Chapter 9

Name: ID:

Email:

Chapter 9 - 10

True/False
Indicate whether the statement is true or false.

WEP2 attempted to overcome the limitations of WEP by adding two new security enhancements.

The block cipher used in 802.11i is the Data Encryption Standard (DES).

WPA authentication can be accomplished by using either IEEE 802.1x or pre-shared key (PSK) technology.

Pre-shared key (PSK) authentication uses a passphrase that is automatically generated to generate the encryption key.

A virtual private network (VPN) uses a public, unsecured network as if it were a private, secured network.

Almost all WLAN vendors provide utilities to assist in monitoring the wireless network.

Acquiring data, such as error statistics and packets received, from each access point and each wireless device across the network is normally a quick and easy task.

A wireless network is a static system.

Antenna adjustment may require the existing antennas to be reoriented or placed on a pole or mast for better transmission and reception.

10.

Information security weaknesses can never be entirely eliminated.

Multiple Choice
Identify the choice that best completes the statement or answers the question.

11.

What authentication system did the proposed WEP2 standard use?

a.	Kerberos	c.	dynamic WEP
b.	AES-CCMP	d.	key caching

12.

In dynamic WEP, the ____ key is changed every time the user roams to a new AP or logs out and logs back in.

a.	broadcast	c.	passphrase
b.	unicast	d.	ticket

13.

The 802.11i standard addresses both ____.

a.	encryption and confidentiality	c.	authentication and direction
b.	integrity and confidentiality	d.	encryption and authentication

14.

Within Step 2 of Advanced Encryption Standard (AES), multiple iterations (called rounds) are performed depending upon the key size: 128-bit key performs 9 rounds, a 192-bit key performs 11 rounds, and a 256-bit key uses ____ rounds.

a.	13	c.	17
b.	15	d.	19

15.

Within the IEEE 802.1x standard, ____ ensures that a device (wired or wireless) that requests access to the network is prevented from receiving any traffic until its identity can be verified.

a.	an access control list	c.	port scanning
b.	port security	d.	port blocking

16.

What feature of IEEE 802.11i allows a device to become authenticated to an AP before moving to it?

a.	key caching	c.	pre-authentication
b.	port security	d.	message passing

17.

How long is the per-packet key used in TKIP?

a.	40-bits	c.	128-bits
b.	64-bits	d.	256-bits

18.

____ replaces CRC in WPA.

a.	MIC	c.	CMR
b.	MRC	d.	CMC

19.

____ was designed to address WEP vulnerabilities with a minimum of inconvenience.

a.	IEEE 802.11i	c.	dynamic WEP
b.	TGi	d.	WPA

20.

What security technology was most recently introduced?

a.	WPA	c.	WEP2
b.	WPA2	d.	Dynamic WEP

21.

The ____ wireless security standard provides a low level of security.

a.	Dynamic WEP	c.	WEP2
b.	WEP	d.	All of the above

22.

What is the first step in implementing an interim security model?

a.	shared key authentication	c.	turning off SSID beaconing
b.	port security	d.	MAC address filtering

23.

When implementing an interim security model, most vendors have the option of a 128-bit WEP key, which can be created by entering 16 ____ characters. This provides the most secure option.

a.	ASCII	c.	hexadecimal
b.	ciphered	d.	plaintext

24.

The personal security model is intended for settings in which a(n) ____ is unavailable.

a.	wired network	c.	AP
b.	authentication server	d.	intermediate security model

25.

The ____ method of encryption is used in a personal security model.

a.	PSK	c.	TKIP
b.	WEP	d.	MAC

26.

What is the name of the 128-bit key used in TKIP?

a.	temporal key	c.	XOR
b.	MIC	d.	PRNG

27.

____ is considered to be the “heart and soul” of WPA security.

a.	PSK	c.	MIC
b.	IV	d.	TKIP

28.

Encryption under the WPA2 personal security model is accomplished by using the block cipher ____.

a.	TKIP	c.	PSK
b.	AES	d.	CBC

29.

____ authentication is used in the enterprise security model using WPA and WPA2.

a.	AES	c.	IEEE 802.1x
b.	TKIP	d.	All of the above

30.

A ____ VPN is a user-to-LAN connection used by remote users.

a.	remote-access	c.	peer-to-peer
b.	site-to-site	d.	remote-to-LAN

31.

At the heart of a WIDS are ____; these devices, which can be either separate hardware devices or a standard access point operating in a special “scan” mode, monitor the airwaves to detect signals from rogue access points.

a.	captive portals	c.	firewalls
b.	VPNs	d.	wireless sensors

32.

