During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text. From a security perspective, why is this significant?
A. The username can be looked up in a dictionary file that lists common username/password combinations.
B. The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.
C. 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.
D. The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.
ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations. As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication?
A. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.
B. When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.
C. MS-CHAPv2 uses AES authentication, and is therefore secure.
D. MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.
E. LEAP's use of MS-CHAPv2 is only secure when combined with WEP.
ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication. How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2Enterprise WLAN security solution?
A. Implement a RADIUS server and query user authentication requests through the LDAP server.
B. Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.
C. Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.
D. Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.
The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?
A. PeerKey (PK)
B. Group Master Key (GMK)
C. Key Confirmation Key (KCK)
D. Pairwise Master Key (PMK)
E. Phase Shift Key (PSK)
F. Group Temporal Key (GTK)
You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used?
A. Generating PMKs that can be imported into 802.11 RSN-compatible devices.
B. Generating passwords for WLAN infrastructure equipment logins.
C. Generating dynamic session keys used for IPSec VPNs.
D. Generating GTKs for broadcast traffic encryption.
While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does not use significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth. What kind of signal is described?
A. A high-power ultra wideband (UWB) Bluetooth transmission.
B. A 2.4 GHz WLAN transmission using transmit beam forming.
C. A high-power, narrowband signal.
D. A deauthentication flood from a WIPS blocking an AP.
E. An HT-OFDM access point.
F. A frequency hopping wireless device in discovery mode.
The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources. What single WLAN security feature should be implemented to comply with these requirements?
A. RADIUS policy accounting
B. Group authentication
C. Role-based access control
D. Captive portal
E. Mutual authentication
You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured. In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?
A. CTS
B. Beacon
C. RTS
D. Data frames
E. Probe request
What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?
A. Group Cipher Suite
B. Pairwise Cipher Suite List
C. AKM Suite List
D. RSN Capabilities
A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):
1.
802.11 Probe Req and 802.11 Probe Rsp
2.
802.11 Auth and then another 802.11 Auth
3.
802.11 Assoc Req and 802.11 Assoc Rsp
4.
EAPOL-KEY
5.
EAPOL-KEY
6.
EAPOL-KEY
7.
EAPOL-KEY
What security mechanism is being used on the WLAN?
A. WPA2-Personal
B. 802.1X/LEAP
C. EAP-TLS
D. WPA-Enterprise
E. WEP-128