8.2 Wireless Attacks
Which type of RFID tag can send a signal over a long distance? - Bluetooth - Passive - NFC - Active
Active
What is an initialization vector used for?
Used in encryption
How can you discover rogue access points?
radio frequency (RF) noise analysis
Which of the following sends unsolicited business cards and messages to a Bluetooth device? - Bluesnarfing - Slamming - Bluejacking - Bluebugging
Bluejacking
What is the difference between passive and active radio frequency identification (RFID) tags?
- Active RFID tags have onboard batteries and can send signals over a long distance. - Passive RFID is not powered and relies on the energy of the scanner to transmit data.
You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.) - Implement an intrusion prevention system (IPS). - Conduct a site survey. - Implement an intrusion detection system (IDS). - Check the MAC addresses of devices connected to your wired switch. - Implement a network access control (NAC) solution.
- Conduct a site survey. - Check the MAC addresses of devices connected to your wired switch.
Initialization vector (IV)
A seed value used in encryption. The seed value and the key are used in an encryption algorithm to generate additional keys or encrypt data.
Interference
A signal that corrupts or destroys a wireless signal. Interference can affect communication of access points and other wireless devices.
Which of the following best describes an evil twin? - An access point that is added to a network by an internal employee to provide unauthorized network access. - A Bluetooth device that receives mobile phone commands via bluebugging. - A threat agent that marks the outside of buildings to indicate the presence of a wireless network. - An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.
Rogue access points
Any unauthorized access point added to a network.
What is the difference between bluejacking and bluesnarfing?
Bluejacking looks for nearby devices that are in discovery mode and sends unwanted messages whereas Bluesnarfing exploits a vulnerability in the object exchange (OBEX) protocol that allows an attacker to pair to the target device.
Which type of interference is caused by motors, heavy machinery, and fluorescent lights? - NFC - RFI - RFID - EMI
EMI
Which type of attack is WEP extremely vulnerable to? - Cloning - IV attack - Evil twin - Bluesnarfing
IV attack
You are the security analyst for your organization. Clients are complaining about being unable to connect to the wireless network. After looking into the issue, you have noticed short bursts of high-intensity RF signals are interfering with your wireless network's signal. Which type of attack are you most likely experiencing? - Jamming - Disassociation - Bluesnarfing - Cloning
Jamming
Near Field Communication(NFC)
NFC allows two-way communication between two devices. The devices must be within a few centimeters of each other. NFC is a newer technology that is built on RFID.
Radio frequency identification
RFID uses radio waves to transmit data from small circuit boards called RFID tags to special scanners.
An attacker has intercepted near-field communication (NFC) data and is using that information to masquerade as the original device. Which type of attack is being executed? - Cloning - Relay - Disassociation - Bluesnarfing
Relay
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this? - Social engineering - Physical security - Rogue access point - Phishing - Man-in-the-middle attack
Rogue access point
Which of the following best describes Bluesnarfing? - Viewing calendar, emails, and messages on a mobile device without authorization - Executing commands on a mobile device - Sending anonymous electronic business cards - Cloning a mobile device
Viewing calendar, emails, and messages on a mobile device without authorization