In the Windows operating system, what window provides basic tools for monitoring a WLAN?

a.	Wireless Adapter Information	c.	Access Point Utilities
b.	Wireless Network Connection Status	d.	Network Monitor

33.

It is important for wireless system administrators to maintain a(n) ____ log that contains a record of all problems, solutions, and configuration changes.

a.	manual	c.	network
b.	event	d.	AP

34.

What tool(s) are used most often as “standard” network monitoring tools?

a.	AP Monitor and Simple Network Management Protocol
b.	WLAN Logger and Remote Monitoring
c.	Simple Network Management Protocol and Remote Monitoring
d.	All of the above

35.

The current version of SNMP (____) addresses security and remote configuration.

a.	v1	c.	v3
b.	v2	d.	v4

36.

____ is a nonvolatile storage chip used in computers and other devices.

a.	Firmware	c.	RMON
b.	SNMP	d.	EEPROM

37.

When updating firmware in an enterprise-level access point, the Receiving AP must be able to hear the IP ____ issued by the Distribution AP.

a.	multicast	c.	broadcast
b.	unicast	d.	netcast

38.

What is the last step in RF site tuning?

a.	adjust channel settings	c.	modify throughput
b.	documenting changes	d.	validate coverage area

39.

What is another name for propagation loss?

a.	transmission loss	c.	free space loss
b.	effective loss	d.	signal loss

40.

What information is required for a link budget?

a.	power of the transmitter	c.	frequency of the link
b.	path length	d.	All of the above

41.

For a proper WLAN performance, the link budget must be ____ dB.

a.	greater than zero	c.	greater than ten
b.	greater than five	d.	less than ten

42.

Which type of RF loss is caused by the equipment itself, not external objects?

a.	Refraction	c.	Voltage Standing Wave Ratio
b.	Scattering	d.	Absorption

43.

A ____ antenna is most typically used on a WLAN.

a.	panel	c.	sectorized
b.	rod	d.	beam steering

44.

Most vendors illustrate their radiation patterns by splitting the three-dimensional donut into two perpendicular planes called ____ and elevation.

a.	donut	c.	plain
b.	horizontal	d.	azimuth

45.

A(n) ____ amplifier boosts the RF signal before it is injected into the device that contains the antenna.

a.	bidirectional	c.	unidirectional
b.	pre-injection	d.	internal

46.

____ attenuators are the only type permitted by the FCC for WLAN systems.

a.	Variable-loss	c.	Bidirectional
b.	Fixed-loss	d.	Unidirectional

47.

A ____ limits the amplitude and disturbing interference voltages by channeling them to the ground.

a.	RF attenuator	c.	lightning arrestor
b.	splitter	d.	phase modulator

48.

The first step in creating a security policy is ____.

a.	risk assessment	c.	impact analysis
b.	security auditing	d.	documentation

49.

When conducting a security audit, ____ should determine vulnerabilities.

a.	a highly-paid consultant
b.	a wireless system administrator employed by the company
c.	a junior administrator
d.	a team with diverse backgrounds

50.

Vulnerabilities that are ranked as ____ are events that would cause the organization to cease functioning or be seriously crippled in its capacity to perform.

a.	major	c.	significant
b.	catastrophic	d.	small impact

51.

____ security protects the equipment and infrastructure itself, and has one primary goal: to prevent unauthorized users from reaching the equipment in order to use, steal, or vandalize it.

a.	Physical	c.	Hardware
b.	Practical	d.	Social

52.

What technique(s) is/are most effective for defeating social engineering attacks?

a.	physical and software security
b.	documentation
c.	education and policies
d.	undercover work by network administrators

Completion
Complete each statement.

53.

____________________ was developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of network users.

54.

In WPA, ________________________________________ encryption replaces WEP’s small 40-bit encryption key that must be manually entered on wireless APs and devices and does not change.

55.

The ____________________ security model is designed for single users or small office home office (SOHO) settings of generally 10 or fewer wireless devices.

56.

The ____________________ security model is designed for medium to large-size organizations such as businesses, government agencies, and universities.

57.

Most consumer access points are in reality wireless ____________________, because they combine the functions of an access point, router, network address translator, firewall, and switch.

58.

In order to use SNMP, a software ____________________ is loaded onto each network device that will be managed using SNMP.

59.

____________________ is software that is embedded into hardware to control the device.

60.

A(n) ____________________ antenna is typically used in outdoor areas. They are designed to be used in installations where aesthetics and high performance are key factors.

61.

The first step in the security policy cycle is to perform a(n) ____________________, which attempts to determine the nature of the risks to the organization’s assets.

62.

____________________ engineering relies on tricking or deceiving someone to give a hacker access to a system.