CompTIA Security+ Question D-91

Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?

A. WEP
B. MAC filtering
C. Disabled SSID broadcast
D. TKIP

Answer: B

Explanation:
MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network. While giving a wireless network some additional protection, MAC filtering can be circumvented by scanning a valid MAC (via airodumping) and then spoofing one’s own MAC into a validated one.

CompTIA Security+ Question D-25

Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router’s logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer’s reports?

A. Configure the router so that wireless access is based upon the connecting device’s hardware address.
B. Modify the connection’s encryption method so that it is using WEP instead of WPA2.
C. Implement connections via secure tunnel with additional software on the developer’s computers.
D. Configure the router so that its name is not visible to devices scanning for wireless networks.

Answer: A

Explanation:
MAC addresses are also known as an Ethernet hardware address (EHA), hardware address or physical address. Enabling MAC filtering would allow for a WAP to restrict or allow access based on the hardware address of the device.

CompTIA Security+ Question C-97

Peter, the security engineer, would like to prevent wireless attacks on his network. Peter has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?

A. Interference
B. Man-in-the-middle
C. ARP poisoning
D. Rogue access point

Answer: D

Explanation:
MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists.

In this question, a rogue access point would need to be able to connect to the network to provide access to network resources. If the MAC address of the rogue access point isn’t allowed to connect to the network port, then the rogue access point will not be able to connect to the network.

CompTIA Security+ Question C-75

Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect.
Which of the following is MOST likely the reason?

A. The company wireless is using a MAC filter.
B. The company wireless has SSID broadcast disabled.
C. The company wireless is using WEP.
D. The company wireless is using WPA2.

Answer: A

Explanation:
MAC filtering allows you to include or exclude computers and devices based on their MAC address.

CompTIA Security+ Question B-79

The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?

A. Disable the SSID broadcasting
B. Configure the access points so that MAC filtering is not used
C. Implement WEP encryption on the access points
D. Lower the power for office coverage only

Answer: D

Explanation:
On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided.

CompTIA Security+ Question B-74

After entering the following information into a SOHO wireless router, a mobile device’s user reports being unable to connect to the network:
PERMIT 0A: D1: FA. B1: 03: 37
DENY 01: 33: 7F: AB: 10: AB
Which of the following is preventing the device from connecting?

A. WPA2-PSK requires a supplicant on the mobile device.
B. Hardware address filtering is blocking the device.
C. TCP/IP Port filtering has been implemented on the SOHO router.
D. IP address filtering has disabled the device from connecting.

Answer: B

Explanation:
MAC filtering allows you to include or exclude computers and devices based on their MAC address.

CompTIA Security+ Question B-56

Which of the following provides the strongest authentication security on a wireless network?

A. MAC filter
B. WPA2
C. WEP
D. Disable SSID broadcast

Answer: B

Explanation:
The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) authentication protocols were designed to address the core, easy-to-crack problems of WEP.

CompTIA Security+ Question A-73

A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack?

A. Configure MAC filtering on the switch.
B. Configure loop protection on the switch.
C. Configure flood guards on the switch.
D. Configure 802.1x authentication on the switch.

Answer: C

Explanation:
ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address. ARP spoofing can enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area networks that utilize the Address Resolution Protocol. To perform ARP spoofing the attacker floods the network with spoofed ARP packets. As other hosts on the LAN cache the spoofed ARP packets, data that those hosts send to the victim will go to the attacker instead. From here, the attacker can steal data or launch a more sophisticated follow-up attack.

A flood guard configured on the network switch will block the flood of spoofed ARP packets.

CompTIA Security+ Question A-60

A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server?

A. The new virtual server’s MAC address was not added to the ACL on the switch
B. The new virtual server’s MAC address triggered a port security violation on the switch
C. The new virtual server’s MAC address triggered an implicit deny in the switch
D. The new virtual server’s MAC address was not added to the firewall rules on the switch

Answer: A

Explanation:
Configuring the switch to allow only traffic from computers based upon their physical address is known as MAC filtering. The physical address is known as the MAC address. Every network adapter has a unique MAC address hardcoded into the adapter. You can configure the ports of a switch to allow connections from computers with specific MAC addresses only and block all other MAC addresses. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network.

CompTIA Security+ Question A-31

Which of the following wireless security technologies continuously supplies new keys for WEP?

A. TKIP
B. Mac filtering
C. WPA2
D. WPA

Answer: A

Explanation:
TKIP is a suite of algorithms that works as a “wrapper” to WEP, which allows users of legacy WLAN equipment to upgrade to TKIP without replacing hardware. TKIP uses the original WEP programming but “wraps” additional code at the beginning and end to encapsulate and modify it.