Question 1

What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?

Options :

A :

The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.

B : The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.

C : The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.

D :

The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.

Answer: B

Question 2

Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN. In this remote scenario, what single wireless security practice will provide the greatest security for Fred?

Options :

A : Use an IPSec VPN for connectivity to the office network

B : Use only HTTPS when agreeing to acceptable use terms on public networks

C : Use enterprise WIPS on the corporate office network

D : Use WIPS sensor software on the laptop to monitor for risks and attacks

E : Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots

F : Use secure protocols, such as FTP, for remote file transfers.

Answer: A

Question 3

What wireless security protocol provides mutual authentication without using an X.509 certificate?

Options :

A : EAP-FAST

B : EAP-MD5

C : EAP-TLS

D : PEAPv0/EAP-MSCHAPv2

E : EAP-TTLS

F : PEAPv1/EAP-GTC

Answer: A

Question 4

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods. When writing the 802.11 security policy, what password-related items should be addressed?

Options :

A :

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B : Password complexity should be maximized so that weak WEP IV attacks are prevented.

C :

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D : Certificates should always be recommended instead of passwords for 802.11 client authentication.

E : EAP-TLS must be implemented in such scenarios.

Answer: C

Question 5

Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection. What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

Options :

A : Multi-factor authentication

B : 4-Way Handshake

C : PLCP Cyclic Redundancy Check (CRC)

D : Encrypted Passphrase Protocol (EPP)

E : Integrity Check Value (ICV)

F : Group Temporal Keys

Answer: B,F