12
The IEEE 802.11___ standard is also known as Wi-Fi 5.
802.11ac
The limitations of using higher frequencies is counteracted through implementing ___________ cell sizes.
smaller
The preferred method to break WEP encryption is through using a _______ ______ attack.
statistical analysis attack.
What is the frequency of operation for NFC devices?
13.56 MHz
Worldwide, there are _______ channels allocated for use in the 2.4 GHz ISM band.
14
What is the max data rate for Z-Wave transmissions?
100 Kbps
What is the max transmit power and typical range for Power Class 1 interfaces?
100 mW and 100 meters
Bluetooth 4.0 Low Energy supports typical ranges up to _______ (n) meters while Bluetooth 5.0 Low Energy increased the max typical range to _______ (n) meters.
10; 40
What is the maximum number of attempts required to guess the WPS PIN value using the reaver tool
11,000
Which type of frame is protected by 802.11w amendment?
Management Frames
What 3 components are required to create a Classic Bluetooth Security (Link) Key? Which part(s) is/are sent during the pairing process?
BD_ADDR, PIN value, and some Random Numbers Only the Random numbers are sent during the pairing process. - The PIN is never transmitted - The BD_ADDR is only transmitted when in Discoverable mode
What network architecture utilizes a single AP in master mode?
Basic Service Set (BSS)
WPA2 employs the _____________encryption scheme.
CCMP
Encryption attempts to secure this aspect of wireless communications.
Confidentiality
May be compromised by the unbounded nature of wireless communications.
Confidentiality
Three components of the camera.
sensor, lens, and image processor
What is another term used for SSID?
ESSID
Which mode of deployment requires the use of 802.1X/EAP for authentication and key delivery
Enterprise
In a 4G LTE cellular network, the _____________ component within the Radio Access Network controls the RAN by coordinating hand-offs, frequency spectrum management, and forwarding traffic between the RAN and the control network.
Evolved NodeB (eNB)
What is the biggest security concern with RFID?
"Skimming" and duplication of RFID tags
For Bluetooth Low Energy 4.0 Max Data Rate: ____ Typical Max Range: ____ Max Payload Size: ___
1 Mbps 10 meters 39 bytes
Bluetooth 4.0 Low Energy frames have a max payload size of ________ (n) bytes while Bluetooth 5.0 Low Energy increased the max payload size to ________ (n) bytes.
1 byte; 2 bytes
What is the max transmit power and typical range for Power Class 3 interfaces?
1 mW and 1 meter
Within the U.S. full-power transmission is limited to channels ___ to _____ in the 2.4 GHz ISM band. Channels ____ and ____ can be used in low-power operations.
1 to 11 in US. 12 and 13 low-power
In what five frame subtypes can an SSID value be found?
1. Beacon 2. Probe Request 3. Probe Response 4. Association Request 5. Re-Association Request
3 methods of Denial of Service Attacks
1. CTS Attack 2. De-Authentication Attack 3. Jamming
What are the 3 NFC modes of operation?
1. Card Emulation 2. Discovery (read & write) 3. Peer-to-peer communications
2 styles of Man-in-the-Middle Attacks
1. Evil Twin (Rogue AP) 2. ARP Cache poisoning
What are the components of an NFC system?
1. Initiator 2. Target
What are the 3 methods of Captive Portal Bypass
1. MAC Address Spoofing 2. IP Address Spoofing 3. Covert Tunneling
What are the three major components of an RFID system?
1. Reader/Interrogator 2. Antenna 3. Tag
5 reasons of a De-Authentication attack
1. Reveal hidden SSID 2. Stimulate EAPOL 4-way handshake 3. Denial of Service 4. Flush ARP cache 5. Entice victim to join Evil T
What are the two types of Active Tags?
1. Transponder - transmits when interrogated 2. Beacon - transmits on a periodic basis
What makes intercepting Bluetooth traffic difficult?
1. Use of FHSS modulation -Unique and long hopping pattern -Pattern may have been altered due to AFH 2. Standard Bluetooth interfaces do not support "monitor-mode" passive sniffing
What is the max transmit power and typical range for Power Class 1.5 interfaces?
10 mW and 20 meters
lassic Bluetooth devices support connections up to ______ (n) meters for normal use cases. Classic Bluetooth can support connections up to a maximum of ______ (n) meters.
