Question 1

Given: In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation’s wireless network. Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user’s connections. XYZ’s legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices. With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?

Options :

A : All WLAN clients will reassociate to the consultant’s software AP if the consultant’s software AP provides the same SSID on any channel with a 10 dB SNR improvement over the authorized AP.

B : A higher SSID priority value configured in the Beacon frames of the consultant’s software AP will take priority over the SSID in the authorized AP, causing the clients to reassociate.

C : When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant’s software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software AP.

D : If the consultant’s software AP broadcasts Beacon frames that advertise 802.11g data rates that are faster rates than XYZ’s current 802.11b data rates, all WLAN clients will reassociate to the faster AP.

Answer: C

Question 2

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

Options :

A : Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B : Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C : Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D : A trained employee should install and configure a WIPS for rogue detection and response measures.

E : Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Answer: D

Question 3

What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?

Options :

A : Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.

B : Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.

C : Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.

D : The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.

Answer: B

Question 4

You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4-way handshake. Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)

Options :

A : STA1 and STA2 are using different cipher suites.

B : STA2 has retransmissions of EAP frames.

C : STA1 is a reassociation and STA2 is an initial association.

D : STA1 is a TSN, and STA2 is an RSN.

E : STA1 and STA2 are using different EAP types.

Answer: E

Question 5

What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

Options :

A : H-REAP

B : EAP-GTC

C : EAP-TTLS

D : PEAP

E : LEAP

Answer: D