Snatched from http://www.unixreview.com/documents/s=10060/ur0603g/ on 3-28-2006 UnixReview.com March 2006 Certification: Test Your Knowledge of Wireless Security by Emmett Dulaney How well do you know wireless security? Well enough to sign up for the CWSP (Certified Wireless Security Professional) exam, or one similar to it? Before you do, test your knowledge of the subject — and readiness for such a certification test — with this sample exam of questions on basics of the that technology. As with similar test, never try to read more into the question than is there. Sometimes, the ideal answer isn't present (the one that you would opt for in the real world), and you must choose the best answer among the choices presented to you. Answers immediately follow each question. Good luck! 1. Which of the following wireless security standards begins with a 128-bit temporal key, combines it with the MAC address, and adds a 16-octet initialization vector to arrive at the key used for data encryption? a. AES b. TKIP c. WEP d. WPA Answer: The Temporal Key Integrity Protocol (TKIP) begins with a 128-bit temporal key, combines it with the MAC address, and adds a 16-octet initialization vector to arrive at the key used for data encryption. Answer: B. 2. Which of the following can add additional security to the wireless network? a. Seguro b. WGF c. SSID d. VPN Answer: Implementing a VPN (Virtual Private Network) will increase the security of the wireless network. The other choices do not exist, or do not increase the security of the network. Answer: D. 3. What is it known as when a cracker overwhelms an access point with a large amount of traffic in order to keep legitimate users from accessing the network? a. Jamming b. Zombie c. DoS d. Crowding out Answer: When a cracker overwhelms an access point with a large amount of traffic in order to keep legitimate users from accessing the network it is a Denial of Service (DoS) attack. Answer: C. 4. In order to further secure your wireless network, you want to add IPSec. What two encryption methods does IPSec allow? (choose two) a. AH b. BCG c. ESP d. LKI Answer: IPSec allows for AH (Authentication Header) or ESP (Encapsulated Security Payload) encryption. Answer: A & C. 5. Which protocol is typically used with the CHAP one-way hash function? a. TACACS+ b. PPP c. EAP d. MD5 Answer: MD5 is typically used with the CHAP one-way hash function. Answer: D. 6. A disgruntled tenant within your building has set up a transmitter to send interference on the same channel used by your access point. What is this known as? a. Congesting b. Overcrowding c. Blocking d. Jamming Answer: Transmitting on the same signal as your access point, in this scenario, constitutes jamming. Answer: D. 7. What is the key strength available with 802.11i? a. 40-bit b. 64-bit c. 96-bit d. 128-bit Answer: The 802.11i standard allows for keys strength of 128-bit. Answer: D. 8. 802.11 devices communicate using frames that include a MAC header. How many bytes, within the MAC header, are used for frame control? a. 16 b. 32 c. 48 d. 96 Answer: Sixteen bytes are set aside at the beginning of the MAC header for frame control. Answer: A. 9. What type of security is employed in the "open authentication" method? a. None b. AAA c. MAC-based d. Shared-key Answer: With open authentication, anyone who knows the SSID is allowed on and there is no security truly employed. Answer: A. 10. Which of the following wireless security protocols is often targeted by hackers with such free Internet tools as Airsnort? a. AES b. TKIP c. WEP d. WPA Answer: Airsnort, WEPCrack, and similar tools target the inherent weaknesses in WEP (Wired Equivalent Privacy). Answer: C. 11. What can be used, by an administrator or miscreant, to see if a specific service is running on the network? a. Spoof b. Repeater c. Black hat d. Port scanner Answer: A port scanner can be used to see if a specific service is running on the network. Answer: D 12. You are implementing AES for WLAN security. What type of key algorithm does AES employ? a. Character b. Block c. Stream d. File Answer: AES (Advanced Encryption Standard) employs the stream cipher method. Answer: C. 13. The IT manager has sent an email indicating that he wants the wireless network to be a "cloaked network". What does this mean? a. Private IP numbers are used in place of public. b. The SSID is hidden. c. WEP is combined with SSL. d. 3DES encryption is implemented. Answer: In a "cloaked network", the access point hides the SSID. This is also known as a "closed network". Answer: B. 14. Which of the following is the encryption algorithm used by WEP? a. AES b. DES c. MDS d. RC4 Answer: RC4 is the symmetric algorithm used for encryption by WEP. Answer: D. 15. What are the four addresses a reassociation frame would contain? a. SSID, STA, nearest STA, and AP to associate with b. AP to associate with, BSS ID, CSS ID, and STA c. STA, AP to associate with, AP currently associated with, and BSS ID d. STA, SSID, BSS ID, and AP to associate with Answer: The four addresses a reassociation frame contains are: STA, AP to associate with, AP currently associated with, and BSS ID. Answer: C. 16. One of the main elements necessary for ARP spoofing is: a. Active eavesdropping b. Concentrated spread c. Absorption differentiation d. Attenuation detailing Answer: Active eavesdropping is one of the main elements necessary for ARP spoofing. Answer: A. 17. Which of the following modes of can DES operate in? (choose all that apply) a. ECB b. CBC c. CFB d. OFB Answer: DES (Data Encryption Standard) has the ability to operate in all four modes: ECB (Electronic CodeBook), CBC (Cipher Block Chaining), CFB (Cipher FeedBack), and OFB (Output FeedBack). Answer: A & B & C & D. 18. Someone has drawn a chalk symbol on your building of a circle with a "W" in the middle. What does this indicate in the world of warchalking? a. Open node b. Closed node c. WEP node d. WTLS node Answer: The circle with a "W" indicates a WEP node. Answer: C. 19. A cracker has placed his access point within range of a pubic access point and is using the same SSID in an attempt to collect usernames and passwords. What is this known as? a. War dialing b. War chalking c. Rogue access point d. Deficiency abusing Answer: This scenario describes a rogue access point. The term is also used for another implementation — that of a user setting up his own wireless network within the corporation. Answer: C. 20. Which of the following wireless security protocols offers the strongest encryption? a. AES b. TKIP c. WEP d. SSID Answer: AES (Advanced Encryption Standard) encryption is considerably stronger than that offered by TKIP or WEP. SSID is simply an identification string and not a security protocol. Answer: A. 21. WEP has a known insecure checksum to check the integrity of each packet. What is the name of this checksum? a. WEP Keystream b. Integrity Check Vector c. Integrity Assessment Algorithm d. Checksum Mode Cipher Answer: Integrity Check Vector (ICV) is an insecure checksum used to check the integrity of each WEP packet. Answer: B. 22. What device can be placed as a gateway between the wireless access points and the wired network to increase security? a. Router b. Proxy c. Firewall d. Bridge Answer: A firewall can be placed as a gateway between the wireless access points and the wired network to increase security. Answer: C. 23. Which WTLS class does not use certificates? a. Class 1 b. Class 2 c. Class 3 d. Class 4 Answer: Wireless Transport Layer Security (WTLS) class 1 does not use certificates. Answer: A. 24. The FMS attack focuses on a critical flaw and makes WEP networks vulnerable. Where does that flaw reside? a. Within the frame control buffer b. Within ESP c. Within RC4 d. Within the overflow control Answer: The FMS (Fluhrer-Mantin-Shamir) attack focuses on a critical flaw within RC4 namely with the key scheduling algorithm. Answer: C. 25. Within a MAC header from an 802.11 device, how many bytes are set aside for each address? a. 24 b. 48 c. 56 d. 72 Answer: Each address is allotted 48 bytes. Answer: B. 26. In a wired network, TLS/SSL can be associated with the security function. In a wireless network what would be the equivalent? a. WML b. WSP c. WTLS d. WTL Answer: In the wireless world, WTLS would be equivalent to TLS/SSL in the wired world. Answer: C. 27. Which type of attack involves a cracker spoofing the MAC (or IP) address of a network client? a. Man in the middle b. Commandeer c. Drift d. Comanche Answer: A man in the middle attack involves a cracker spoofing the MAC (or IP) address of a network client. Answer: A. 28. You are a consultant for firms of various sizes. A very small company you consult for has recently implemented an ad-hoc wireless network. What should you suggest this company do? a. Add a wireless router. b. Add a firewall to the server. c. Add a personal firewall to each client. d. Add a switch to the access point. Answer: Any firewall that might exist on the network is bypassed in communication between the clients in the ad-hoc network. It would be highly recommended that a personal firewall be added to each client to provide them some level of protection. Answer: C. 29. Which of the following are message types recognized by EAP? (choose all correct answers) a. Request b. Answer c. Success d. Crash Answer: The four message types recognized by EAP are: Request, Response, Success, and Failure. Answer: A & C. 30. What type of handshaking process does WEP utilize to authenticate radio cards? a. Two-way b. Four-way c. Six-way d. Eight-way Answer: WEP uses a four-way handshaking process to authenticate radio cards. Answer: B. 31. You have been instructed to tighten the firewall as much as possible. Due to the nature of your business, a number of users must run RealAudio. Which port number must be allowed through the firewall for RealAudio? a. 7070 b. 5190 c. 1863 d. 119 Answer: RealAudio uses port 7070 and this port should be allowed through the firewall in this scenario. Answer: A. 32. On a periodic basis, an access point on a public network sends out a beacon message. What is at the beginning of that message? a. Source