10 meters; 100 meters
What is the typical max range of transmission for ZigBee devices?
10 to 20 meters
What is the hopping rate for Classic Bluetooth operations?
1600 hops per second
Bluetooth 4.0 Low Energy supports data rates up to ______ (n) Mbps while Bluetooth 5.0 Low Energy increased the max data rate to ______ (n) Mbps.
1; 2
For Bluetooth Low Energy 5.0 Max Data Rate: ____ Typical Max Range: ____ Max Payload Size: ___
2 Mbps 40 meters 257 bytes
Mobile cellular devices typically have ________ or ________ antennas dedicated for cellular communications. These antennas come in two categories: Answer andAnswer
2 or 4
In what frequency band does BLE operate?
2.4 GHz ISM Band
In what frequency range does Classic Bluetooth operate?
2.4 GHz ISM Band
What is the most common frequency range for ZigBee networks?
2.4 GHz ISM band
Classic Bluetooth operates in the _____ (n) GHz frequency band.
2.4 ghz
Bluetooth Low Energy (BLE) operates in the ________ (n) GHz frequency band using FHSS over 40 total channels; _______ (n) data channels and ________(n) advertising channels.
2.4 ghz; 37 data; 3 advertising
What is the max transmit power and typical range for Power Class 2 interfaces?
2.5 mW and 10 meters
EDGE is considered a ______ cellular technology from the _______ standards body.
2.5G; 3GPP
GPRS is considered a _______ cellular technology from the _______ standards body.
2.5G; 3GPP
What is the maximum payload for an unencrypted legacy IEEE 802.11 frame?
2304 bytes
What is the maximum number of devices on Z-Wave networks?
232
Initialization Vectors (IVs) used to randomize WEP encryption keys are _______-bits in length.
24
WEP IVs are __________________ bits long.
24
NB-IoT systems support data rates up to _____ Kbps.
250
What is the max data rate for ZigBee communications?
250 Kbps
GSM is considered a _____ cellular technology from the ______ standards body.
2G; 3GPP
Classic Bluetooth devices support data rates up to _______ (n) Mbps.
3
How many MAC addresses are in a typical Wi-Fi frame? What are they?
3 MAC addresses typically Source, Destination, & BSSID
What is the maximum data rate for Bluetooth Classic?
3 Mbps
In how many frequency ranges can RFID operate?
3 different frequency ranges (LF, HF, and UHF)
Each spatial stream in a 3x3:2 MIMO system has a max data rate of 150 Mbps. What is the maximum data rate for the system?
300 Mbps
In the 5 GHz UNII band, the 1st channel is channel number ______ .
36
HSPA is considered a _______ cellular technology from the _______ standards body.
3G; 3GPP
UMTS is considered a _______ cellular technology from the ______ standards body.
3G; 3GPP
What standards body created CDMA during the 2G cellular technology?
3GPP2
On how many channels/frequencies does BLE networks hop?
40 total: 37 data channels and 3 advertising channels.
Using the latest attack methods and tools, with as few as _________________ frames there is a 50% chance to successful recover a 104-bit WEP key.
40,000
What is the max data rate of transmission for NFC?
424 Kbps
Which cellular technology eliminated all circuit-switched networks and passes all traffic, including voice, across packet-switched IP network connections?
4G LTE
LTE-Advanced is considered a _______ cellular technology from the ______ standards body.
4G; 3GPP
LTE is considered a ______ cellular technology from the ______ standards body.
4g; 3GPP
In the 2.4 GHz band, there must be _______ channels of separation in order to prevent overlap.
5
What is the maximum number of devices in a ZigBee network?
65,535
Classic Bluetooth uses FHSS modulation to hop across how many frequencies?
79
For WPA/WPA2-Personal, the pre-shared key (or passphrase) can be what length of characters?
8-63 case-sensitive alphanumeric or exactly 64 hexadecimal
The IEEE 802.11___ standard is also known as Wi-Fi 6.
802.11ax
The IEEE 802.11___ standard is also known as Wi-Fi 4.
802.11n
The 802.11___ amendment provides an open standard for mesh network based on Wi-Fi standards.
802.11s
GSM devices must support encryption mode, which is all encryption turned off.
A5/0
The ________ encryption used on GSM/UMTS cellular networks only provides protection for voice calls. Broken in 2009, an attacker using open-source software and rainbow tables can decrypt traffic in near-real time.
