CompTIA Security+ Question E-44

An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?

A. SSID broadcast
B. MAC filter
C. WPA2
D. Antenna placement

Answer: A

Explanation:
Numerous networks broadcast their name (known as an SSID broadcast) to reveal their presence.

CompTIA Security+ Question D-91

Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?

A. WEP
B. MAC filtering
C. Disabled SSID broadcast
D. TKIP

Answer: B

Explanation:
MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network. While giving a wireless network some additional protection, MAC filtering can be circumvented by scanning a valid MAC (via airodumping) and then spoofing one’s own MAC into a validated one.

CompTIA Security+ Question C-75

Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect.
Which of the following is MOST likely the reason?

A. The company wireless is using a MAC filter.
B. The company wireless has SSID broadcast disabled.
C. The company wireless is using WEP.
D. The company wireless is using WPA2.

Answer: A

Explanation:
MAC filtering allows you to include or exclude computers and devices based on their MAC address.

CompTIA Security+ Question B-79

The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?

A. Disable the SSID broadcasting
B. Configure the access points so that MAC filtering is not used
C. Implement WEP encryption on the access points
D. Lower the power for office coverage only

Answer: D

Explanation:
On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided.

CompTIA Security+ Question B-71

Matt, an administrator, is concerned about the wireless network being discovered by war driving.
Which of the following can be done to mitigate this?

A. Enforce a policy for all users to authentic through a biometric device.
B. Disable all SSID broadcasting.
C. Ensure all access points are running the latest firmware.
D. Move all access points into public access areas.

Answer: B

Explanation:
B: War driving is the act of using a detection tool to look for wireless networking signals. The setting making a wireless network closed (or at least hidden) is the disabling of service set identifier (SSID) broadcasting. Thus by disabling all SSID broadcasting you can mitigate the risk of war driving.

CompTIA Security+ Question B-56

Which of the following provides the strongest authentication security on a wireless network?

A. MAC filter
B. WPA2
C. WEP
D. Disable SSID broadcast

Answer: B

Explanation:
The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) authentication protocols were designed to address the core, easy-to-crack problems of WEP.

CompTIA Security+ Question A-98

Which of the following would Peter, a security administrator, do to limit a wireless signal from penetrating the exterior walls?

A. Implement TKIP encryption
B. Consider antenna placement
C. Disable the SSID broadcast
D. Disable WPA

Answer: B

Explanation:
Cinderblock walls, metal cabinets, and other barriers can reduce signal strength significantly. Therefore, antenna placement is critical.

CompTIA Security+ Question A-14

Peter, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?

A. Disable default SSID broadcasting.
B. Use WPA instead of WEP encryption.
C. Lower the access point’s power settings.
D. Implement MAC filtering on the access point.

Answer: D

Explanation:
If MAC filtering is turned off, any wireless client that knows the values looked for (MAC addresses) can join the network. When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with users’ computers and enters those addresses. When a client attempts to connect and other values have been correctly entered, an additional check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is forbidden from doing so.

CompTIA Security+ Question A-13

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).

A. Disable the wired ports
B. Use channels 1, 4 and 7 only
C. Enable MAC filtering
D. Disable SSID broadcast
E. Switch from 802.11a to 802.11b

Answer: C,D

Explanation:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use. A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

CompTIA Network+ Simulation 13

You have been tasked with setting up a wireless network in an office. The network will consist of 3 access points and a single switch. The network must meet the following parameters.

The SSIDs need to be configured as corpnet with a key of S3cr3t! The wireless signals should not interfere with each other.

The subnet the Access points and Switch are on should only support 30 devices maximum The access Points should be configured to only support TKIP clients at a maximum speed

Instructions: Click on the devices to review their information and adjust the setting of the APs to meet the given requirements.

Correct Answer:

Exhibit 1 as follows
Access Point Name: AP1
IP Address: 192.168.1.3
Gateway: 192.168.1.2
SSID: corpnet
SSID Broadcast: yes
Mode: G
Channel: 1
Speed: Auto
Duplex: Auto
WPA Passphrase: S3cr3t!

Exhibit 2 as follows
Access Point Name: AP2
IP Address: 192.168.1.4
Gateway: 192.168.1.2
SSID: corpnet
SSID Broadcast: yes
Mode: G
Channel: 6
Speed: Auto
Duplex: Auto
WPA Passphrase: S3cr3t!

Exhibit 3 as follows
Access Point Name: AP3
IP Address: 192.168.1.5
Gateway: 192.168.1.2
SSID: corpnet
SSID Broadcast: yes
Mode: G
Channel: 11
Speed: Auto
Duplex: Auto
WPA Passphrase: S3cr3t!