The system administrator has been notified that many users are having difficulty connecting to the company’s wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?
A. The certificate used to authenticate users has been compromised and revoked. B. Multiple war drivers in the parking lot have exhausted all available IPs from the pool to deny access. C. An attacker has gained access to the access point and has changed the encryption keys. D. An unauthorized access point has been configured to operate on the same channel.
Answer: D
Explanation: Wireless Access Points can be configured to use a channel. If you have multiple access points within range of each other, you should configure the access points to use different channels. Different channels use different frequencies. If you have two access points using the same channel, their Wi-Fi signals will interfere with each other. The question states that that many users are having difficulty connecting to the company’s wireless network. This is probably due to the signal being weakened by interference from another access point using the same channel. When the administrator takes a new laptop and physically goes to the access point and connects with no problems, he is able to connect because he is near the access point and therefore has a strong signal.
An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns. Which of the following is an example of this threat?
A. An attacker using the phone remotely for spoofing other phone numbers B. Unauthorized intrusions into the phone to access data C. The Bluetooth enabled phone causing signal interference with the network D. An attacker using exploits that allow the phone to be disabled
Answer: B
Explanation: Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information — such as the user’s calendar, contact list and e-mail and text messages -without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.
When a new network drop was installed, the cable was run across several fluorescent lights. The users of the new network drop experience intermittent connectivity. Which of the following environmental controls was MOST likely overlooked during installation?
A. Humidity sensors B. EMI shielding C. Channel interference D. Cable kinking
Answer: B
Explanation: Shielding refers to the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities. In this case you are experiencing intermittent connectivity since Electro Magnetic Interference (EMI) was not taken into account when running the cables over fluorescent lighting.
A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).
A. Antenna placement B. Interference C. Use WEP D. Single Sign on E. Disable the SSID F. Power levels
Answer: A,F
Explanation: Placing the antenna in the correct position is crucial. You can then adjust the power levels to exclude the parking lot.
Peter, the security engineer, would like to prevent wireless attacks on his network. Peter has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?
A. Interference B. Man-in-the-middle C. ARP poisoning D. Rogue access point
Answer: D
Explanation: MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists.
In this question, a rogue access point would need to be able to connect to the network to provide access to network resources. If the MAC address of the rogue access point isn’t allowed to connect to the network port, then the rogue access point will not be able to connect to the network.
Emily, a security administrator, is noticing a slow down in the wireless network response. Emily launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway?
A. IV attack B. Interference C. Blue jacking D. Packet sniffing
Answer: A
Explanation: In this question, it’s likely that someone it trying to crack the wireless network security. An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or “number occurring once,” as an encryption program uses it only once per session. An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV attack. A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. For example if a one-letter word exists in a message, it may be either “a” or “I” but it can’t be “e” because the word “e” is non-sensical in English, while “a” has a meaning and “I” has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence corresponding to each letter. Using an initialization vector changes the binary sequence corresponding to each letter, enabling the letter “a” to be represented by a particular sequence in the first instance, and then represented by a completely different binary sequence in the second instance.
WEP (Wireless Equivalent Privacy) is vulnerable to an IV attack. Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.
On a train, an individual is watching a proprietary video on Peter’s laptop without his knowledge. Which of the following does this describe?
A. Tailgating B. Shoulder surfing C. Interference D. Illegal downloading
Answer: B
Explanation: Looking at information on a computer screen without the computer user’s knowledge is known as shoulder surfing. Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.
While troubleshooting a network outage, a technician finds a 100-meter fiber cable with a small service loop and suspects it might be the cause of the outage. Which of the following is MOST likely the issue?
A. Maximum cable length exceeded B. Dirty connectors C. RF interference caused by impedance mismatch D. Bend radius exceeded
Correct Answer: D
Explanation: The excessive bending of fiber-optic cables can increase microbending and macrobending losses. Microbending causes light attenuation induced by deformation of the fiber, while macrobending causes the leakage of light through the fiber cladding and this is more likely to happen where the fiber is excessively bent.
A network administrator wants to deploy a wireless network in a location that has too much RF interference at 2.4 GHz. Which of the following standards requires the use of 5 GHz band wireless transmissions? (Select TWO)
A. 802.11a B. 802.11ac C. 802.11b D. 802.11g E. 802.11n