A5/1
The _______ encryption scheme used on GSM/UMTS cellular networks protects voice and data connections.
A5/3
What is the stream cipher used by CCMP?
AES
The recovery of a WEP encryption key allows an attacker to decrypt _______ traffic ever encrypted with that key.
ALL (past, present and future)
Which style of a Man-in-the-Middle attack can insert a wireless attacker between two wired devices on the target network?
ARP Cache Poisoning
Attack used to stimulate large amounts of WEP-encrypted data for key recovery
ARP Request Replay
What is the term used to describe taking advantages of vulnerabilities of Bluetooth Profiles after establishing a connection to a target device?
Abusing Profiles
During ________________ scanning, a station transmits Probe Request frames and listens for Probe Response frames from nearby Wi-Fi networks.
Active
What are the different types of RFID tags?
Active - has own power source Passive - powered through inductive coupling of the magnetic field from the reader
What radio card mode is used for client-to-client communications without the use of an AP
Ad hoc mode
What allows Classic Bluetooth devices to alter their hopping sequences to avoid channels with interference?
Adaptive Frequency Hopping (AFH)
If an attacker possesses knowledge of the passphrase, what else do they need to be able to decrypt WPA/WPA2-Personal protected data?
Anonce & Snonce values found in the EAPOL 4-way handshake
A station can not transmit or receive data frames until the _______________________ phase has been successfully completed.
Association
What is the term used to describe using malicious code embedded in QR codes to execute malware on a victim device?
Attack Tagging or "attaggin"
Hardest aspect of wireless communications to secure or harden.
Availability
What unique value can indicate to which network a data frame belongs?
BSSID
In a 2G GSM cellular network, the _____________ component within the Radio Access Network controls the RAN by coordinating hand-offs, frequency spectrum management, and forwarding traffic between the RAN and the control network.
Base Station Controller (BSC)
In a 2G GSM cellular network, the _____________ component within the Radio Access Network houses the antennas.
Base Transciever Station (BTS)
Infrastructure Service Sets consists of what two sub-categories of network architecture?
Basic Service Set (BSS) & Extended Service Set (ESS)
5G cellular networks plan to implement __________ to focus the transmitted signal towards the user equipment (UE).
Beam Forming
Before transmitting, every Wi-Fi station conducts a ___________ to attempt to avoid collisions.
Before transmitting, every Wi-Fi station conducts a Clear Channel Assessment (CCA) to attempt to avoid collisions.
What defines security mechanisms and various applications for various Bluetooth uses?
Bluetooth Profiles
What marketing term describes devices capable of operating in BLE only?
Bluetooth Smart
What marketing term describes devices capable of operating in both Classic Bluetooth and BLE?
Bluetooth Smart Ready
Which methods Denial of Service can impact other networks near the intended target
CTS Attack and Jamming
2 or 4 of these antenna are present on mobile devices
Cellular Antennas
What are the two security models? Which is more secure?
Centralized and Distributed Centralized is more secure
Uses wider channels to transmit data faster. Can use 2, 4, or 8 channels at a time.
Channel Bonding
What kind of frame is a Clear-to-Send frame?
Control
What kind of frame is an Acknowledgement frame?
Control
What type of frame is always in plaintext (unencrypted)?
Control
Which portion of the Classic Bluetooth protocol stack is hardware-based, not user-accessible, and where encryption is implemented?
Controller Layer
What attack returns a spoofed IP address to redirect a victim to that IP address.
DNS Spoofing
What is the term used to describe changing a Bluetooth interface's name, service class, and/or BD_ADDR in order to bypass connection restrictions?
Device Identity Manipulation
What are examples of an Omnidirectional Antenna
Dipole or Whip
The three steps, in proper order, that every station must go through to connect to an 802.11 service set are _______, _________ and __________.
Discovery, Authentication, and Association.
Functions as primary input device on many mobile devices.
Display
Cellular antenna on mobile devices capable of receive-only functionality
Diversity Cellular Antenna
What is the name of the group of attacks against WPA3
Dragonblood
During what process does the PMK value get calculated in a WPA3-Personal protected network?
During the Dragonfly Key Exchange that happens in the Authentication phase of joining the network using Simultaneous Authentication of Equals (SAE) authentication.
