What WLAN client device behavior is exploited by an attacker during a hijacking attack?

A. After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.

B. Client drivers scan for and connect to access point in the 2.4 GHz band before scanning the 5 GHz band.

C. When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.

D. When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.

E. As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-toclient connections, even in an infrastructure BSS.

Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication. While using an airport hotspot with this security solution, to what type of wireless attack is a user susceptible?

A. Wi-Fi phishing

B. Management interface exploits

C. UDP port redirection

D. IGMP snooping

In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2Personal. What statement about the WLAN security of this company is true?

A. Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.

B. Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.

C. A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.

D. An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.

E. An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user's 4-Way Handshake.

ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations. As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication?

A. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

B. When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

C. MS-CHAPv2 uses AES authentication, and is therefore secure.

D. MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

E. LEAP's use of MS-CHAPv2 is only secure when combined with WEP.

What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

A. EAP-GTC

B. PEAP

C. EAP-TTLS

D. LEAP

E. H-REAP

You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet. What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)

A. Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.

B. Use internal antennas.

C. Use external antennas.

D. Power the APs using PoE.

Which of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

A. It does not support a RADIUS server.

B. It is not a valid EAP type.

C. It does not support mutual authentication.

D. It does not support the outer identity.

ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS-CHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hotspot include:

Cannot access corporate network resources Network permissions are limited to Internet access All stations must be authenticated

What security controls would you suggest? (Choose the single best answer.)

A. Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.

B. Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.

C. Implement separate controllers for the corporate and guest WLANs.

D. Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.

E. Force all guest users to use a common VPN protocol to connect.

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

A. 802.1X/ EAP authentication

B. Group Key Handshake

C. DHCP Discovery

D. RADIUS shared secret lookup

E. 4-Way Handshake

F. Passphrase-to-PSK mapping

Joe's new laptop is experiencing difficulty connecting to ABC Company's 802.11 WLAN using 802.1X/EAP PEAPv0. The company's wireless network administrator assured Joe that his laptop was authorized in the WIPS management console for connectivity to ABC's network before it was given to him. The WIPS termination policy includes alarms for rogue stations, rogue APs, DoS attacks and unauthorized roaming. What is a likely reason that Joe cannot connect to the network?

A. An ASLEAP attack has been detected on APs to which Joe's laptop was trying to associate. The WIPS responded by disabling the APs.

B. Joe configured his 802.11 radio card to transmit at 100 mW to increase his SNR. The WIPS is detecting this much output power as a DoS attack.

C. Joe's integrated 802.11 radio is sending multiple Probe Request frames on each channel.

D. Joe disabled his laptop's integrated 802.11 radio and is using a personal PC card radio with a different chipset, drivers, and client utilities.