Hacking Wireless Networks

Which of the following is considered as the method of transmitting radio signals by rapidly switching a carrier among many frequency channels? Orthogonal Frequency-division Multiplexing (OFDM) Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM) Direct-sequence Spread Spectrum (DSSS) Frequency-hopping Spread Spectrum (FHSS)

Frequency-hopping Spread Spectrum (FHSS)

WPA2 uses AES for wireless data encryption at which of the following encryption levels? 64 bit and CCMP 128 bit and CRC 128 bit and CCMP 128 bit and TKIP

128 bit and CCMP

Which of the following is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards? 802.11n 802.11i 802.11d 802.11e

802.11i

Which of the following cryptographic algorithms is used by CCMP? AES DES RC4 TKIP

AES

Which of the following is used to connect wireless devices to a wireless/wired network? Bandwidth Hotspot Access point (AP) Association

Access point (AP)

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack? Paros Proxy BBProxy BBCrack Blooover

BBProxy

Which of the following describes the amount of information that may be broadcasted over a connection? Bandwidth Hotspot BSSID Association

Bandwidth

An attacker collects the make and model of target Bluetooth-enabled devices analyzes them in an attempt to find out whether the devices are in the range of vulnerability to exploit. Identify which type of attack is performed on Bluetooth devices. BlueSniff Bluebugging BluePrinting MAC Spoofing Attack

BluePrinting

Thomas is a cyber thief trying to hack Bluetooth-enabled devices at public places. He decided to hack Bluetooth-enabled devices by using a DoS attack. He started sending an oversized ping packet to a victim's device, causing a buffer overflow and finally succeeded. What type of Bluetooth device attack is Thomas most likely performing? Bluesmacking Bluejacking Blue Snarfing Bluebugging

Bluesmacking

In which of the following attacks does the attacker exploit the vulnerability in the Object Exchange (OBEX) protocol that Bluetooth uses to exchange information? BlueSniff Bluesnarfing Bluejacking Bluebugging

Bluesnarfing

Mark is working as a penetration tester in InfoSEC, Inc. One day, he notices that the traffic on the internal wireless router suddenly increases by more than 50%. He knows that the company is using a wireless 802.11 a/b/g/n/ac network. He decided to capture live packets and browse the traffic to investigate the issue to find out the actual cause. Which of the following tools should Mark use to monitor the wireless network? CommView for WiFi WiFiFoFum BlueScanner WiFish Finder

CommView for WiFi

In which of the following layers of wireless security does per frame/packet authentication provide protection against MITM attacks? Device Security Data Protection Connection Security Wireless Signal Security

Connection Security

Which of the following availability attacks involve exploiting the CSMA/CA Clear Channel Assessment (CCA) mechanism to make a channel appear busy? Beacon Flood Routing Attack Authenticate Flood Denial-of-Service

Denial-of-Service

In which of the following is the original data signal multiplied with a pseudo random noise spreading code? Orthogonal Frequency-division Multiplexing (OFDM) Multiple input, multiple output orthogonal frequency-division multiplexing (MIMO-OFDM) Direct-sequence Spread Spectrum (DSSS) Frequency-hopping Spread Spectrum (FHSS)

Direct-sequence Spread Spectrum (DSSS)

There is a WEP encrypted wireless AP with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. Which of the following steps need to be performed by the attacker for generating fake authentication? Set the wireless interface to monitor mode Ensure association of source MAC address with the AP Capture the IVs Use cracking tools

Ensure association of source MAC address with the AP

Which of the following bluetooth mode filters out non-matched IACs and reveals itself only to those that matched? Discoverable Limited discoverable Non-discoverable Pairable mode

Limited discoverable

Which of the following Wi-Fi discovery tools facilitates detection of Wireless LANs using the 802.11a/b/g WLAN standards and is commonly used for wardriving, verifying network configurations, finding locations with poor coverage and detecting rouge APs? NetStumbler WeFi AirCrack-NG WifiScanner

NetStumbler

Which of the following protocols is used by BlueJacking to send anonymous messages to other Bluetooth-equipped devices? LMB OBEX L2CAP SDP