802.11 networks must support _____________ in order to operate on channels in the 5 GHz UNII-2 and UNII-2-Extended bands to avoid interference with any local radar.
Dynamic Frequency Selection
In a 4G LTE cellular network, the Radio Access Network portion of the network is called ______________.
E-UTRAN
In a 4G LTE cellular network, the _____________ component within the Radio Access Network houses the antennas.
Evolved NodeB (eNB)
What network architecture utilizes two or more APs in master mode connected by a common Distribution System?
Extended Service Set (ESS)
The BD_ADDR is transmitted in the header of Bluetooth frames. TRUE or FALSE
FALSE, the BD_ADDR is NOT transmitted in the header of Bluetooth frames.
In the United States, the ___________________ is the regulatory domain controlling RF spectrum usage.
FCC
Classic Bluetooth uses ________ (n) modulation.
FHSS
____________________are small devices provided by mobile network operators for providing a cellular station in poor indoor coverage areas. These devices implement a complete protocol stack and may be able to be modified by attackers to perform effective rogue base station attacks
Femtocells
This technique allows a transmitter to send multiple Layer 2 frames in a single transmission. Requires the use of Block Acknowledgements.
Frame Aggregation
One of the enhancements that may be implemented in 5G cellular networks is to reduce the number of channels required for the air interface. This is accomplished through the use of a single ________ duplex channel on the air interface vice the two channels required by older generations of cellular technologies.
Full
__________is the encryption scheme used with WPA3.
GCMP
In a 2G GSM cellular network, the Radio Access Network portion of the network is called ______________.
GERAN
Other than the Diversity Cellular Antenna, which common antenna type on a mobile device is receive-only?
GPS
Receive-only antenna used to determine physical location
GPS Antenna
In 4G cellular networks, the IMSI value is replaced with a temporary identifier called the ______.
GUTI
What are the two ZigBee security modes? Which is more secure?
High Security and Standard High Security is more secure
Highly focused beam for long-range communication up to 30-miles
Highly-directional
On a Classic Bluetooth protocol stack, what is the interface called between the user-accessible protocols implemented on the Bluetooth host and the typically inaccessible protocols implemented on the Bluetooth controller?
Host Controller Interface (HCI)
Which portion of the Classic Bluetooth protocol stack is software-based, user-accessible, and is where profiles can be found?
Host Layer
What Bluetooth discovery method attempts to guess the BD_ADDR as being "off-by-one" from the Wi-Fi MAC address of the same device?
Hybrid Discovery
The ___________ is an international organization that creates and maintains a variety of standards (communications, electrical, etc.) to include the Wi-Fi protocol standard.
IEEE
What open standard is used by ZigBee devices at Layers 1 & 2?
IEEE 802.15.4
The _______ is a unique 15-digit identifier found in cellular networks that could be used to identify and track mobile subscribers.
IMSI
The ________________ is the United Nation's agency responsible for coordinating global use of the RF spectrum, satellite orbits, and international communications standards.
ITU
What open standard do Z-Wave devices use at Layers 1 & 2?
ITU-T Recommendation G.9959
If ________________ is used, WEP encryption must be implemented. If WEP encryption is implemented, both the above authentication type or __________ can be used.
If Shared Key Authentication (SKA) is used, WEP encryption must be implemented. If WEP encryption is implemented, both the above authentication type or Open System can be used.
If WPA2 encryption is implemented, __________ authentication must be used.
If WPA2 encryption is implemented, Open System authentication must be used.
What network architecture utilizes no APs but instead has client-to-client communications?
Independent Basic Service Set (IBSS)
What term is used to describe a Wi-Fi network that has 1 or more AP with the radio card in master mode?
Infrastructure Service Set
May be compromised by Man-in-the-Middle attacks.
Integrity
What type of Rogue AP attacks reply to every Probe Requests heard as the SSID being probed for
KARMA or MANA
This attack attempts to decrypt previously captured WPA/WPA2 traffic by re-installing previously used key streams.
KRACK (Key Reinstallation Attack)
The cellular IoT technology of _________________ is more suited for applications that required lower latency and mobility.
LTE-M
The air interface between the user equipment (UE) and radio access network (RAN) in a 4G LTE network is called the _____ channel.
LTE-Uu
What is the biggest security threat to Z-Wave operations?
