CWNA
Final
- 1.
In WPA-PSK and WPA2-PSK, the Pairwise Transient Key (PTK) is a dynamic key that is per session / per client
- A.
True
- B.
False
Correct Answer
A. True -
- 2.
When using an 802.11 wireless controller solution with an 802.1x framework, which device would be considered the authenticator?
- A.
Access Point
- B.
WLAN Controller
- C.
RADIUS Server
- D.
VLAN
Correct Answer
B. WLAN Controller -
- 3.
If an attacker compromises a Pairwise Transient Key (PTK) in a WPA based network, they will be able to decrypt all of the traffic on that wireless network.
- A.
True
- B.
False
Correct Answer
B. False -
- 4.
Which key is used to encrypt and decrypt unicast traffic between a client station and AP in a WPA / WPA 2 implementation?
- A.
MIC
- B.
GTK
- C.
PTK
- D.
PMK
Correct Answer
C. PTK -
- 5.
Which wireless security implementation offers this highest level of security available using today’s standards?
- A.
WPA-TKIP
- B.
WPA2-RSA
- C.
WPA2-TKIP
- D.
WPA2-AES
Correct Answer
D. WPA2-AES -
- 6.
What three main components constitute an 802.1X/EAP framework? (Choose Three)
- A.
Supplicant
- B.
Network Access Control
- C.
Authorizer
- D.
Authentication Server
- E.
Authenticator
Correct Answer(s)
A. Supplicant
D. Authentication Server
E. Authenticator -
- 7.
If an attacker compromises the shared key in a WEP based network, they will be able to decrypt all of the traffic on that wireless network.
- A.
True
- B.
False
Correct Answer
A. True -
- 8.
In a WPA-PSK implementation, the pre-shared key is the same key used to encrypt and decrypt unicast traffic.
- A.
True
- B.
False
Correct Answer
B. False -
- 9.
TKIP has been cracked
- A.
True
- B.
False
Correct Answer
A. True -
- 10.
Which key is used to decrypt broadcast and multicast traffic in a WPA / WPA2 implementation?
- A.
MIC
- B.
PTK
- C.
PMK
- D.
GTK
Correct Answer
D. GTK -
- 11.
Which cipher suites are available in WPA2? (Choose all that apply)
- A.
TKIP-AES
- B.
CCMP-AES
- C.
CCMP-RSA
- D.
TKIP-RC4
Correct Answer(s)
B. CCMP-AES
D. TKIP-RC4 -
- 12.
Which current wireless security standard is 802.11i compliant?
- A.
EIEIO
- B.
WPA
- C.
WEP
- D.
WPA2
Correct Answer
D. WPA2 -
- 13.
Which cipher suites are available in WPA? (Choose all that apply)
- A.
CCMP-AES
- B.
TKIP-RC4
- C.
CCMP-RSA
- D.
TKIP-AES
Correct Answer
B. TKIP-RC4 -
- 14.
Which wireless security implementation would be the most secure option for SOHO WLAN implementation which do not have RADIUS servers available?
- A.
WPA2 + EAP / CCMP
- B.
WPA-PSK / TKIP
- C.
WPA2 + EAP / TKIP
- D.
WPA2-PSK / CCMP
Correct Answer
D. WPA2-PSK / CCMP -
- 15.
Which security solution may be used to segment a LAN or wireless LAN
- A.
CCMP
- B.
TKIP
- C.
VLAN
- D.
WEP
Correct Answer
C. VLAN -
- 16.
You want to place users on different network segments once they authenticate based on the users role. Which technology will help you achieve this?
- A.
WPA
- B.
RBAC
- C.
802.11i
- D.
Wireless Intrusion Prevention Systems
Correct Answer
B. RBAC -
- 17.
Which of the following factors indicate that a RSN is being used? (Choose Two)
- A.
RBAC features have been turned on
- B.
Secure 4-way handshake authentication
- C.
Dynamic Encryption Keys
- D.
WEP is being used as the cipher suite
Correct Answer(s)
B. Secure 4-way handshake authentication
C. Dynamic Encryption Keys -
- 18.
Hiding the SSID provides good security for wireless networks
- A.
True
- B.
False
Correct Answer
B. False -
- 19.
Which IEEE Standard defines the framework for port-based authentication?
- A.
802.1X
- B.
802.11i
- C.
802.1q
- D.
EAP
Correct Answer
A. 802.1X -
- 20.
Which encryption algorithm is used by the CCMP cipher suite?
