What type of WLAN attack is prevented with the use of a per-MPDU TKIP sequence counter (TSC)?
A. Weak-IV
B. Forgery
C. Replay
D. Bit-flipping
E. Session hijacking
Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.
As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)
A. MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.
B. MS-CHAPv2 is subject to offline dictionary attacks.
C. LEAP's use of MS-CHAPv2 is only secure when combined with WEP.
D. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.
E. MS-CHAPv2 uses AES authentication, and is therefore secure.
F. When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.
You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4-way handshake.
Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)
A. STA1 and STA2 are using different cipher suites.
B. STA2 has retransmissions of EAP frames.
C. STA1 is a reassociation and STA2 is an initial association.
D. STA1 is a TSN, and STA2 is an RSN.
E. STA1 and STA2 are using different EAP types.
Given: When the CCMP cipher suite is used for protection of data frames, 16 bytes of overhead are added to the Layer 2 frame. 8 of these bytes comprise the MIC.
What purpose does the encrypted MIC play in protecting the data frame?
A. The MIC is used as a first layer of validation to ensure that the wireless receiver does not incorrectly process corrupted signals.
B. The MIC provides for a cryptographic integrity check against the data payload to ensure that it matches the original transmitted data.
C. The MIC is a hash computation performed by the receiver against the MAC header to detect replay attacks prior to processing the encrypted payload.
D. The MIC is a random value generated during the 4-way handshake and is used for key mixing to enhance the strength of the derived PTK.
Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).
How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?
A. The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.
B. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.
C. The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.
D. The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.
Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity.
What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?
A. Configure WPA2-Enterprise security on the access point
B. Block TCP port 25 and 80 outbound on the Internet router
C. Require client STAs to have updated firewall and antivirus software
D. Allow only trusted patrons to use the WLAN
E. Use a WIPS to monitor all traffic and deauthenticate malicious stations
F. Implement a captive portal with an acceptable use disclaimer
Given: XYZ Hospital plans to improve the security and performance of their Voice over Wi-Fi implementation and will be upgrading to 802.11n phones with 802.1X/EAP authentication. XYZ would like to support fast secure roaming for the phones and will require the ability to troubleshoot reassociations that are delayed or dropped during inter-channel roaming.
What portable solution would be recommended for XYZ to troubleshoot roaming problems?
A. WIPS sensor software installed on a laptop computer
B. Spectrum analyzer software installed on a laptop computer
C. An autonomous AP mounted on a mobile cart and configured to operate in monitor mode
D. Laptop-based protocol analyzer with multiple 802.11n adapters
You work as the security administrator for your organization. In relation to the WLAN, you are viewing a dashboard that shows security threat, policy compliance and rogue threat charts. What type of system is in view?
A. Wireshark Protocol Analyzer
B. Wireless VPN Management Systems
C. Wireless Intrusion Prevention System
D. Distributed RF Spectrum Analyzer
E. WLAN Emulation System
In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from 802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC's facility. ABC has always been highly security conscious, but due to budget limitations, they have not yet updated their overlay WIPS solution to 802.11n or 802.11ac.
Given ABC's deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?
A. Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client
B. Rogue AP operating in Greenfield 40 MHz-only mode
C. 802.11a STA performing a deauthentication attack against 802.11n APs
D. 802.11n client spoofing the MAC address of an authorized 802.11n client
You must locate non-compliant 802.11 devices. Which one of the following tools will you use and why?
A. A spectrum analyzer, because it can show the energy footprint of a device using WPA differently from a device using WPA2.
B. A spectrum analyzer, because it can decode the PHY preamble of a non-compliant device.
C. A protocol analyzer, because it can be used to view the spectrum energy of non-compliant 802.11 devices, which is always different from compliant devices.
D. A protocol analyzer, because it can be used to report on security settings and regulatory or rule compliance