OBEX

Which type of antenna is used in wireless communication? Omnidirectional Parabolic Uni-directional Bi-directional

Omnidirectional

Which of the following Encryption techniques is used in WEP? RC4 TKIP AES DES

RC4

Which of the following techniques is used to detect rogue APs? RF Scanning Passphrases AES/CCMP encryption Non-discoverable mode

RF Scanning

Which of the following is considered as a token to identify a 802.11 (Wi-Fi) network (by default it is the part of the frame header sent over a wireless local area network (WLAN))? SSID Hotspot Access Point Association

SSID

Which of the following is to be used to keep certain default wireless messages from broadcasting the ID to everyone? SSID Cloaking Bluejacking Bluesmacking MAC Spoofing

SSID Cloaking

Andrew, a professional penetration tester, was hired by ABC Security, Inc., a small IT-based firm in the United States to conduct a test of the company's wireless network. During the information-gathering process, Andrew discovers that the company is using the 802.11 g wireless standard. Using the NetSurveyor Wi-Fi network discovery tool, Andrew starts gathering information about wireless APs. After trying several times, he is not able to detect a single AP. What do you think is the reason behind this? SSID broadcast feature must be disabled, so APs cannot be detected. NetSurveyor does not work against 802.11g. Andrew must be doing something wrong, as there is no reason for him to not detect access points. MAC address filtering feature must be disabled on APs or router.

SSID broadcast feature must be disabled, so APs cannot be detected.

In which type of bluetooth threat does an attacker trick Bluetooth users to lower security or disable authentication for Bluetooth connections in order to pair with them and steal information? Bugging Devices Remote Control Social Engineering Malicious Code

Social Engineering

Which of the following Encryption technique is used in WPA? RSA TKIP AES DES

TKIP

During a wireless penetration test, a tester detects an AP using the WPA2 encryption. Which of the following attacks should be used to obtain the key? The tester must capture the WPA2 authentication handshake and then crack it. The tester must use the tool inSSIDer to crack it using the ESSID of the network. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

The tester must capture the WPA2 authentication handshake and then crack it.

True or False. In LAN-to-LAN Wireless Network, the APs provide wireless connectivity to local computers, and computers on different networks that can be interconnected? True False

True

Which of the following countermeasures helps in defending against Bluetooth hacking? Check the wireless devices for configuration or setup problems regularly. Use non-regular patterns as PIN keys while pairing a device. Use those key combinations that are non-sequential on the keypad. Place a firewall or packet filter between the AP and the corporate intranet. Implement an additional technique for encrypting traffic, such as IPSEC over wireless.

Use non-regular patterns as PIN keys while pairing a device. Use those key combinations that are non-sequential on the keypad.

Which of the following consists of 40/104 bit Encryption Key Length? WPA WEP RSA WPA2

WEP

Which of the following does not provide cryptographic integrity protection? WEP WPA WPA2 TKIP

WEP

Which of the following device is used to analyze and monitor the RF spectrum? WIDS Router Firewall Switch

WIDS

Steven, a wireless network administrator, has just finished setting up his company's wireless network. He has enabled various security features such as changing the default SSID and enabling strong encryption on the company's wireless router. Steven decides to test the wireless network for confidentiality attacks to check whether an attacker can intercept information sent over wireless associations, whether sent in clear text or encrypted by Wi-Fi protocols. As a part of testing, he tries to capture and decode unprotected application traffic to obtain potentially sensitive information using hardware or software tools such as Ettercap, Kismet, Wireshark, etc. What type of wireless confidentiality attack is Steven trying to do? Eavesdropping Evil twin AP Masquerading WEP Key Cracking

Eavesdropping

John is a pen tester working with an information security consultant based in Paris. As part of a penetration testing assignment, he was asked to perform wireless penetration testing for a large MNC. John knows that the company provides free Wi-Fi access to its employees on the company premises. He sets up a rogue wireless access point with the same SSID as that of the company's Wi-Fi network just outside the company premises. He sets up this rogue access point using the tools that he has and hopes that the employees might connect to it. What type of wireless confidentiality attack is John trying to do? Evil Twin AP KRACK Attack War Driving WEP Cracking

