1500 Flashcards
(100 cards)
1
Q
The encryption protocol standard for WPA2.
A
AES-CCMP
2
Q
An attack that sends unsolicited messages to Bluetooth-enabled devices.
A
Bluejacking
3
Q
An attack that accesses unauthorized information from a wireless device through a Bluetooth connection - often between cell phones and laptop computers.
A
Bluesnarfing
4
Q
A wireless technology that uses short-range radio frequency (RF) transmissions and provides for rapid ad hoc device pairings.
A
Bluetooth
5
Q
An AP set up by an attacker to mimic an authorized AP and capture transmissions - so a user’s device will unknowingly connect to this evil twin instead.
A
Evil Twin
6
Q
A framework for transporting authentication protocols that defines the format of the messages.
A
Extensible Authentication Protocol (EAP)
7
Q
A 24-bit value used in WEP that changes each time a packet is encrypted.
A
Initialization Vector (IV)
8
Q
A method of determining the keystream by analyzing two packets that were created from the same initialization vector (IV).
A
Keystream Attack (IV Attack)
9
Q
A proprietary EAP method developed by Cisco Systems requiring mutual authentication used for WLAN encryption using Cisco client software.
A
Lightweight EAP (LEAP)
10
Q
A method for controlling access to a WLAN based on the device’s MAC address.
A
Media Access Control (MAC) Address Filtering
11
Q
A key value that must be created and entered into both the access point and all wireless devices (“shared”) prior to (“pre”) the devices communicating with the AP.
A
Preshared Key (PSK)
12
Q
An EAP method designed to simplify the deployment of 802.11x by using Microsoft Windows logins and passwords.
A
Protected EAP (PEAP)
13
Q
An unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its user to attacks.
A
Rogue Access Point
14
Q
The user-supplied network name of a WLAN; it can generally be alphanumeric from 2 to 32 characters.
A
Service Set Identifier (SSID)
15
Q
The transmission of the SSID from the access point to wireless devices.
A
SSID Broadcast
16
Q
A WPA encryption technology.
A
Temporal Key Integrity Protocol (TKIP)
17
Q
The process of documenting and then advertising the location of wireless LANs for others to use. Wireless networks were identified by drawing on sidewalks or walls around the area of the network.
A
War Chalking
18
Q
Searching for wireless signals from an automobile or on foot suing a portable computing device.
A
War Driving
19
Q
The original set of protections from the Wi-Fi Alliance in 2003 designed to protect both present and future wireless devices.
A
Wi-Fi Protected Access (WPA)
20
Q
The second generation of WPA security from the Wi-Fi Alliance in 2004 to address authentication and encryption on WLANs.
A
Wi-Fi Protected Access 2 (WPA2)
21
Q
An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities and is not considered secure.
A
Wired Equivalent Privacy (WEP)
22
Q
Bluetooth falls under the category of __________. A. local area network (LAN) B. short area network (SAN) C. paired-device network (PDN) D. personal area network (PAN)
A
D. personal area network (PAN)
23
Q
A Bluetooth network that contains one master and at least one slave using the same RF channel forms a __________. A. cluster B. grouping C. scatteringnet D. piconet
A
D. piconet
24
Q
____________ is the unauthorized access of information from a wireless device through a Bluetooth connection. A. Bluejacking B. Bluetooth snatching C. Bluetooth spoofing D. Bluesnarfing
A
D. bluesnarfing
25
The IEEE ___________ standard specifies a maximum rated speed of 54 Mbps using the 5 GHz spectrum. A. 802.11 B. 802.11a C. 802.11b D. 802.11g
B. 802.11a
26
Each of the following is an advantage of IEEE 802.11n except __________. A. smaller coverage area B. faster speed C. less interference D. stronger security
A. smaller coverage area
27
Which of the following is not found in a residential WLAN gateway? A. intrusion detection system (IDS) B. firewall C. router D. dynamic host configuration protocol (DHCP)
A. intrusion detection system (IDS)
28
Which of the following is not a requirement for war driving? A. wireless NIC adapter B. antennas C. GPS receiver D. mobile computer device
C. GPS receiver
29
The primary design of a(n) __________ is to capture the transmission from legitimate users. A. evil twin B. Bluetooth grabber C. WEP D. rogue access point
D. rogue access point
30
Which of the following is a vulnerability of MAC address filtering? A. the user must enter the MAC B. APs use IP addresses instead of MACs C. Not all operating systems support MACs D. MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format
D. MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format
31
