True/False
Indicate whether the sentence or statement is true
or false.
|
|
|
1.
|
WEP2
attempted to overcome the limitations of WEP by adding two new security enhancements.
|
|
|
2.
|
The
block cipher used in 802.11i is the Data Encryption Standard (DES).
|
|
|
3.
|
WPA
authentication can be accomplished by using either IEEE 802.1x or pre-shared key (PSK)
technology.
|
|
|
4.
|
Pre-shared key (PSK) authentication uses a passphrase that is automatically generated
to generate the encryption key.
|
|
|
5.
|
A
virtual private network (VPN) uses a public, unsecured network as if it were a private, secured
network.
|
Multiple Choice
Identify the
letter of the choice that best completes the statement or answers the question.
|
|
|
6.
|
What
authentication system did the proposed WEP2 standard use? a. | Kerberos | c. | dynamic
WEP | b. | AES-CCMP | d. | key
caching | | | | |
|
|
|
7.
|
In
dynamic WEP, the ____ key is changed every time the user roams to a new AP or logs out and logs back
in. a. | broadcast | c. | passphrase | b. | unicast | d. | ticket | | | | |
|
|
|
8.
|
The
802.11i standard addresses both ____. a. | encryption and confidentiality | c. | authentication and direction | b. | integrity and
confidentiality | d. | encryption and
authentication | | | | |
|
|
|
9.
|
Within Step 2 of Advanced Encryption Standard (AES), multiple iterations (called
rounds) are performed depending upon the key size: 128-bit key performs 9 rounds, a 192-bit key
performs 11 rounds, and a 256-bit key uses ____ rounds.
|
|
|
10.
|
Within the IEEE 802.1x standard, ____ ensures that a device (wired or wireless) that
requests access to the network is prevented from receiving any traffic until its identity can
be verified. a. | an access
control list | c. | port
scanning | b. | port security | d. | port blocking | | | | |
|
|
|
11.
|
What
feature of IEEE 802.11i allows a device to become authenticated to an AP before moving to
it? a. | key
caching | c. | pre-authentication | b. | port security | d. | message passing | | | | |
|
|
|
12.
|
How
long is the per-packet key used in TKIP? a. | 40-bits | c. | 128-bits | b. | 64-bits | d. | 256-bits | | | | |
|
|
|
13.
|
____
replaces CRC in WPA.
|
|
|
14.
|
____
was designed to address WEP vulnerabilities with a minimum of inconvenience. a. | IEEE
802.11i | c. | dynamic
WEP | b. | TGi | d. | WPA | | | | |
|
|
|
15.
|
What
security technology was most recently introduced? a. | WPA | c. | WEP2 | b. | WPA2 | d. | Dynamic WEP | | | | |
|
|
|
16.
|
The
____ wireless security standard provides a low level of security. a. | Dynamic
WEP | c. | WEP2 | b. | WEP | d. | All of the above | | | | |
|
|
|
17.
|
What
is the first step in implementing an interim security model? a. | shared key
authentication | c. | turning off SSID
beaconing | b. | port security | d. | MAC address filtering | | | | |
|
|
|
18.
|
When
implementing an interim security model, most vendors have the option of a 128-bit WEP key, which can
be created by entering 16 ____ characters. This provides the most secure
option. a. | ASCII | c. | hexadecimal | b. | ciphered | d. | plaintext | | | | |
|
|
|
19.
|
The
personal security model is intended for settings in which a(n) ____ is unavailable. a. | wired
network | c. | AP | b. | authentication server | d. | intermediate security model | | | | |
|
|
|
20.
|
The
____ method of encryption is used in a personal security model.
|
|
|
21.
|
What
is the name of the 128-bit key used in TKIP? a. | temporal key | c. | XOR | b. | MIC | d. | PRNG | | | | |
|
|
|
22.
|
____
is considered to be the “heart and soul” of WPA security.
|
|
|
23.
|
Encryption under the WPA2 personal security model is accomplished by using the block
cipher ____.
|
|
|
24.
|
____
authentication is used in the enterprise security model using WPA and WPA2. a. | AES | c. | IEEE
802.1x | b. | TKIP | d. | All of the above | | | | |
|
|
|
25.
|
A
____ VPN is a user-to-LAN connection used by remote users. a. | remote-access | c. | peer-to-peer | b. | site-to-site | d. | remote-to-LAN | | | | |
|
|
|
26.
|
At
the heart of a WIDS are ____; these devices, which can be either separate hardware devices or a
standard access point operating in a special “scan” mode, monitor the airwaves to detect
signals from rogue access points. a. | captive portals | c. | firewalls | b. | VPNs | d. | wireless
sensors | | | | |
|
Completion
Complete each sentence or
statement.
|
|
|
27.
|
____________________ was developed by the Massachusetts Institute of Technology (MIT)
and used to verify the identity of network users.
|
|
|
28.
|
In
WPA, ________________________________________ encryption replaces WEP’s small 40-bit encryption
key that must be manually entered on wireless APs and devices and does not change.
|
|
|
29.
|
The
____________________ security model is designed for single users or small office home office (SOHO)
settings of generally 10 or fewer wireless devices.
|
|
|
30.
|
The
____________________ security model is designed for medium to large-size organizations such as
businesses, government agencies, and universities.
|
|
|
31.
|
Most
consumer access points are in reality wireless ____________________, because they combine the
functions of an access point, router, network address translator, firewall, and switch.
|
Matching
|
|
|
Match each term with the correct statement below. a. | pre-shared key
authentication | f. | supplicant | b. | dynamic WEP | g. | key caching | c. | AES-CCMP | h. | broadcast | d. | Advanced Encryption Standard | i. | Message Integrity Check | e. | 802.11i | | | | |
|
|
|
32.
|
stores information from a device on the network so if a user roams away from an AP and
later returns, she does not need to re-enter all of the credentials
|
|
|
33.
|
robust security network
|
|
|
34.
|
designed to prevent an attacker from capturing, altering, and resending data
packets
|
|
|
35.
|
solves the weak IV problem by rotating the keys frequently
|
|
|
36.
|
encryption protocol in the 802.11i standard
|
|
|
37.
|
uses
a passphrase that is manually entered to generate the encryption key
|
|
|
38.
|
traffic sent to all users on the network
|
|
|
39.
|
performs three steps on every block (128 bits) of plaintext
|
|
|
40.
|
wireless device that requires secure network access
|
Short Answer
|
|
|
41.
|
Describe Kerberos.
|
|
|
42.
|
Describe the 802.1x authentication procedure.
|
|
|
43.
|
Describe the Temporal Key Integrity Protocol used by Wi-Fi Protected Access
(WPA).
|
|
|
44.
|
What
should a business do if the best possible security model cannot be implemented?
|
|
|
45.
|
Describe pre-shared key authentication.
|
|
|
46.
|
Temporal Key Integrity Protocol (TKIP) has three major components to address
vulnerabilities. List and describe them.
|
|
|
47.
|
A
network supporting the 802.1x standard consists of three elements. Identify and describe each
one.
|
|
|
48.
|
Describe Advanced Encryption Standard (AES).
|
|
|
49.
|
What
is a wireless gateway?
|
|
|
50.
|
What
are the ways in which captive portals are used?
|