CWNA

52 Questions

Settings
Please wait...
CWNA

Final


Questions and Answers
  • 1. 
    In WPA-PSK and WPA2-PSK, the Pairwise Transient Key (PTK) is a dynamic key that is per session / per client
    • A. 

      True

    • B. 

      False

  • 2. 
    When using an 802.11 wireless controller solution with an 802.1x framework, which device would be considered the authenticator?
    • A. 

      Access Point

    • B. 

      WLAN Controller

    • C. 

      RADIUS Server

    • D. 

      VLAN

  • 3. 
    If an attacker compromises a Pairwise Transient Key (PTK) in a WPA based network, they will be able to decrypt all of the traffic on that wireless network.
    • A. 

      True

    • B. 

      False

  • 4. 
    Which key is used to encrypt and decrypt unicast traffic between a client station and AP in a WPA / WPA 2 implementation?
    • A. 

      MIC

    • B. 

      GTK

    • C. 

      PTK

    • D. 

      PMK

  • 5. 
    Which wireless security implementation offers this highest level of security available using today’s standards?
    • A. 

      WPA-TKIP

    • B. 

      WPA2-RSA

    • C. 

      WPA2-TKIP

    • D. 

      WPA2-AES

  • 6. 
    What three main components constitute an 802.1X/EAP framework? (Choose Three)
    • A. 

      Supplicant

    • B. 

      Network Access Control

    • C. 

      Authorizer

    • D. 

      Authentication Server

    • E. 

      Authenticator

  • 7. 
    If an attacker compromises the shared key in a WEP based network, they will be able to decrypt all of the traffic on that wireless network.
    • A. 

      True

    • B. 

      False

  • 8. 
    In a WPA-PSK implementation, the pre-shared key is the same key used to encrypt and decrypt unicast traffic.
    • A. 

      True

    • B. 

      False

  • 9. 
    TKIP has been cracked
    • A. 

      True

    • B. 

      False

  • 10. 
    Which key is used to decrypt broadcast and multicast traffic in a WPA / WPA2 implementation?
    • A. 

      MIC

    • B. 

      PTK

    • C. 

      PMK

    • D. 

      GTK

  • 11. 
    Which cipher suites are available in WPA2? (Choose all that apply)
    • A. 

      TKIP-AES

    • B. 

      CCMP-AES

    • C. 

      CCMP-RSA

    • D. 

      TKIP-RC4

  • 12. 
    Which current wireless security standard is 802.11i compliant?
    • A. 

      EIEIO

    • B. 

      WPA

    • C. 

      WEP

    • D. 

      WPA2

  • 13. 
    Which cipher suites are available in WPA? (Choose all that apply)
    • A. 

      CCMP-AES

    • B. 

      TKIP-RC4

    • C. 

      CCMP-RSA

    • D. 

      TKIP-AES

  • 14. 
    Which wireless security implementation would be the most secure option for SOHO WLAN implementation which do not have RADIUS servers available?
    • A. 

      WPA2 + EAP / CCMP

    • B. 

      WPA-PSK / TKIP

    • C. 

      WPA2 + EAP / TKIP

    • D. 

      WPA2-PSK / CCMP

  • 15. 
    Which security solution may be used to segment a LAN or wireless LAN
    • A. 

      CCMP

    • B. 

      TKIP

    • C. 

      VLAN

    • D. 

      WEP

  • 16. 
    You want to place users on different network segments once they authenticate based on the users role. Which technology will help you achieve this?
    • A. 

      WPA

    • B. 

      RBAC

    • C. 

      802.11i

    • D. 

      Wireless Intrusion Prevention Systems

  • 17. 
    Which of the following factors indicate that a RSN is being used? (Choose Two)
    • A. 

      RBAC features have been turned on

    • B. 

      Secure 4-way handshake authentication

    • C. 

      Dynamic Encryption Keys

    • D. 

      WEP is being used as the cipher suite

  • 18. 
    Hiding the SSID provides good security for wireless networks
    • A. 

      True

    • B. 

      False

  • 19. 
    Which IEEE Standard defines the framework for port-based authentication?
    • A. 

      802.1X

    • B. 

      802.11i

    • C. 

      802.1q

    • D. 

      EAP

  • 20. 
    Which encryption algorithm is used by the CCMP cipher suite?
    • A. 

      3DES

    • B. 

      RSA

    • C. 

      AES

    • D. 

      RC4

  • 21. 
    Which encryption algorithm is used by the WEP cipher suite?
    • A. 

      RC4

    • B. 

      RSA

    • C. 