Each of the following is a limitation of turning off the SSID broadcast from an AP except ___________. A. the SSID can easily be discovered - even when it is not contained in beacon frames - because it still is transmitted in other management frames sent by AP B. turning off the SSIB broadcast may prevent users form being able to freely roam from one AP coverage area to another C. some versions of operating systems favor a network broadcasting an SSID over one that does not D. users can more easily roam from on WLAN to another
D. users can more easily roam from on WLAN to another
32
The primary weakness of wired equivalent privacy (WEP) is __________. A. it usage creates a detectable pattern B. initialization vectors (IVs) are difficult for users to manage C. its only functions on specific brands of APs D. it slows down a WLAN from 104 Mbps to 16 Mbps
A. its usage creates a detectable pattern
33
The two models for personal wireless security developed by the Wi-Fi Alliance are Wi-Fi Protected Access (WPA) and __________. A. Protected Wireless Security (WPS) B. IEEE 802.11ai C. Postshared Key Protection (PKP) D. Wi-Fi Protected Access 2 (WPA2)
D. Wi-Fi Protected Access 2 (WPA2)
34
WPA replaces WEP with __________. A. Temporal Key Integrity Protocol (TKIP) B. Cyclic Redundancy Check (CRC) C. Message Integrity Check (MIC) D. WPA2
A. Temporal Key Integrity Protocol (TKIP)
35
A preshared key (PSK) of fewer than __________ characters may be subject to an attack if that key is a common dictionary word. A. 6 B. 12 C. 16 D. 20
D. 20
36
A WEP key that is 128 bits in length __________. A. cannot be used on access points that use passphrases B. is less secure than a WEP key of 64 bits because shorter keys are stronger C. has an initialization vector (IV) that is the same length as a WEP key of 64 bits D. cannot be cracked because it is too long
C. has an initialization vector (IV) that is the same length as a WEP key of 64 bits
37
AES-CCMP is the encryption protocol standard used in __________. A. WPA2 B. IEEE 802.11 C. WPA D. Bluetooth
A. WPA2
38
What is the Extensible Authentication Protocol (EAP)? A. a subset of WPA2 B. the protocol used in TCP/IP for authentication C. a framework for transporting authentication protocols D. a technology used by IEEE 802.11 for encryption
C. a framework for transporting authentication protocols
39
Which technology should be used instead of LEAP? A. STREAK B. LEAP-2 C. REAP D. PEAP
D. PEAP
40
Each of the following is a type of wireless AP probe except __________. A. wireless device probe B. dedicated probe C. AP probe D. WNIC probe
D. WNIC probe
41
The most flexible approach for a wireless VLAN is to have which device separate the packets? A. firewall B. AP C. NIC D. router
B. AP
42
The mechanism used in an information system to allow or restrict access to data or devices.
Access Control
43
A set of permissions that are attached to an object.
Access Control List (ACL)
44
A standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications.
Access Control Model
45
The process of setting a user's account to expire.
Account Expiration
46
The least restrictive access control model in which the owner of the object has total control over it.
Discretionary Access Control (DAC)
47
The second version of the Terminal Access Control Access Control System (TCACAS) authentication service.
Extended TACACS
48
Rejecting access unless a condition is explicitly met.
Implicit Deny
49
The act of moving individuals from one job responsibility to another.
Job Rotation
50
An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
Kerberos
51
Providing only the minimum amount of privileges necessary to perform a job or function.
Least Privilege
52
An attack that constructs LDAP statements based on user input statements - allowing the attacker to retrieve information from the LDAP database or modify its contents.
LDAP Injection Attack
53
A protocol for a client application to access an X.500 directory.
Lightweight Directory Access Protocol (LDAP)
54
The most restrictive access control model - typically found in military settings in which security is of supreme importance.
Mandatory Access Control (MAC)
55
Requiring that all employees take vacations.
Mandatory Vacations
56
An industry standard authentication service with widespread support across nearly all vendors of networking equipment.
Remote Authentication Dial In User Service (RADIUS)
57
A "real-world" access control model in which access is based on a user's job function within the organization.
Role Based Access Control (RBAC)
58
An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian.
Rule Based Access Control (RBAC)
59
The practice of requiring that processes should be divided between two or more individuals.
Separation of Duties
60
The current version of the Terminal Access Control Access Control System (TACACS) authentication services.
TACACS+
61
An authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. The current version is TACACS+.
Terminal Access Control Access Control System (TACACS)
62
Limitations imposed as to when a user can log on to a system.