Lack of use of the optional encryption
What is the key value used to generate the pseudorandom hopping sequence?
MAC Address of the Master device
Captive portals typically determine whether or not a client is authorized by comparing the client's reported _____ address and/or ____ address against a permit list of allowed stations.
MAC; IP
The use of Massive ____________ in 5G cellular networks allows for more antennas at each site which in turn support a greater number devices being able to connect per cell.
MIMO
Employs multiple antennas and radio chains simultaneously to send data to a single destination.
MIMO (Multiple Input/Multiple Output)
This technique allows an AP to transmit to multiple clients (up to 4) simultaneously.
MU-MIMO
What radio card mode is used for a normal Infrastructure client?
Managed mode
What kind of frame is a De-authentication frame?
Management
What kind of frame is a Probe Request?
Management
What type of frame is used to discover, authenticate, join and leave Wi-Fi networks?
Management
What are the 3 types of Wi-Fi Frames?
Management, Control, & Data
What radio card mode is used for a normal Infrastructure AP?
Master mode
What architecture does a Bluetooth piconet use?
Master-Slave structure formed in an ad hoc fashion
What technique allows devices to use extra antenna/radio chains to receive extra RF energy to improve signal quality?
Maximal Ratio Combining (MRC)
How many devices can participate in a piconet?
Maximum of 8 total devices. 1 Master device and up to 7 Slave devices.
What network topologies are supported by Z-Wave networks?
Mesh
A WLAN that conforms to the IEEE 802.11s standard is known as a ________ service set.
Mesh Basic
A ______________ acts as gateway between a Wi-Fi mesh network to another network.
Mesh Portal Point
What radio card mode is used to allow a station to act as a routing node in a mesh network?
Mesh mode
One of the network enhancement techniques is the use of __________ wave frequencies. The use of this frequency range allows for greater data rates and for more devices to be connected the cellular network.
Millimeter
The use of UMA technology introduce security concerns of _______ attacks and ______ catchers via the Wi-Fi connection.
MitM attacks and IMSI catchers
What radio card mode is used to "sniff" traffic without joining a network?
Monitor mode
2G GSM networks, and some 3G networks through backwards compatibility, are vulnerable to MitM attacks via rogue base stations due to lack of __________.
Mutual Authentication
The cellular IoT technology of _________________ supports use cases that are more latency tolerant and have fixed location.
NB-IoT
Antenna constructed of a loop of wire
NFC/RFID Antenna
In a 3G UMTS cellular network, the _____________ component within the Radio Access Network houses the antennas. component within the Radio Access Network houses the antennas.
NodeB
If an attacker has the passphrase and a EAPOL handshake from User A on a WPA3-Personal network, what can that attacker decrypt?
Nothing
This technique allows an AP to transmit to multiple clients (up to 9) simultaneously.
OFDMA
Provide 360 degree coverage around the axis of the antenna
Omnidirectional
What is the maximum number of attempts required to guess the WPS PIN value using the pixie dust tool
One
What is the minimum number of MAC addresses in a Wi-Fi frame?
One
Devices may be compromised through publicly-known vulnerabilities in ....
Out of Date Software
This attack attempts to perform a dictionary attack against WPA/WPA2-PSK passphrase without capturing a full EAPOL 4-way handshake
PMKID attack
During ________________ scanning, a stations listens for beacon frames advertising Wi-Fi networks.
Passive
Which mode of deployment uses a pre-shared key that needs to be configured on each device that joins the network?
Personal
What are the two modes of deployment that can be used by WPA, WPA2 and WPA3 protected networks?
Personal and Enterprise
Poor passcode hygiene could end with a compromise of ...
Physical Security
What is the max power and approximate range for a class 3 bluetooth interface?
Power 1 mW, approx range is 1 meter
What is the max power and approximate range for Class 1.5 bluetooth interface
Power 10 mW, approx range is 20 meters
What is the max power and approximate range for Class 1 bluetooth interface?
Power 100 mW, Approx range is 100 meters
What is the max power and approximate range for a class 2 bluetooth interface
Power 2.5 mW, approx range is 10 meters
Most OSs offer some type _____________ to store Wi-Fi network settings to simplify the process of joining a WLAN.
