Section 8: Securing Wireless and Mobile Solutions

Question 1

What two groups of people might use a guest wireless network?

Answer 1

1. Visitors
2. Employees on their lunch break

Question 2

What is the difference between fat and thin wireless controllers?

Answer 2

Fat: standalone, has its own setting and DHCP addresses configured locally.

Thin: Pushes out the setting to multiple WAPs.

Question 3

What is the WAP master password, and how would you protect it?

Answer 3

The admin password. Should be encrypted.

Question 4

What two tasks can a Wi-Fi Analyzer perform?

Answer 4

1. Troubleshoot wireless connectivity
2. Discover a disabled SSID, which is inside a packet going to the WAP.

Question 5

What is the purpose of MAC filtering?

Answer 5

Controls who can access a WAP. If your MAC address is not added to the WAP, then you are denied access.

Question 6

Why should you place you first WAP on channel 1, your second WAP on channel 11, and you third WAP on channel 6?

Answer 6

To prevent interference by overlapping the wireless channels.

Question 7

Why would an engineer carry out a site survey before installing a wireless network?

Answer 7

To ensure that the WAPs are placed where there is no interference.

Question 8

Would you use online banking if you were in a hotel that uses Open Authentication? If not, what would you do instead?

Answer 8

No, because it is not secure. You could tether your 4G phone and then open a VPN connection to the bank.

Question 9

What is the weakest version of wireless encryption?

Answer 9

WEP. Only has 40-bit encryption.

Question 10

If a friend comes to visit you in your house and asks for the wireless password, what are you given them?

Answer 10

The Pre-Shared Key (PSK).

Question 11

What is the most secure version of WPA2?

Answer 11

WPA2-CCMP. It uses AES encryption that is 128 bits.

Question 12

When using WPA3-Personal, what replaces the pre-shared key?

Answer 12

Simultaneous Authentication of Equals (SAE). It is more secure as the password is never transmitted and is immune to offline attacks.

Question 13

When using WPA3 wireless, what replaces WPA2-Open Authentication?

Answer 13

WiFi Enhanced Open. Does not use a password and prevents eavesdropping.

Question 14

What is the most secure version of wireless?

Answer 14

WAP3. Uses AES encryption up to 256 bit. WPA2 only uses 128 bit encryption.

Question 15

How do you access a wireless network if you use WPS, and what type of attack is it vulnerable against?

Answer 15

With WPS, you push the button to connect. Susceptible to a brute-force attack as it has a password stored on the device.

Question 16

What is the purpose of a captive portal for a wireless network?

Answer 16

Can ask you to agree to an AUP and provide additional validation like email address/Facebook/Google account details. Can handle billing for premium connections.

Question 17

What benefit does WPA3 bring to IoT devices?

Answer 17

WiFi Easy Connect makes it easy to connect IoT devices like smartphones by using a QR code.

Question 18

What needs to be installed on the endpoint if you are going to use EAP-TLS for wireless authentication?

Answer 18

A x509 certificate.

Question 19

If a user installs pirate software on their corporate laptop, which policy have they violated?

Answer 19

Acceptable Use Policy (AUP).

Question 20

What would be the benefit of first-line support if the company were to adopt CYOD instead of BYOD?

Answer 20

There would be a limited number of devices to make support easier.

Question 21

If you are staying in a hotel and their Wi-Fi is not working, how can you get access to the internet?

Answer 21

Use cellular phone as a hotspot.

Question 22

If your cell phone has been lost or stolen, what should be done using MDM?

Answer 22

Remote wipe.

Question 23

What three things should you do to protect the data stored on your smartphone?

Answer 23

1. Screen locks
2. Strong passwords
3. FDE

Question 24

If a company has suffered several thefts of company laptops, what could you use to prevent further thefts?

Answer 24

Tag the laptops, set up geofencing, RFID

Question 25

How can you prevent company data separate from personal data on a cell phone that is being used as a BYOD device so that offboarding is easy to achieve?

Answer 25

Storage segmentation or containerization.

Question 26

What is the purpose of SE Android?

Answer 26

To segment business data and prevent applications outside of the Knox container from accessing resources inside the container.

Question 27

What is a wireless short-range payment type?

Answer 27

Near-Field Communication (NFC).