Time of Day Restrictions
63
A RADIUS authentication server requires that the __________ be authenticated first. A. authentication server B. supplicant C. authenticator D. user
B. supplicant
64
Each of the following make up the AAA elements in network security - except __________. A. controlling access to network resources (authentication) B. enforcing security policies (authorization) C. determining user need (analyzing) D. auditing usage (accounting)
C. determining user need (analyzing)
65
With the development of IEEE 802.1x port security - the authentication server ___________ has seen even greater usage. A. RDAP B. DAP C. RADIUS D. AAA
C. RADIUS
66
__________ is an authentication protocol available as a free download that runs on Microsoft Windows 7/Vista - Windows Server 2008 - Apple Mac OS X - and Linux. A. IEEE 802.1x B. RADIUS C. Kerberos D. LDAP
C. Kerberos
67
The version of the X.500 standard that runs on a personal computer over TCP/IP is __________. A. DAP B. LDAP C. IEEE X.501 D. Lite RDAP
B. LDAP
68
A user entering her username would correspond to the _______ action in access control. A. authentication B. identification C. authorization D. access
B. identification
69
A process functioning on behalf of the user that attempts to access a file is known as a(n) __________. A. object B. subject C. resource D. operation check
B. subject
70
The individual who periodically reviews security settings and maintains records of access by users is called the __________. A. supervisor B. owner C. custodian D. manager
C. custodian
71
In the __________ model - the end user cannot change any security settings. A. Discretionary Access Control B. Security Access Control C. Mandatory Access Control D. Restricted Access Control
C. Mandatory Access Control
72
Rule Bases Access Control __________. A. is considered obsolete today. B. dynamically assigns roles to subjects based on rules C. is considered a real-world approach by linking a user's job function with security D. requires that a custodian set all rules
B. dynamically assigns roles to subjects based on rules
73
Separation of duties requires that __________. A. processes should be divided between two or more individuals B. end users cannot set security for themselves C. managers must monitor owners for security purposes D. jobs be rotated among different individuals
A. processes should be divided between two or more individuals
74
___________ in access control means that if a condition is not explicitly met - then access is to be rejected. A. Denial of duties B. Implicitly deny C. Explicit rejection D. Prevention control
B. Implicitly deny
75
A(n) ___________ is a set of permissions that is attached to an object. A. access control list (ACL) B. Subject Access Entity (SAE) C. object modifier D. security entry designator
A. access control list (ACL)
76
__________ is a Microsoft Windows feature that provides centralized management and configuration of computers and remote users who are using Active Directory. A. Windows Register Settings B. group policy C. Resource Allocation Entities D. AD management services (ADMS)
B. group policy
77
A(n) __________ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents. A. SQL/LDAP insert attack B. modified Trojan attack C. LDAP injection attack D. RBASE plug-in attack
C. LDAP injection attack
78
The least restrictive access control model is __________. A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Discretionary Access Control (DAC) D. Rule Based Access Control (RBAC)
C. Discretionary Access Control (DAC)
79
The principle known as __________ in access control means that each user should only be given the minimal amount of privileges necessary for that person to perform their job function. A. enterprise security B. least privilege C. deny all D. Mandatory limitations
B. least privilege
80
A(n) __________ is the person responsible for the information and determines the level of security needed for the data and delegates security duties as required. A. owner B. custodian C. end user D. administrator
A. owner
81
In the Mandatory Access Contol (MAC) model - every subject and object ___________. A. is restricted and cannot be accessed B. is assigned a label C. can be changed by the owner D. must be given a number from 200-900
B. is assigned a label
82
A user account that has not been accessed for a lengthy period of time is called a(n) ___________ account. A. orphaned B. limbo C. static D. dormant
D. dormant
83
Authenticating a user by the normal actions that the user performs.
Behavioral Biometrics
84
A password attack in which every possible combination of letter - numbers - and characters is used to create encrypted passwords that are matched with those in a stolen password file.
Brute Force Attack
85
Authenticating a user through the perception - thought process - and understanding of the user.
Cognitive Biometrics
86
A Department of Defense (DoD) smart card used for identification for active-duty and reserve military personnel along with civilian employees and special contractors.
Common Access Card (CAC)
87
A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.
Dictionary Attack
88
A password attack that slightly alters dictionary words by adding numbers to the end of the password - spelling words backward - slightly misspelling words - or including special characters.
Hybrid Attack
89
Using more than one type of authentication credential.
Multifactor Authentication
90
A secret combination of letters - numbers - and/or characters that only the user should know.
Password
91
A government standard for smart cards that covers all government employees.
Personal Identity Verification (PIV)
92
Large pregenerated data sets of encrypted passwords used in password attacks.
Rainbow Tables
93
Using one authentication credential to access multiple accounts or applications.
Single Sign-On (SSO)
94
Using one type of authentication credentials.
Single-Factor Authentication
95
A card that contains an integrated circuit chip that can hold information used as part of the authentication process.
Smart Card
96
Using fingerprints or other unique physical characteristics of a person's face - hands - or eyes for authentication.
Standard Biometrics
97
A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication.
Token
98
A hardened operating system that can keep attackers from accessing and controlling critical parts of a computer system.
Trusted Operating System (Trusted OS)
99
Each of the following is a type of authentication credential except __________.
C. what you discover
100
Which of the following is not a reason users create weak passwords? A. a lengthy and complex password can be difficult to memorize B. a security policy requires a password to be changed regularly C. having multiple passwords makes it hard to remember all of them D. most sites force users to create weak passwords although they do not want to
D. most sites force users to create weak passwords although they do not want to