Preferred Network List (PNL
What are the keys used by WPA/WPA2-Personal networks
Preshared Key (PSK) Pairwise Master Key (PMK) Pairwise Transient Key (PTK) Group Transient Key (GTK)
Cellular antenna on mobile devices capable of two-way communications
Primary Cellular Antenna
Mobile cellular devices typically have 2 or 4 antennas dedicated for cellular communications. These antennas come in two categories: What are the two categories?
Primary and Diversity
______________is the stream cipher used by WEP and TKIP.
RC4
In a 3G UMTS cellular network, the _____________ component within the Radio Access Network controls the RAN by coordinating hand-offs, frequency spectrum management, and forwarding traffic between the RAN and the control network.
RNC
Provides access to the radio frequency (RF) physical layer.
Radio Adapter
What type of memory does a Mobile device use for processing?
Ram
What optional privacy feature is available for BLE devices?
Randomly generated BD_ADDR for each connection
This tool conducts an online brute force attack to recover the WPS PIN value
Reaver
What attack attempts to invalidate legitimate Security Keys to create an opportunity for an attacker to capture a new "initial" pairing?
Repairing attack
What radio card mode is used to extend the range of another AP by relaying traffic?
Repeater mode
_____________________ is an optional protocol that can be used to minimize excessive collisions in networks where "hidden nodes" exist and are causing Clear Channel Assessments to function improperly.
Request-to-send (RTS) / Clear to send (CTS)
Downside of using Higher Orders of Modulation to increase data rates
Requires higher Signal-to-Noise Ratios. More susceptible to interference.
_________ is a suite of protocols used by telecommunication providers to set-up, route, tear-down, and bill calls on the PSTN.
SS7
What term is used to describe a Wi-Fi network name?
SSID or ESSID
Provides coverage in a beam pattern less than 120 degrees.
Semi-directional
What Bluetooth protocol can be used to enumerate what services are available on a potential target device?
Service Discovery Protocol (SDP)
What are the communication modes supported by NFC?
Simplex (one-way) Half-Duples (two-way) Full-Duplex (two-way)
If WPA3 encryption is implemented, _____________authentication must be used.
Simultaneous Authentication of Equals (SAE)
What is the maximum number of MAC addresses in a Wi-Fi frame?
Six
Email phishing is a form of ....
Social Engineering
Stations can _______ to multiple APs to speed up roaming, but they can ________ to only one AP at a time.
Stations can Authenticate to multiple APs to speed up roaming, but they can Associate to only one AP at a time.
Comes in the form of RAM memory and Flash memory.
Storage
What frequency range does Z-Wave networks operate?
Sub-1 GHz (865 - 926 MHz)
The Bluetooth discovery method of Traffic Analysis attempts to read the 24-bit Lower Address Part (LAP) out of the _____ _____ and reverse engineer the 8-bit Upper Address Part (UAP) from the ________.
Sync Word and Checksum.
Houses CPU, GPU, display and video processors, cellular modems, and other hardware functionality.
System-on-a-Chip (SoC)
WPA employs the __________________encryption scheme.
TKIP
Which two encryption schemes were introduced by the IEEE 802.11i admendment
TKIP and CCMP
In 2G & 3G networks, the IMSI value is replaced with a temporary identifier called the ______
TMSI
The 802.11 Prime standard has a Max Data Rate of ______ Mbps and operates in ______ frequency band(s).
The 802.11 Prime standard has a Max Data Rate of 2 Mbps and operates in 2.4 GHz frequency band(s).
The 802.11a standard has a Max Data Rate of ____ Mbps and operates in _____ frequency band(s).
The 802.11a standard has a Max Data Rate of 54 Mbps and operates in 5 GHz frequency band(s).
The 802.11ac standard has a Max Data Rate of ____ Mbps (per stream) with a max of ___ spatial streams and operates in ______ frequency band(s).
The 802.11ac standard has a Max Data Rate of 867 Mbps (per stream) with a max of 8 spatial streams and operates in 5 GHz frequency band(s).
The 802.11ad standard has a max data rate of ______ Gbps and operates in the ______frequency range.
The 802.11ad standard has a max data rate of 6.7 Gbps and operates in the 60 GHz frequency range.
The 802.11ax standard has a Max Data Rate of _____ Mbps (per stream) with a max of ___ spatial streams and operates in _____ frequency band(s).