      3DES

    • D. 

      AES

  • 22. 
    Which encryption algorithm is used by the TKIP cipher suite?
    • A. 

      3DES

    • B. 

      RSA

    • C. 

      RC4

    • D. 

      AES

  • 23. 
    Which of the following are weaknesses of WEP?
    • A. 

      Weak IVs (Initialization Vectors)

    • B. 

      Short User Encryption Keys (40-bit and 104-bit)

    • C. 

      Lack of support for dynamic encryption keys

    • D. 

      All of the above

  • 24. 
    AES has been cracked
    • A. 

      True

    • B. 

      False

  • 25. 
    The manager of the factory where you work as a network technician has asked you to implement a secure WLAN. In your research, you determine that your organization should implement AES encryption and 802.1X with EAP authentication and key management protocol. Which Wi-Fi Alliance certification will meet your needs?
    • A. 

      WPA2-Personal

    • B. 

      WPA-Enterprise

    • C. 

      WPA2-Enterprise

    • D. 

      WPA-Personal

  • 26. 
    In WPA + EAP and WPA2 + EAP, the Pairwise Transient Key (PTK) is a dynamic key that is per session / per client
    • A. 

      True

    • B. 

      False

  • 27. 
    Which of the following would be the most secure option for an Enterprise WLAN implementation?
    • A. 

      WPA-PSK / TKIP

    • B. 

      WPA2 + EAP / CCMP

    • C. 

      WPA2-PSK / CCMP

    • D. 

      WPA2 + EAP / TKIP

  • 28. 
    An attacker is flooding your wireless service area with spoofed de-authentication frames. What type of attack is being performed?
    • A. 

      PSK Cracking

    • B. 

      Denial of Service

    • C. 

      Eavesdropping

    • D. 

      Encryption Cracking

  • 29. 
    You are running a wireless network with WPA2-PSK using AES encryption. Your pre-shared key contains words found in the English dictionary and does not follow best practices for complexity. Which attack have you left yourself open to?
    • A. 

      Denial of Service

    • B. 

      Authentication Cracking

    • C. 

      Encryption Cracking

    • D. 

      Eavesdropping

  • 30. 
    Which of the following is considered a DoS attack? (Choose One)
    • A. 

      MAC spoofing

    • B. 

      Man-in-the-middle

    • C. 

      Jamming

    • D. 

      Peer-to-peer

  • 31. 
    What are some problems with rogue access points?
    • A. 

      They may allow unsecured access into your LAN

    • B. 

      They may interfere with RF channel settings on production APs

    • C. 

      Users may unknowingly connect to the rogue AP and expose sensitive data

    • D. 

      All of the above

  • 32. 
    What is the major weakness of MAC filtering?
    • A. 

      MAC addresses are not long enough

    • B. 

      MAC addresses can be easily guessed

    • C. 

      There are no weaknesses to MAC filtering

    • D. 

      MAC addresses can be easily spoofed

  • 33. 
    An attacker starts a software-based AP on his laptop. He then scans for the SSID of the AP at the coffee shop hotspot where he is located. He sets his software-based AP to the same SSID. What type of attack is he likely beginning?
    • A. 

      Hijacking

    • B. 

      Denial of Service

    • C. 

      Encryption Cracking

    • D. 

      Authentication Cracking

  • 34. 
    Which of these attacks will not be detected by a WIDS?
    • A. 

      Protocol Analyzer (Evesdropping)

    • B. 

      De-authentication Spoofing

    • C. 

      Association flood

    • D. 

      Rogue Access Point

    • E. 

      MAC spoofing

  • 35. 
    Which of the following can notify the network administrator of a wide variety of wireless attacks when they are detected but cannot attempt to mitigate the attack?
    • A. 

      Stateful Packet Firewall

    • B. 

      SNMP based network monitoring system

    • C. 

      Wireless IPS

    • D. 

      Wireless IDS

  • 36. 
    An attacker wants to steal data from users on an open and unsecured hotspot at a coffee shop. Which type of attack might the attacker use?
    • A. 

      PSK Cracking

    • B. 

      Denial of Service

    • C. 

      Eavesdropping

    • D. 

      Encryption Cracking

  • 37. 
    While performing a penetration test on a WLAN, you attempt to connect to the IP address of the AP in a web browser. Your connection is denied when connecting through the WLAN. What attack method is being protected against in this scenario?
    • A. 

      Authentication Cracking

    • B. 

      Encryption Cracking

    • C. 

      Denial of Service

    • D. 