address b. BSS ID c. Frame control d. Protocol version Answer: The frame control is at the beginning of every frame. Answer: C. 33. Which WTLS class uses only server certificates? a. Class 1 b. Class 2 c. Class 3 d. Class 4 Answer: Wireless Transport Layer Security (WTLS) class 2 uses only server certificates. Answer: B. 34. At one point in time, the Wi-Fi Alliance only supported EAP-TLS. They now allow other types of EAP as well. Which of the following are included in their certification program? (choose all that apply) a. PEAPv0/EAP-MSCHAPv2 b. EAP-SIM c. EAP-SLS d. PEAPv1/EAP-GTC Answer: The Wi-Fi alliance also now certifies PEAPv0/EAP-MSCHAPv2, EAP-SIM (Subscriber Identity Module), and PEAPv1/EAP-GTC (Generic Token Card). PEAP stands for Protected EAP. There is no such entity as EAP-SLS. Answer: A & B & D. 35. Which encryption suite protocol is at the heart of 802.11i's "Robust Security Network"? a. CISA b. ISA c. CCMP d. CISM Answer: CCMP (Counter Mode CBC MAC Protocol) is the encryption suite protocol at the heart of 802.11i's Robust Security Network (RSN). Answer: C. 36. In a wireless network, what protocol can be associated with the session function? a. WML b. WSL c. WTLS d. WTL Answer: In the wireless world, WSL (Wireless Session Layer) would be associated with the session function. Answer: B. 37. "Disassociate frames" often factor into spoofing attacks. What does a disassociate frame actually do? a. Initiate a buffer overflow. b. Mirror data already received. c. Disconnect the client from the WLAN. d. Create a collision with legitimate data. Answer: Disassociate frames are used to disconnect clients from the WLAN. Answer: C. 38. Which of the following modes does 3DES operate in? a. ECB b. CBC c. CFB d. OFB Answer: 3DES (Triple Data Encryption Standard) operates in ECB (Electronic CodeBook) mode. Answer: A. 39. What can an administrator employ to help detect rogue access points? a. Netstat dumping b. SNMP scanning c. Ping peeping d. ExamineProc Answer: SNMP scanning can be used to help detect rogue access points. Answer: B. 40. Which WAP specification utilizes both client and server authentication and requires the use of PKI? a. Class 1 b. Class 2 c. Class 3 d. Class 4 Answer: The WAP class 3 specification utilizes both client and server authentication and requires the use of PKI. Answer: C. 41. In which of the following wireless security mechanisms are static keys used? (choose all that apply) a. AES b. TKIP c. WEP d. WPA Answer: Of the choices offered, only WEP uses static keys. All others use keys that change periodically. Answer: C. 42. Which port number must be allowed through the firewall for Kerberos ticket requests? a. 37 b. 53 c. 79 d. 88 Answer: Kerberos ticket requests use port 88 and this port should be allowed through the firewall in this scenario. Answer: D. 43. Which WTLS class uses both client and server certificates? a. Class 1 b. Class 2 c. Class 3 d. Class 4 Answer: Wireless Transport Layer Security (WTLS) class 3 uses both client and server certificates. Answer: C. 44. Which WAP specification utilizes server authentication only? a. Class 1 b. Class 2 c. Class 3 d. Class 4 Answer: The WAP class 2 specification utilizes server authentication only. Answer: B. 45. Which of the following statements are true of key pairs? (choose all that apply) a. They are guaranteed to be mathematically unique. b. They are mathematical opposites of each other. c. They are used to ensure data integrity and confidentiality. d. There is heavy reliance upon the user to keep the private key private. Answer: There is no guarantee that keys will always be mathematically unique, nor is there a need for them to be as long as they are not weak. All other choices are correct. Answer: B & C & D. 46. Spray paint suddenly appears on the loading dock door. It is a symbol of a circle, and you suspect war chalking. What does this symbol mean? a. Open node b. Closed node c. WEP node d. WTLS node Answer: In the world of war chalking, the circle indicates a closed node. Answer: B. 47. What is the term used for driving about with a laptop looking for access points that can be communicated with? a. Spying b. War driving c. Spoofing d. Jamming Answer: War driving is the term used for driving about with a laptop looking for access points that can be communicated with. Answer: B. 48. Which WAP specification utilizes anonymous authentication? a. Class 1 b. Class 2 c. Class 3 d. Class 4 Answer: The WAP class 1 specification utilizes anonymous authentication. Answer: A. 49. What does the term "white hats" refer to? a. Upper management b. IT professionals c. Those with paper certifications d. Ethical hackers Answer: Ethical hackers are called white hats, while non-ethical hackers are referred to as black hats. Answer: D. 50. A number of users must run AOL and you need to allow this traffic through the wireless firewall. Which port number must be allowed through the firewall for AOL? a. 7070 b. 5190 c. 1863 d. 119 Answer: AOL uses port 5190 and this port should be allowed through the firewall in this scenario. Answer: B.