Several computers are having network connectivity issues. Two of the computers are wired and are not having any issues. The technician verifies that none of the computers having issues have been assigned a static IP.
Which of the following should the technician check NEXT?
A . Check the closest AP for the area.
B . Check each wireless adapter switch
C . Check the group’s network switch.
D . Check the DHCP server.
Answer: D
Fred works primarily from home and public wireless hotspots rather than commuting to office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.
In this remote scenario, what single wireless security practice will provide the greatest security for Fred?
A . Use enterprise WIPS on the corporate office network.
B . Use 802.1X/PEAPv0 to connect to the corporate office network from public hotspots.
C . Use secure protocols, such as FTP, for remote file transfers.
D . Use an IPSec VPN for connectivity to the office network.
E . Use only HTTPS when agreeing to acceptable use terms on public networks.
F . Use WIPS sensor software on the laptop to monitor for risks and attacks.
Answer: D
What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hotspots?
A . Require Port Address Translation (PAT) on each laptop.
B . Require secure applications such as POP, HTTP, and SS
D . Require VPN software for connectivity to the corporate network.
E . Require WPA2-Enterprise as the minimal WLAN security solution.
Answer: C
You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet.
What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)
A . Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.
B . Use internal antennas.
C . Use external antennas.
D . Power the APs using Po
Answer: A
During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text.
From a security perspective, why is this significant?
A . The username can be looked up in a dictionary file that lists common username/password combinations.
B . The username is needed for Personal Access Credential (PAC) and
C . 509 certificate validation.
D . 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.
E . The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.
Answer: D
In XYZ’s small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2Personal.
What statement about the WLAN security of this company is true?
A . Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.
B . Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.
C . A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.
D . An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.
E . An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user’s 4-Way Handshake.
Answer: C
In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation’s wireless network. Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user’s connections. XYZ’s legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices.
With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?
A . When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant’s software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software A
C . If the consultant’s software AP broadcasts Beacon frames that advertise 802.11g data rates that are faster rates than XYZ’s current 802.11b data rates, all WLAN clients will reassociate to the faster A
E . A higher SSID priority value configured in the Beacon frames of the consultant’s software AP will take priority over the SSID in the authorized AP, causing the clients to reassociate.
F . All WLAN clients will reassociate to the consultant’s software AP if the consultant’s software AP provides the same SSID on any channel with a 10 dB SNR improvement over the authorized A
Answer: A
Which one of the following is not a role defined in the 802.1X authentication procedures used in 802.11 and 802.3 networks for port-based authentication?
A . AAA Server
B . Authentication Server
C . Supplicant
D . Authenticator
Answer: A
What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?
A . EAP-GTC
B . PEAP
C . EAP-TTLS
D . LEAP
E . H-REAP
Answer: B
ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.
As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication?
A . MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.
B . When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.
C . MS-CHAPv2 uses AES authentication, and is therefore secure.
D . MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.
E . LEAP’s use of MS-CHAPv2 is only secure when combined with WE
Answer: A