The 802.11ax standard has a Max Data Rate of 1200 Mbps (per stream) with a max of 8 spatial streams and operates in the 2.4 and 5 GHz frequency band(s).
The 802.11b standard has a Max Data Rate of ____ Mbps and operates in ____ frequency band(s).
The 802.11b standard has a Max Data Rate of 11 Mbps and operates in 2.4 GHz frequency band(s).
The 802.11g standard has a Max Data Rate of ____ Mbps and operates in ______ frequency band(s).
The 802.11g standard has a Max Data Rate of 54 Mbps and operates in 2.4 GHz frequency band(s).
The 802.11n standard has a Max Data Rate of ____ Mbps (per stream) with a max of ____ spatial streams and operates in ____ frequency band(s).
The 802.11n standard has a Max Data Rate of 150 Mbps (per stream) with a max of 4 spatial streams and operates in the 2.4 and 5 GHz frequency band(s).
From where is the BSSID value typically derived?
The MAC address of the radio card of the AP
What portion of a data frame can be encrypted?
The payload (Layer 3 and up)
If an attacker has the passphrase and a EAPOL handshake from User B on a WPA2-Personal network, what can that attacker decrypt?
Traffic from User B for that session after the handshake
This technique uses phase differentials of transmissions from omnidirectional antennas to focus energy on the intended recipient.
Transmit Beamforming
What network topologies are supported in ZigBee networks?
Tree, Star, or Mesh
Wi-Fi Calling is the marketing term used to identify the __________ technology.
UMA
In a 3G UMTS cellular network, the Radio Access Network portion of the network is called ______________.
UTRAN
The air interface between the user equipment (UE) and radio access network (RAN) in a 2G GSM network is called the _____ channel.
Um
An ACK is expected after what type of Wi-Fi frame?
Unicast
The air interface between the user equipment (UE) and radio access network (RAN) in a 3G UMTS network is called the _____ channel.
Uu
_________ (n) provides communications for implant and wearable electronics. Coverage is typically about 1 meter.
WBAN
__________ was the original encryption type available at the initial development of the IEEE 802.11 standard.
WEP
WEP encryption keys are either ____-bits or ____-bits in length.
WEP encryption keys are either 40 or 104
__________ (n) are typically designed to provide coverage for home and offices spaces but can be extended further. Wi-Fi is the most common protocol used.
WLAN
__________ (n) provide a dedicated communications channel that spans a city-sized area. Typically maintained by a service provider and leased to customer.
WMAN
__________ (n) were originally used to connect peripherals to a workstation but now used for many IoT implementations. Typically limited to 10 meters.
WPAN
A ________ (n) is a collection of devices which monitor and record aspects of the environment around them. Often operate in mesh environment in order to pass data node to node.
WSN
A _________ (n) covers large geographic area by aggregating/multiplexing multiple communication channels together.
WWAN
What kind of frame is a Beacon frame?
What kind of frame is a Beacon frame?
The ____________________________ is responsible for issuing certifications for inter-vendor compatibility of Wi-Fi standards.
Wi-Fi Alliance
What certification was developed to protect open public Wi-Fi hotspots using WPA3 features like Dragonfly Key Exchange and Opportunistic Wireless Encrypton?
Wi-Fi Certified Enhanced Open
Networks which include implants and wearable devices. Typical coverage up to 1 meter.
Wireless Body Area Network (WBAN
Wi-Fi devices operating in Wireless Bridge mode only associate with devices in ________________________ mode.
Wireless Bridge
Home and office networks. Most common protocol is Wi-Fi. Typical coverage up to 100 meters.
Wireless Local Area Network (WLAN)
Dedicated communication channels leased to customers by service providers. City-sized networks. Typical range up to 30 miles.
Wireless Metropolitan Area Networks (WMAN)
Wireless connection of peripheral devices via Bluetooth, ZigBee, Z-Wave, etc. Typical coverage area up to 10 meters.
Wireless Personal Area Networks (WPAN)
Groups of dedicated sensors to monitor and record their environment. Typically low-power/short-range communications deployed in mesh architecture .
Wireless Sensor Networks (WSN)
Connect widely separated networks via multiplexed channels. Regional to global connections.
Wireless Wide Area Networks (WWAN)
What are the 3 types of ZigBee devices?