Evil Twin AP

Posing as an authorized AP by beaconing the WLAN's SSID to lure users is known as __________. Evil Twin AP Masquerading Man-in-the-Middle Attack Honeypot Access Point

Evil Twin AP

Which of the following countermeasure helps in defending against KRACK attack? Enable MAC address filtering on access points or routers Turn On auto-updates for all the wireless devices and patch the device firmware Choose Wired Equivalent Privacy (WEP) instead of Wi-Fi Protected Access (WPA) Enable SSID broadcasts

Turn On auto-updates for all the wireless devices and patch the device firmware

This application is a Wi-Fi security tool for mobile devices, It works on both Root and Non-root devices, and it can prevent ARP spoofing attacks such as MITM attacks, which are used by some applications such as WifiKill, dSploit, and sniffers. WiFiGuard Airbase-ng Wifi Inspector inSSIDer

WiFiGuard

Which of the following networks is used for very long-distance communication? ZigBee Bluetooth WiMax Wi-Fi

WiMax

Which of the following techniques is used by network management software to detect rogue APs? RF scanning Wired side inputs AP scanning Virtual-private-network

Wired side inputs

Fill in the blank. _________ is the art of collecting information about Bluetooth enabled devices such as manufacturer, device model and firmware version. BluePrinting Bluejacking Bluebugging BlueSniff

BluePrinting

Which of the following Bluetooth attack allows attacker to gain remote access to a target Bluetooth-enabled device without the victim being aware of it? Bluebugging Bluesmacking BluePrinting Bluejacking

Bluebugging

Which of the following terms is used to describe an attack in which an attacker gains remote access to a target Bluetooth-enabled device without the victim being aware of it? Bluesmacking Bluejacking Bluesnarfing Bluebugging

Bluebugging

Which of the following countermeasures helps in defending against WPA/WPA2 cracking? Avoid using public Wi-Fi networks Make sure to enable two factor authentication Change the default SSID after WLAN configuration Select a random passphrase that is not made up of dictionary words

Select a random passphrase that is not made up of dictionary words

In which of the following processes do the station and access point use the same WEP key to provide authentication, which means that this key should be enabled and configured manually on both the access point and the client? Open-system authentication process Shared key authentication process WPA encryption WEP encryption

Shared key authentication process

Donald works as a network administrator with ABCSecurity, Inc., a small IT based firm in San Francisco. He was asked to set up a wireless network in the company premises which provides strong encryption to protect the wireless network against attacks. After doing some research, Donald decided to use a wireless security protocol which has the following features: Provides stronger data protection and network access control Uses AES encryption algorithm for strong wireless encryption] Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) Which of the following wireless security protocol did Donald decide to use? WPA2 WEP WAP TKIP

WPA2

Which of the following includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)? TKIP WPA2 WPA WEP

WPA2

In which of the following technique, an attacker draws symbols in public places to advertise open Wi-Fi networks? WarFlying WarWalking WarChalking WarDriving

WarChalking

Which of the following protocol encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel? RADIUS PEAP LEAP CCMP

PEAP

Which of the following types of antennas is useful for transmitting weak radio signals over very long distances - on the order of 10 miles? Omnidirectional Parabolic grid Uni-directional Bi-directional

Parabolic grid

Kenneth, a professional penetration tester, was hired by the XYZ Company to conduct wireless network penetration testing. Kenneth proceeds with the standard steps of wireless penetration testing. He tries to collect lots of initialization vectors (IVs) using the injection method to crack the WEP key. He uses the aircrack-ng tool to capture the IVs from a specific AP. Which of the following aircrack-ng commands will help Kenneth to do this? airodump-ng -c 9 -- bssid 00:14:6C:7E:40:80 -w output ath0 aireplay-ng -9 -e teddy -a 00:14:6C:7E:40:80 ath0 airmon-ng start wifi0 9 aireplay-ng -1 0 -e teddy -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 ath0

airodump-ng -c 9 -- bssid 00:14:6C:7E:40:80 -w output ath0