- A.
3DES
- B.
RSA
- C.
AES
- D.
RC4
Correct Answer
C. AES -
- 21.
Which encryption algorithm is used by the WEP cipher suite?
- A.
RC4
- B.
RSA
- C.
3DES
- D.
AES
Correct Answer
A. RC4 -
- 22.
Which encryption algorithm is used by the TKIP cipher suite?
- A.
3DES
- B.
RSA
- C.
RC4
- D.
AES
Correct Answer
C. RC4 -
- 23.
Which of the following are weaknesses of WEP?
- A.
Weak IVs (Initialization Vectors)
- B.
Short User Encryption Keys (40-bit and 104-bit)
- C.
Lack of support for dynamic encryption keys
- D.
All of the above
Correct Answer
D. All of the above -
- 24.
AES has been cracked
- A.
True
- B.
False
Correct Answer
B. False -
- 25.
The manager of the factory where you work as a network technician has asked you to implement a secure WLAN. In your research, you determine that your organization should implement AES encryption and 802.1X with EAP authentication and key management protocol. Which Wi-Fi Alliance certification will meet your needs?
- A.
WPA2-Personal
- B.
WPA-Enterprise
- C.
WPA2-Enterprise
- D.
WPA-Personal
Correct Answer
C. WPA2-Enterprise -
- 26.
In WPA + EAP and WPA2 + EAP, the Pairwise Transient Key (PTK) is a dynamic key that is per session / per client
- A.
True
- B.
False
Correct Answer
A. True -
- 27.
Which of the following would be the most secure option for an Enterprise WLAN implementation?
- A.
WPA-PSK / TKIP
- B.
WPA2 + EAP / CCMP
- C.
WPA2-PSK / CCMP
- D.
WPA2 + EAP / TKIP
Correct Answer
B. WPA2 + EAP / CCMP -
- 28.
An attacker is flooding your wireless service area with spoofed de-authentication frames. What type of attack is being performed?
- A.
PSK Cracking
- B.
Denial of Service
- C.
Eavesdropping
- D.
Encryption Cracking
Correct Answer
B. Denial of Service -
- 29.
You are running a wireless network with WPA2-PSK using AES encryption. Your pre-shared key contains words found in the English dictionary and does not follow best practices for complexity. Which attack have you left yourself open to?
- A.
Denial of Service
- B.
Authentication Cracking
- C.
Encryption Cracking
- D.
Eavesdropping
Correct Answer
B. Authentication Cracking -
- 30.
Which of the following is considered a DoS attack? (Choose One)
- A.
MAC spoofing
- B.
Man-in-the-middle
- C.
Jamming
- D.
Peer-to-peer
Correct Answer
C. Jamming -
- 31.
What are some problems with rogue access points?
- A.
They may allow unsecured access into your LAN
- B.
They may interfere with RF channel settings on production APs
- C.
Users may unknowingly connect to the rogue AP and expose sensitive data
- D.
All of the above
Correct Answer
D. All of the above -
- 32.
What is the major weakness of MAC filtering?
- A.
MAC addresses are not long enough
- B.
MAC addresses can be easily guessed
- C.
There are no weaknesses to MAC filtering
- D.
MAC addresses can be easily spoofed
Correct Answer
D. MAC addresses can be easily spoofed -
- 33.
An attacker starts a software-based AP on his laptop. He then scans for the SSID of the AP at the coffee shop hotspot where he is located. He sets his software-based AP to the same SSID. What type of attack is he likely beginning?
- A.
Hijacking
- B.
Denial of Service
- C.
Encryption Cracking
- D.
Authentication Cracking
Correct Answer
A. Hijacking -
- 34.
Which of these attacks will not be detected by a WIDS?
- A.
Protocol Analyzer (Evesdropping)
- B.
De-authentication Spoofing
- C.
Association flood
- D.
Rogue Access Point
- E.
MAC spoofing
Correct Answer
A. Protocol Analyzer (Evesdropping) -
- 35.
Which of the following can notify the network administrator of a wide variety of wireless attacks when they are detected but cannot attempt to mitigate the attack?
- A.
Stateful Packet Firewall
- B.
SNMP based network monitoring system
- C.
Wireless IPS
- D.
Wireless IDS
Correct Answer
D. Wireless IDS -
- 36.
An attacker wants to steal data from users on an open and unsecured hotspot at a coffee shop. Which type of attack might the attacker use?
- A.
PSK Cracking
- B.
Denial of Service
- C.