ZigBee Coordinator (ZC) ZigBee Router (ZR) ZigBee End Device (ZED)
A wireless network topology that grants unauthenticated users limited network access is known as a __________.
a walled garden.
The ____________ attack attempts to establish a MitM position within an LTE network allowing attackers to potentially redirect web traffic and decrypt network-based encryption?
aLTEr
Examples of common sensors:
accelerometer, gyroscope, digital compass, ambient light sensor, and proximity sensor Turn
Amplifiers provide ______ (n) gain by injecting extra energy into the communications path between the radio the antenna.
active
The Bluetooth discovery method of ________ (n) uses inquiry scanning to find the BD_ADDRs of Bluetooth devices in discoverable mode.
active directory
________ (n) allows Classic Bluetooth devices to alter their hopping sequences to avoid channels with interference.
adaptive frequency hopping
What is the max range of operation for RFID systems?
approximately 300 feet
A typical QR code can store how many alphanumeric characters?
appx. 4000 (4296)
A typical QR code can store how many numeric characters?
appx. 7000 (7,089)
The_______ (n) aspect of the Information Assurance triad is often the hardest to ensure in wireless communications.
availability
Encryption attempts to address the inherent security risk of _______ (n)
confidentiality
Bluetooth devices advertise their BD_ADDR and device name when operating in the _____ (n) mode of operation.
discoverable
Bluetooth devices advertise their BD_ADDR and device name when operating in what mode of operation?
discoverable mode
On many mobile devices, the _______ (n) also functions as the primary input mechanism.
display
Of the two categories of cellular antennas, the _______ (n) is receive only
diversity
Mobile devices use _______ (n) memory for storage.
flash
LTE-M systems support ______ duplex operation.
full
NB-IoT systems support ______ duplex operation.
half
On a Classic Bluetooth protocol stack, the _______ (n) is the interface between the user-accessible protocols implemented on the Bluetooth host and the typically inaccessible protocols implemented on the Bluetooth controller.
host controller interface
The Bluetooth discovery method of ________ (n) attempts to guess the BD_ADDR as being "off-by-one" from the Wi-Fi MAC address of the same device.
hybrid discovery
Man-in-the-Middle attacks attempt to compromise the ________ (n) aspect of the Information Assurance triad.
integrity
What is the typical range of transmission for NFC?
less than 4 centimeters
What are the three parts of BD_ADDR?
non-significant address part (NAP), upper address part (UAP), and lower address part (LAP)
LTE-M systems support data rates up to _____ Mbps.
one
The trust model used on 2G GSM cellular networks is known as _____________________ authentication.
one-way
Mobile devices using operating systems or applications with publicly known vulnerabilities can be an example of the inherent security risk of ________ (n)
out of date software
In the 2.4 GHz ISM band, adjacent channels are ________. In the 5 GHz UNII band, adjacent channels are ____________
overlapping; non-overlaping
What are the types of an Highly-directional antenna?
parabolic dish and grid
Antennas provide ______(n) gain by focusing the radiation patter in a certain d
passive
he Bluetooth discovery method of ______ (n) uses visual inspection to look for a printed label revealing the BD_ADDR.
passive discovery
Stations perform ______________ carrier sense when, just prior to transmitting, they listen for another station transmitting and then wait an additional, random time.
physical
Mobile devices with weak or no passcodes is an example of the inherent security risk of __________ (n)
physical security
This tool conducts an offline brute force attack to recover the WPS PIN value
pixie dust
Mobile and wireless devices use a ________ (n) to access the RF physical layer.
radio adapter
An Access Point operating in repeater mode is also known as a __________.
range extender
Using a Wi-Fi repeater significantly ______________ throughput on the wireless segment of the network
reduces
Email phishing is an example of the inherent security risk of _______ (n)
social engineering
The _________ (n) contains the CPU, GPU, display and video processors, cellular modems and other hardware functionality required for the system.
system-on-a-chip
Bluetooth authentication is implemented through ________ (n) or ______ (n)
traditional pairing or secure simple pairing
Stations perform _____________ carrier sense when they wait for the NAV timer to count down to 0 before moving on to the next phase of the Clear Channel Assessment.
virtual
Unlike a Wireless Bridge, a Wireless Workgroup Bridge (WGB) network accepts associations from ______________ devices.
wireless client
What are the types of semi-directional antennas?
yagi, patch, panel, or sector
