting a frame.
What is the main purpose of using a WLAN protocol analyzer during the Layer 2 analysis of a WLAN security audit? (Choose all that apply.)
- A . Identifying unauthorized devices
- B . Auditing the wired infrastructure
- C . Performing penetration testing
- D . Validating security compliance of authorized devices
- E . Auditing the WIPS
What type of WLAN security is depicted by this graphic?
- A . RSN
- B . TSN
- C . VPN
- D . WPS
- E . WMM
What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?
- A . Fast/secure roaming in an 802.11 RSN is significantly longer when EAP-TLS is in use.
- B . EAP-TLS does not protect the client’s username and password inside an encrypted tunnel.
- C . EAP-TLS cannot establish a secure tunnel for internal EAP authentication.
- D . EAP-TLS is supported only by Cisco wireless infrastructure and client devices.
- E . EAP-TLS requires extensive PKI use to create X.509 certificates for both the server and all clients, which increases administrative overhead.
ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways.
They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.
What types of wireless attacks are protected by 802.11w? (Choose 2)
- A . RF DoS attacks
- B . Layer 2 Disassociation attacks
- C . Robust management frame replay attacks
- D . Social engineering attacks
Which method of guest management can be used by a company to gather valuable personal information about guest users?
- A . Social login
- B . Kiosk mode
- C . Receptionist registration
- D . Self-registration
- E . Employee sponsorship
Which of these radio form factors are used in 802.11 WIDS/WIPS sensors? (Choose all that apply.)
- A . Sensor with 2.4 GHz and 5 GHz radio
- B . Sensor with 5 GHz radio and software-defined radio (SDR) for both 2.4 and 5 GHz
- C . Sensor with three radios: 2.4 GHz, 5 GHz, and SDR radio
- D . Sensor with 2.4 GHz radio, 5 GHz radio, and spectrum analyzer chip
- E . Sensor with 900 MHz radio, 2.4 GHz radio, and 5 GHz radio
- F . Depends on the vendor
Which of these radio form factors are used in 802.11 WIDS/WIPS sensors? (Choose all that apply.)
- A . Sensor with 2.4 GHz and 5 GHz radio
- B . Sensor with 5 GHz radio and software-defined radio (SDR) for both 2.4 and 5 GHz
- C . Sensor with three radios: 2.4 GHz, 5 GHz, and SDR radio
- D . Sensor with 2.4 GHz radio, 5 GHz radio, and spectrum analyzer chip
- E . Sensor with 900 MHz radio, 2.4 GHz radio, and 5 GHz radio
- F . Depends on the vendor
Which of these radio form factors are used in 802.11 WIDS/WIPS sensors? (Choose all that apply.)
- A . Sensor with 2.4 GHz and 5 GHz radio
- B . Sensor with 5 GHz radio and software-defined radio (SDR) for both 2.4 and 5 GHz
- C . Sensor with three radios: 2.4 GHz, 5 GHz, and SDR radio
- D . Sensor with 2.4 GHz radio, 5 GHz radio, and spectrum analyzer chip
- E . Sensor with 900 MHz radio, 2.4 GHz radio, and 5 GHz radio
- F . Depends on the vendor
Which of these radio form factors are used in 802.11 WIDS/WIPS sensors? (Choose all that apply.)
- A . Sensor with 2.4 GHz and 5 GHz radio
- B . Sensor with 5 GHz radio and software-defined radio (SDR) for both 2.4 and 5 GHz
- C . Sensor with three radios: 2.4 GHz, 5 GHz, and SDR radio
- D . Sensor with 2.4 GHz radio, 5 GHz radio, and spectrum analyzer chip
- E . Sensor with 900 MHz radio, 2.4 GHz radio, and 5 GHz radio
- F . Depends on the vendor
SSID: ABCVoice VLAN 60 Security: WPA2-Personal 2 current clients
Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.
What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?
- A . Only the members of the executive team that are part of the multicast group configured on the media server
- B . All clients that are associated to the AP using the ABCData SSID
- C . All clients that are associated to the AP using any SSID
- D . All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.
Which of the following encryption methods use symmetric algorithms? (Choose all that apply.)
- A . WEP
- B . TKIP
- C . Public-key cryptography
- D . CCMP
Which of the following can be used with a wireless network to segment or restrict access to parts of the network? (Choose all that apply.)
- A . VLANs
- B . WPA-2
- C . Firewall
- D . 802.11i
- E . RBAC
Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly.
When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful.
Before using the WLAN protocol analyzer, Mary’s laptop connected to the network without any problems.
What statement indicates why Mary cannot access the network from her laptop computer?
- A . The nearby WIPS sensor categorized Mary’s protocol analyzer adapter as a threat and is performing a deauthentication flood against her computer.
- B . The PEAP client’s certificate was voided when the protocol analysis software assumed control of the wireless adapter.
- C . The protocol analyzer’s network interface card (NIC) drivers are still loaded and do not support the version of PEAP being used.
