In order to acquire credentials of a valid user on a public hotspot network, what attacks may be conducted? Choose the single completely correct answer.
A. MAC denial of service and/or physical theft
B. Social engineering and/or eavesdropping
C. Authentication cracking and/or RF DoS
D. Code injection and/or XSS
E. RF DoS and/or physical theft
ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN. Before creating the WLAN security policy, what should you ensure you possess?
A. Management support for the process.
B. Security policy generation software.
C. End-user training manuals for the policies to be created.
D. Awareness of the exact vendor devices being installed.
Which of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?
A. It does not support a RADIUS server.
B. It is not a valid EAP type.
C. It does not support mutual authentication.
D. It does not support the outer identity.
When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?
A. Server credentials
B. User credentials
C. RADIUS shared secret
D. X.509 certificates
A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication. For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?
A. SNMPv3 support
B. 802.1Q VLAN trunking
C. Internal RADIUS server
D. WIPS support and integration
E. WPA2-Enterprise authentication/encryption
ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources. What security best practices should be followed in this deployment scenario?
A. Remote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.
B. RADIUS services should be provided at branch offices so that authentication server and suppliant credentials are not sent over the Internet.
C. An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.
D. APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.
ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS-CHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hotspot include:
Cannot access corporate network resources Network permissions are limited to Internet access All stations must be authenticated
What security controls would you suggest? (Choose the single best answer.)
A. Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.
B. Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.
C. Implement separate controllers for the corporate and guest WLANs.
D. Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.
E. Force all guest users to use a common VPN protocol to connect.
Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP- compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server. Where must the X.509 server certificate and private key be installed in this network?
A. Controller-based APs
B. WLAN controller
C. RADIUS server
D. Supplicant devices
E. LDAP server
You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured. In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?
A. CTS
B. Beacon
C. RTS
D. Data frames
E. Probe request
What preventative measures are performed by a WIPS against intrusions?
A. Uses SNMP to disable the switch port to which rogue APs connect.
B. Evil twin attack against a rogue AP.
C. EAPoL Reject frame flood against a rogue AP.
D. Deauthentication attack against a classified neighbor AP.
E. ASLEAP attack against a rogue AP.
