CEH exam questions module 7
Which of the following would you recommend as a means to deny network access by unauthorized wireless devices to network assets?
Wireless access control list
Which wireless standard works at 54 Mbps on a frequency range of 2.4 GHz?
802.11g
You have discovered an access point using WEP for encryption purposes. Which of the following is the best choice for uncovering the network key?
Aircrack
Which of the following statements are true regarding TKIP? (Choose all that apply.)
Temporal Key Integrity Protocol forces a key change every 10,000 packets., Temporal Key Integrity Protocol is an integral part of WPA
What is the integrity check mechanism for WPA2?
CBC-MAC
While on vacation, Joe receives a phone call from his identity alert service notifying him that two of his accounts have been accessed in the past hour. Earlier in the day, he did connect a laptop to a wireless hotspot at McDonald's and accessed the two accounts in question. Which of the following is the most likely attack used against Joe?
Honeyspot access point
An attacker successfully configured and set up a rogue wireless AP inside his target. As individuals connected to various areas, he performed a MITM attack and injected a malicious applet in some of the HTTP connections. This rerouted user requests for certain pages to pages controlled by the attacker. Which of the following tools was most likely used by the attacker to inject the HTML code?
Ettercap
You are discussing WEP cracking with a junior pen test team member. Which of the following are true statements regarding the initialization vectors? (Choose all that apply.)
IVs are 24 bits in length., IVs get reused frequently., IVs are sent in clear text.
Which of the tools listed here is a passive discovery tool?
Kismet
A pen test colleague is attempting to use a wireless connection inside the target's building. On his Linux laptop he types the following commands: ifconfig wlan0 down ifconfig wlan0 hw ether 0A:0B:0C:1A:1B:1C ifconfig wlan0 up What is the most likely reason for this action?
MAC filtering is enabled on the access point.
Which of the following is a true statement?
NetStumbler cannot monitor traffic on 802.11n networks.
Regarding SSIDs, which of the following are true statements? (Choose all that apply.)
SSIDs can be up to 32 characters in length. SSIDs are part of every packet header from the AP.
A pen test member is running the Airsnarf tool from a Linux laptop. What is she attempting?
Stealing usernames and passwords from an AP
The team has discovered an access point configured with WEP encryption. What is needed to perform a fake authentication to the AP in an effort to crack WEP? (Choose all that apply.)
The MAC address of the AP, The SSID
A pen test member has configured a wireless access point with the same SSID as the target organization's SSID and has set it up inside a closet in the building. After some time, clients begin connecting to his access point. Which of the following statements are true regarding this attack? (Choose all that apply.)
The rogue access point may be discovered by security personnel using NetStumbler. The rogue access point may be discovered by security personnel using NetSurveyor. The rogue access point may be discovered by security personnel using Kismet.
An attacker is attempting to crack a WEP code to gain access to the network. After enabling monitor mode on wlan0 and creating a monitoring interface (mon 0), she types this command: aireplay -ng -0 0 -a 0A:00:2B:40:70:80 -c mon0 What is she trying to accomplish?
To use deauthentication packets to generate lots of network traffic
Which of the following are true statements? (Choose all that apply.)
WEP uses shared-key encryption with RC4., WPA uses TKIP and AES encryption.
Which of the following is the best choice in searching for and locating rogue access points?
WIPS
Which of the following use a 48-bit initialization vector? (Choose all that apply.)
WPA, WPA2
Which of the following is a true statement regarding wireless security?
WPA2 is a better encryption choice than WEP.