Module 5 chapter 11
The 802.11 is a set of specifications for OSI layer ______.
1 and 2
WEP uses one of two key sizes, _____ or ______, for the RC4 encryption algorithm.
40, 104
Enterprise authentication uses _______ to handle user-level authentication. Group of answer choices
802.1x
What would a signal range for a Bluetooth device commonly be? A. 300 ft. B. 3,000 ft. C. 75 ft. D. 500 ft.
A. 300 ft.
What is the policy that allows people to use their own smartphones on the enterprise network? A. Bring your own device B. Use your own device C. Bring your own smart device D. Use your own smart device
A. Bring your own device
Why is bluesnarfing potentially more dangerous than bluejacking from the standpoint of the victim? A. Bluejacking sends while bluesnarfing receives. B. Bluejacking receives while bluesnarfing sends. C. Bluejacking installs keyloggers. D. Bluesnarfing installs keyloggers
B. Bluejacking receives while bluesnarfing sends. Info: Bluesnarfing is an attack that connects to a Bluetooth device in order to grab data from that device. Bluesnarfing sends data to the attacker. Bluejacking can be used to send information to a Bluetooth device, such as a text message. Neither of these attacks install keyloggers.
What is the four-stage handshake used for? A. Passing keys B. Deriving keys C. Encrypting messages D. Initialization seeding
B. Deriving keys Info: The four-stage handshake is used to authenticate stations against wireless networks. As part of the handshake, encryption keys are generated. Keys are derived on both sides of the transaction rather than being exchanged directly. This is handled during the four-way handshake. Keys are not passed. Messages can't be encrypted until the four-way handshake is complete and the keys are generated. There is no such thing as initialization seeding.
What is the purpose of a deauthentication attack? A. Disabling stations B. Forcing stations to reauthenticate C. Reducing the number of steps in the handshake D. Downgrading encryption
B. Forcing stations to reauthenticate
How many stages are used in the WPA handshake? A. Two B. Four C. Three D. One
B. Four
What mode has to be enabled on a network interface to allow all headers in wireless traffic to be captured? A. Promiscuous B. Monitor C. Radio D. Wireless LAN
B. Monitor
What types of authentication are allowed in a WPA-encrypted network? A. Handshake and personal B. Personal and enterprise C. Enterprise and handshake D. 802.11 and personal
B. Personal and enterprise Info: WPA supports both Personal and Enterprise authentication. Personal authentication makes use of a pre-shared key, while Enterprise authentication uses usernames and passwords to authenticate specific users, providing accounting and access control, meaning we know exactly who has connected to the network.
How does an evil twin attack work? A. Phishing users for credentials B. Spoofing an SSID C. Changing an SSID D. Injecting four-way handshakes
B. Spoofing an SSID
What is the SSID used for? A. Encrypting messages B. Providing a MAC address C. Identifying a network D. Seeding a key
C. Identifying a network
What is the purpose of performing a Bluetooth scan? A. Identifying open ports B. Identifying available profiles C. Identifying endpoints D. Identifying vendors
C. Identifying endpoints
What part of the encryption process was weak in WEP? A. Keying B. Diffie-Hellman C. Initialization vector D. Seeding vector
C. Initialization vector
What wireless attack would you use to take a known piece of information in order to be able to decrypt wireless traffic? A. Sniffing B. Deauthentication C. Key reinstallation D. Evil twin
C. Key reinstallation Info: Sniffing can be used to collect information that may be needed to launch wireless attacks. A deauthentication attack can be used to force a station to generate traffic. An evil twin attack uses a rogue access point to pretend to be a legitimate network. In order to decrypt network traffic, you would need the key. One way to get the key is to reuse information from network traffic that generated a known key. This is a key reinstallation attack.
What method might you use to successfully get malware onto a mobile device? A. Using the Apple Store or Google Play store B. Using external storage on an Android C. Using a third-party app store D. Jailbreaking
C. Using a third-party app store
What tool would allow you to run an evil twin attack? A. Wireshark B. Ettercap C. Wifiphisher D. Aircrack-ng
C. Wifiphisher Info: Wireshark is used to capture packets/frames from a network. Ettercap is used for spoofing attacks. The program aircrack-ng can be used to crack wireless keys. Wifiphisher, though, can be used to set up an evil twin attack.
How does WEP verify the integrity of a message?
Cyclical Redundancy Check (CRC)
What tool could you use to enable sniffing on your wireless network to acquire all headers? A. Ettercap B. Tcpdump C. Aircrack-ng D. Airmon-ng
D. Airmon-ng Info: Tcpdump can be used to capture frames/packets. Ettercap is used for captures and spoofing attacks. Neither can capture all headers, including radio headers in a wireless network. The package aircrack-ng includes the program airmon-ng, which can turn on monitor mode on a network interface. The program aircrack-ng itself cannot do that.
What are the two types of wireless networks? A. Star and ring B. Bus and hybrid C. Infrastructure and hybrid D. Infrastructure and ad hoc
D. Infrastructure and ad hoc
What wouldn't you see when you capture wireless traffic that includes radio headers? A. Capabilities B. Probe requests C. SSIDs D. Network type
D. Network type Info: Radio headers in a wireless network will provide you with the capabilities of the devices, since that's negotiated during the association process. You will also see probe requests asking what networks are in the area, including specific networks that a station knows about. These requests will include the SSID. The responses will also include the SSID. You will not get the network type in the headers
What kind of access point is being used in an evil twin attack? A. Infrastructure B. Ad hoc C. WPA D. Rogue
D. Rogue
A four-way handshake is completed in both WPA and WPA2
False
A wireless device client must first associate to the wireless network before it can attempt to authenticate to the access point.
False
CRC is considered stronger than the MIC.
False
In the United States, there are 13 channels that can be used for Wi-Fi communications in the2.4 GHz band.
False
WPA differed from WEP in that it enabled session keys where WEP did not.
False
WPA-Personal is less secure than WPA-Enterprise and is primarily used because consumer-home devices aren't typically equipped to support the more stringent encryption algorithms.
False
NAC is often implemented around white-listing or authenticating devices using a:
MAC
The implementation of this technology enabled binding channels (data streams) to reach speeds of 600 Mbps.
MIMO
An ephemeral, random value, often used in cryptographic schemes is often referred to as a: Group of answer choices
Nonce
WPA introduced this to fix WEP's problem with an attack against weak initialization vectors.
TKIP
The first version of 802.11 specified transmissions with data rates _________.
between 1 and 2 Mbps
An infrastructure network has a central device that all devices communicate with, but also allows devices to directly communicate with one another without having to go through the central device.
false
WPS is considered a more secure authentication mechanism over:
none of the above
Access points send out beacon frames and clients send out probe requests. Group of answer choices
true
An ad hoc network can be considered a dynamic mesh network. Group of answer choices
true
Bluesnarfing is considered to create more of an impact thank bluejacking.
true
Configuring your wireless interface to "monitor mode" enables:
your device to see other networks and devices connected to those wireless networks without being connected to any wireless network.