      Management Interface Exploits

  • 38. 
    You are the network administrator for a Small Business named Pizza2Go. The single AP your organization uses is configured with WPA-PSK, and the pre-shared key is set to your company name followed by the number 7. Is this a secure implementation and why?
    • A. 

      Yes. It is secure because the pre-shared key is at least five characters long.

    • B. 

      No. Because WPA-PSK is just as insecure as WEP, it should never be used.

    • C. 

      Yes. It is secure because WPA-PSK resolved the problems with WEP.

    • D. 

      No. Because it only includes the company name plus one digit, it could be easily guessed.

  • 39. 
    An attacker completes a DoS attack on your wireless network . Which security concept in the CIA security triad has been compromised?
    • A. 

      Integrity

    • B. 

      IDK

    • C. 

      Confidentiality

    • D. 

      Availability

  • 40. 
    MAC Filtering is sufficient for securing most wireless networks.
    • A. 

      True

    • B. 

      False

  • 41. 
    You have failed to remove the default user id and password from your wireless access point before placing it into production. Which type of attack have you left yourself very vulnerable to?
    • A. 

      Encryption Cracking

    • B. 

      PSK Cracking

    • C. 

      Authentication Cracking

    • D. 

      Management Interface Exploits

  • 42. 
    If you connect to a wireless hotspot and you do not have Windows Firewall or another third-party firewall enabled on your device, you have left yourself open to which type of attack?
    • A. 

      PSK Cracking

    • B. 

      Encryption Cracking

    • C. 

      Peer-to-Peer Attacks

    • D. 

      Authentication Cracking

  • 43. 
    You receive calls from five different users in a 10-minute window of time. Each of them tells you that the WLAN is no longer available. You connect to the IP address of the AP across the wired network and can connect with no problem. This reveals that the AP is still running fine. What kind of attack is likely to be occurring?
    • A. 

      Encryption Cracking

    • B. 

      Denial of Service

    • C. 

      Management Interface Exploit

    • D. 

      Hijacking

  • 44. 
    A hacker convinces an IT staff member that he is an employee of the company and has the IT staff member program the company’s pre-shared key into his laptop so that he may access the corporate wireless network. This is an example of which type of attack?
    • A. 

      PSK Cracking

    • B. 

      Social Engineering

    • C. 

      Authentication Cracking

    • D. 

      Eavesdropping

  • 45. 
    If you fail to keep logs on user activity in your network environment, which AAA concept have you failed to implement?
    • A. 

      Accounting

    • B. 

      Authentication

    • C. 

      Authorization

    • D. 

      Attack Logging

  • 46. 
    Which of the following can notify the network administrator of a wide variety of wireless attacks when they are detected as well as respond to the attack by changing the network environment in an attempt to prevent or mitigate the attack?
    • A. 

      SNMP based network monitoring system

    • B. 

      Wireless IPS

    • C. 

      Wireless IDS

    • D. 

      Stateful Packet Firewall

  • 47. 
    A hacker cracks your WEP key and then eavesdrops on data from your wireless network. Which security concept in the CIA security triad has been compromised?
    • A. 

      Confidentiality

    • B. 

      Integrity

    • C. 

      Availability

    • D. 

      IDK

  • 48. 
    The best way to prevent Social Engineering Attacks is:
    • A. 

      Employee and End User Training

    • B. 

      Strong Encryption

    • C. 

      Strong Passwords

    • D. 

      Wireless Intrusion Prevention Systems

  • 49. 
    WPA2-PSK (Pre-Shared Key) with AES may be vulnerable to authentication cracking
    • A. 

      True

    • B. 

      False

  • 50. 
    WEP should never be used to secure a production wireless network that transmits sensitive data.
    • A. 

      True

    • B. 

      False

  • 51. 
    You are the network administrator for an Enterprise network consisting of 200 coffee shops across the United States. You want to provide Wireless Guest Internet Access to customers at each location. Which Authentication and Encryption method would be typical for providing Wireless Internet Access to coffee shop customers (Wireless Hotspots)?
    • A. 

      Open Authentication / WPA-PSK TKIP Encryption

    • B. 

      Open Authentication / WPA2-EAP AES Encryption

    • C. 

      Open Authentication / WEP-RC4 Encryption

    • D. 

      Open Authentication / No Encryption

  • 52. 
    Two ways to prevent peer to peer attacks on a public hotspot include: (Choose Two)
    • A. 

      Public Secure Packet Forwarding / Peer to Peer Drop

    • B. 

      Walled Garden

    • C. 

      Client Firewalls

    • D. 

      Strong Encryption