Eavesdropping
- D.
Encryption Cracking
Correct Answer
C. Eavesdropping -
- 37.
While performing a penetration test on a WLAN, you attempt to connect to the IP address of the AP in a web browser. Your connection is denied when connecting through the WLAN. What attack method is being protected against in this scenario?
- A.
Authentication Cracking
- B.
Encryption Cracking
- C.
Denial of Service
- D.
Management Interface Exploits
Correct Answer
D. Management Interface Exploits -
- 38.
You are the network administrator for a Small Business named Pizza2Go. The single AP your organization uses is configured with WPA-PSK, and the pre-shared key is set to your company name followed by the number 7. Is this a secure implementation and why?
- A.
Yes. It is secure because the pre-shared key is at least five characters long.
- B.
No. Because WPA-PSK is just as insecure as WEP, it should never be used.
- C.
Yes. It is secure because WPA-PSK resolved the problems with WEP.
- D.
No. Because it only includes the company name plus one digit, it could be easily guessed.
Correct Answer
D. No. Because it only includes the company name plus one digit, it could be easily guessed. -
- 39.
An attacker completes a DoS attack on your wireless network . Which security concept in the CIA security triad has been compromised?
- A.
Integrity
- B.
IDK
- C.
Confidentiality
- D.
Availability
Correct Answer
D. Availability -
- 40.
MAC Filtering is sufficient for securing most wireless networks.
- A.
True
- B.
False
Correct Answer
B. False -
- 41.
You have failed to remove the default user id and password from your wireless access point before placing it into production. Which type of attack have you left yourself very vulnerable to?
- A.
Encryption Cracking
- B.
PSK Cracking
- C.
Authentication Cracking
- D.
Management Interface Exploits
Correct Answer
D. Management Interface Exploits -
- 42.
If you connect to a wireless hotspot and you do not have Windows Firewall or another third-party firewall enabled on your device, you have left yourself open to which type of attack?
- A.
PSK Cracking
- B.
Encryption Cracking
- C.
Peer-to-Peer Attacks
- D.
Authentication Cracking
Correct Answer
C. Peer-to-Peer Attacks -
- 43.
You receive calls from five different users in a 10-minute window of time. Each of them tells you that the WLAN is no longer available. You connect to the IP address of the AP across the wired network and can connect with no problem. This reveals that the AP is still running fine. What kind of attack is likely to be occurring?
- A.
Encryption Cracking
- B.
Denial of Service
- C.
Management Interface Exploit
- D.
Hijacking
Correct Answer
B. Denial of Service -
- 44.
A hacker convinces an IT staff member that he is an employee of the company and has the IT staff member program the company’s pre-shared key into his laptop so that he may access the corporate wireless network. This is an example of which type of attack?
- A.
PSK Cracking
- B.
Social Engineering
- C.
Authentication Cracking
- D.
Eavesdropping
Correct Answer
B. Social Engineering -
- 45.
If you fail to keep logs on user activity in your network environment, which AAA concept have you failed to implement?
- A.
Accounting
- B.
Authentication
- C.
Authorization
- D.
Attack Logging
Correct Answer
A. Accounting -
- 46.
Which of the following can notify the network administrator of a wide variety of wireless attacks when they are detected as well as respond to the attack by changing the network environment in an attempt to prevent or mitigate the attack?
- A.
SNMP based network monitoring system
- B.
Wireless IPS
- C.
Wireless IDS
- D.
Stateful Packet Firewall
Correct Answer
B. Wireless IPS -
- 47.
A hacker cracks your WEP key and then eavesdrops on data from your wireless network. Which security concept in the CIA security triad has been compromised?
- A.
Confidentiality
- B.
Integrity
- C.
Availability
- D.
IDK
Correct Answer
A. Confidentiality -
- 48.
The best way to prevent Social Engineering Attacks is:
- A.
Employee and End User Training
- B.
Strong Encryption
- C.
Strong Passwords
- D.
Wireless Intrusion Prevention Systems
Correct Answer
A. Employee and End User Training -
- 49.
WPA2-PSK (Pre-Shared Key) with AES may be vulnerable to authentication cracking
- A.
True
- B.
False
Correct Answer
A. True -
- 50.
WEP should never be used to secure a production wireless network that transmits sensitive data.
- A.
True
- B.
False
Correct Answer
A. True -
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2022Quiz Edited by
ProProfs Editorial Team -
May 08, 2013Quiz Created by
Lukenasty11
Back to top