Exam Review Flashcards
(36 cards)
What is a Private Branch Exchange (PBX)?
A private telephone network used within an organization allowing internal communication and external calling through shared telephone lines.
Compare 802.11 Wi-Fi operating on 2.4 GHz vs. 5 GHz.
2.4 GHz has longer range, greater penetration, fewer non-overlapping channels; 5 GHz has shorter range, less interference, more non-overlapping channels, higher speeds.
What is a packet analyzer and how is it used?
Software/hardware tool capturing, analyzing network traffic for troubleshooting, security monitoring, detecting attacks.
Name two types of wireless ad-hoc networks.
Standard Ad-hoc mode (peer-to-peer) and Wi-Fi Direct.
Briefly describe MAC address spoofing.
Changing a device’s hardware MAC address to impersonate another authorized device.
What are the three types of Wi-Fi frames?
Management frames, Control frames, Data frames.
List five features/benefits of Wi-Fi 6 (802.11ax).
Higher throughput, better efficiency (OFDMA), improved battery life, better performance in crowded environments, supports MU-MIMO.
Briefly explain SSLStrip.
An attack technique downgrading HTTPS connections to HTTP to intercept secure communications.
Define Nonce, ANonce, and SNonce.
Nonce: A number used once; ANonce: authenticator nonce in WPA handshake; SNonce: supplicant nonce in WPA handshake.
Name the two message exchanges in the Dragonfly Key Exchange.
Commit message and Confirm message.
Explain the WPA four-way handshake.
Process of establishing secure session between client and AP using four message exchanges to confirm identities and generate encryption keys.
What is the DragonBlood vulnerability?
Vulnerabilities affecting WPA3’s Dragonfly handshake allowing attackers to perform downgrade, side-channel, and denial-of-service attacks.
What type of information can be found in 802.11 Frame Fields?
MAC addresses, SSID, BSSID, security settings, signal strength, channel information.
Name three WLAN topologies.
Infrastructure, Ad-hoc, Wi-Fi Direct.
List three differences between WPA2 and WPA3.
WPA3 provides forward secrecy, protection against offline dictionary attacks, and uses Dragonfly handshake instead of WPA2’s PSK handshake.
Briefly explain UDP and its uses.
User Datagram Protocol, connectionless transport protocol providing speed over reliability, used in streaming, gaming, DNS queries.
What are two primary functions of a RADIUS server?
Authentication and Authorization (third function: Accounting).
What Wi-Fi forensic evidence can be obtained from mobile devices?
SSID history, MAC addresses, timestamps, connection types, authentication methods.
Describe the two Wi-Fi scanning modes.
Active (transmitting probes and listening for responses), Passive (listening to beacon frames without transmitting).
What vulnerabilities are associated with WPA2?
KRACK (Key Reinstallation Attacks) enabling attackers to decrypt Wi-Fi packets.
Explain Wi-Fi Easy Connect.
Simplified, secure way to connect devices to Wi-Fi using QR codes or NFC tags without passwords.
What forensic value does a PBX system provide?
PBX systems can contain call logs, voicemail data, extension routing, and time-stamped call metadata useful in fraud or misuse investigations.
What Wi-Fi forensic evidence can be obtained from a suspect’s cellular telephone?
SSID history, MAC addresses, timestamps, authentication types, and connection events.
What does the Herrevad database reveal in a forensic investigation?
Time-stamped records of network access, including SSID, BSSID, carrier codes, and cell tower IDs.