- D . Mary’s supplicant software is using PEAPv0/EAP-MSCHAPv2, and the access point is using PEAPv1/EAP- GTC.
What type of files are used by the MDM profiles for Apple Mac OS and iOS devices? (Choose all that apply.)
- A . HTTP
- B . XML
- C . JAVA
- D . PHP
- E . Python
Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards.
The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.
What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?
- A . EAP-FAST
- B . EAP-TLS
- C . PEAPv0/EAP-MSCHAPv2
- D . LEAP
- E . PEAPv0/EAP-TLS
- F . EAP-TTLS/MSCHAPv2
When developing a security policy, it is important to include many influences such as internal requirements, governmental regulations, and industry standards.
When is it allowable not to include a specific external influence in your policy development?
- A . When there is little to no chance of being audited for compliance
- B . When your organization is not part of the applicable audience of the external policy influence
- C . When implementing wireless devices without the knowledge of the governing body that developed the external policy
- D . When adherence to the external regulation or standard is cost prohibitive
An HT client STA is transmitting to an HT AP using modulation and coding scheme (MCS) #12 that defines 16-QAM modulation, two spatial streams, a 40-MHz bonded channel, and an 800 ns guard interval to achieve a data rate of 162 Mbps.
According to the IEEE, which types of encryption should be used by the HT client STA? (Choose all that apply.)
- A . Static WEP
- B . Dynamic WEP
- C . TKIP/ARC4
- D . CCMP/AES
- E . All of the above
How does a RADIUS server communicate with an authenticator? (Choose all that apply.)
- A . UDP ports 1812 and 1813
- B . TCP ports 1645 and 1646
- C . Encrypted TLS tunnel
- D . Encrypted IPsec tunnel
- E . RADIUS IP packets
- F . EAPOL frames
You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer grade wireless routers.
The wireless routers will connect to a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.
To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?
- A . WPA-Enterprise
- B . 802.1X/EAP-PEAP
- C . WPA2-Enterprise
- D . WPA2-Personal
The IEEE 802.11-2012 standard mandates this encryption for robust security network associations and the optional use of which other encryption?
- A . WEP, AES
- B . IPsec, AES
- C . MPPE, TKIP
- D . TKIP, WEP
- E . CCMP, TKIP
What type of WLAN attacks might be detected by a distributed WIDS/WIPS solution using a signature analysis software engine? (Choose all that apply.)
- A . PS-Poll flood
- B . Deauthentication attack
- C . Protocol fuzzing
- D . Virtual carrier attack
- E . CTS flood attack
- F . Zero day attack
What is some of the operation information that an 802.11k-2008Ccompliant client station may receive in the neighbor report from an 802.11k-2008Ccompliant access point (AP)? (Choose all that apply.)
- A . BSSID of neighbor AP
- B . PHY types supported by neighbor AP
- C . APSD support of neighbor AP
- D . Channel number of neighbor AP
- E . All of the above
What are the available form factors for network management server (NMS) solutions? (Choose all that apply.)
- A . Hardware appliance
- B . Virtual appliance
- C . Software subscription service
- D . Integrated access point
The Wi-Fi Alliance is responsible for which of the following certification programs? (Choose all that apply.)
- A . WPA2
- B . WEP
- C . 802.11-2012
- D . WMM
- E . PSK
Which Layer 2 protocol is used for authentication in an 802.1X framework?
- A . PAP
- B . MS-CHAPv2
- C . EAP
- D . CHAP
- E . MS-CHAP
Within an 802.1X infrastructure framework, what is the name of the device that communicates directly with a RADIUS server using the RADIUS protocol? (Choose all that apply.)
- A . Authenticator
- B . RADIUS ports
- C . Network access server
- D . LDAP integration
- E . RADIUS client
- F . Supplicant
What type of WLAN attacks might be detected by a distributed WIDS/WIPS solution using a behavioral analysis software engine? (Choose all that apply.)
- A . EAP flood attack
- B . Deauthentication attack
- C . Protocol fuzzing
- D . Fake AP attack
- E . CTS flood attack
- F . Zero day attack
What is the difference between the inner and outer identity?
- A . Only the authentication server provides its credentials in the outer identity response.
- B . The inner identity is only for authentication server credentials provided to the supplicant.
- C . The inner identity must correspond to the outer identity for realm-based authentications.
- D . The outer identity is in plain text; the inner identity is securely transmitted inside a TLS tunnel.
- E . The outer identity is only for authentication server credentials provided to the supplicant.
Bob has been tasked with designing an 802.1X/EAP solution for the corporate WLAN. The company headquarters and datacenter reside in Denver. Employees need secure WLAN access at 15 remote offices in other cities.
Which of these RADIUS deployment models guarantees secure WLAN connectivity even if a remote WAN link goes down? (Choose the best answer.)
- A . Single-site deployment
- B . Distributed autonomous sites
- C . Distributed sites, centralized RADIUS and LDAP
- D . Distributed sites with RADIUS, centralized LDAP
- E . Distributed sites with RADIUS proxy, centralized RADIUS and LDAP