6.2 Wireless Security; PBQs
Which of the following BEST describes the purpose of the wireless attack type known as wardriving? To find information that will help breach a victim's wireless network.
To find information that will help breach a victim's wireless network. Wardriving involves driving around in a vehicle equipped with a device that scans for wireless networks. The attacker collects information about the networks they encounter, such as SSIDs, signal strengths, and security settings, with the goal of identifying vulnerabilities that can be exploited to breach the network.
A company's security team recently discovered an unknown device connected to their network, and they suspect it could be a rogue device. The team wants to conduct scans and sweeps to locate and remove any unauthorized devices on the network. Which of the following are common types of scans or sweeps the team can use to locate rogue devices in the network? (Select two.) Active scanning Passive scanning
Active scanning: This involves actively probing the network for devices by sending out requests and waiting for responses. It helps identify and locate devices connected to the network in real time. Passive scanning: This method involves monitoring network traffic without actively sending out probes. It helps detect devices by observing their communication patterns and data transmissions on the network.
You have just discovered that a hacker is trying to penetrate your network using MAC spoofing. Which of the following BEST describes MAC spoofing? Changing a hacker's network card to match a legitimate address being used on a network.
Changing a hacker's network card to match a legitimate address being used on a network. MAC spoofing involves altering the MAC address of a network interface on a hacker's device to impersonate a legitimate device on the network. This can help the attacker bypass access control lists, network filters, and other security measures based on MAC addresses.
Which Wi-Fi attack uses a rogue access point configured with the same SSID as the organization's SSID? Evil twin
Evil twin An evil twin attack involves setting up a rogue access point that mimics the legitimate access point by using the same SSID. This tricks users into connecting to the rogue access point, allowing attackers to intercept communications and potentially steal sensitive information.
A company's security analyst wants to identify issues such as unauthorized devices and software or misconfigured hosts on the company network. Which of the following are the most commonly used methods for detecting any rogue devices on a network? (Select two.) Network scans Ping sweeps
Network scans: This method actively probes the network to identify all connected devices, helping to pinpoint unauthorized or rogue devices. Ping sweeps: This technique sends ICMP Echo requests to a range of IP addresses to identify active devices on the network. It's an effective way to detect devices that respond to ping requests.
Which of the following are the BEST methods for protecting against rogue devices and identifying rogue devices more easily? (Select two.) Port-based access control 802.1x network access control
Port-based access control: This method restricts network access to devices based on their physical port, ensuring only authorized devices can connect to the network. 802.1x network access control: This protocol provides an authentication mechanism for devices wishing to connect to the network, ensuring that only authorized devices are granted access.
An analyst reviews an alert detecting a rogue backend server being deployed behind the company's load balancer. The analyst attempts multiple map scans in hopes of identifying the possible threat but fails to reach the destination. What problem is presented in this instance? The screened subnet firewall is blocking the scans.
The screened subnet firewall is blocking the scans. A screened subnet firewall is designed to protect the network by filtering traffic based on predefined rules. In this case, it is likely preventing the map scans from reaching the rogue backend server, thus causing the analyst's attempts to fail.
Which of the following BEST describes a rogue access point attack? A hacker installing an unauthorized access point within a company
A hacker installing an unauthorized access point within a company A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a network administrator, often used by attackers to gain unauthorized access to the network.
A company has recently discovered that its network has become slow and unreliable, with frequent outages and disruptions. An IT staff member suspects that rogue devices on the network could be causing these issues. What are the BEST ways to identify rogue devices on a network? (Select three.) Use intrusion detection systems (IDS) to monitor network traffic and identify devices that do not belong on the network. Install endpoint security software on all devices connected to the network to monitor and control device access. Conduct network scans using tools like Nmap to identify active devices on the network.
Use intrusion detection systems (IDS) to monitor network traffic and identify devices that do not belong on the network. Install endpoint security software on all devices connected to the network to monitor and control device access. Conduct network scans using tools like Nmap to identify active devices on the network.
Which set of tools is often used to intercept the four-way handshake? aircrack-ng
aircrack-ng Aircrack-ng is a suite of tools designed for assessing WiFi network security. It includes capabilities for capturing and decrypting the four-way handshake, which is an essential step in the WPA/WPA2 authentication process.
