CompTIA Security+ Question D-79

After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points:
Corpnet
Coffeeshop
FreePublicWifi
Using this information the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created?

A. Infrastructure as a Service
B. Load balancer
C. Evil twin
D. Virtualized network

Answer: C

Explanation:
In this question, the attacker has created another wireless network that is impersonating one of more of the three wireless networks listed in the question. This is known as an Evil Twin. An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique. For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name. In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy for novice users to set up evil twin exploits.

CompTIA Security+ Question D-68

A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following.
SSIDStateChannelLevel
Computer AreUs1connected170dbm
Computer AreUs2connected580dbm
Computer AreUs3connected375dbm
Computer AreUs4connected695dbm
Which of the following is this an example of?

A. Rogue access point
B. Near field communication
C. Jamming
D. Packet sniffing

Answer: A

Explanation:
The question states that the building has three wireless networks. However, the scan is showing four wireless networks with the SSIDs: Computer AreUs1 , Computer AreUs2 , Computer AreUs3 and Computer AreUs4. Therefore, one of these wireless networks probably shouldn’t be there. This is an example of a rogue access point. A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.

CompTIA Security+ Question B-79

The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?

A. Disable the SSID broadcasting
B. Configure the access points so that MAC filtering is not used
C. Implement WEP encryption on the access points
D. Lower the power for office coverage only

Answer: D

Explanation:
On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided.

CompTIA Security+ Question B-66

Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?

A. 802.1x
B. Data encryption
C. Password strength
D. BGP

Answer: A

Explanation:
IEEE 802.1X (also known as Dot1x) is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN

-though the term ‘supplicant’ is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols. The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity has been validated and authorized. An analogy to this is providing a valid visa at the airport’s arrival immigration before being allowed to enter the country. With 802.1X port-based authentication, the supplicant provides credentials, such as user name/password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. If the authentication server determines the credentials are valid, the supplicant (client device) is allowed to access resources located on the protected side of the network.

CompTIA Security+ Question B-14

Which of the following is where an unauthorized device is found allowing access to a network?

A. Bluesnarfing
B. Rogue access point
C. Honeypot
D. IV attack

Answer: B

Explanation:
A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.

CompTIA Security+ Question A-67

An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?

A. WEP
B. LEAP
C. EAP-TLS
D. TKIP

Answer: C

Explanation:
The majority of the EAP-TLS implementations require client-side X.509 certificates without giving the option to disable the requirement.

CompTIA Network+ Question B-53

A technician is configuring a managed switch and needs to enable 802.3af. Which of the following should the technician enable?

A. PoE
B. Port bonding
C. VLAN
D. Trunking

Correct Answer: A

Explanation:
Power over Ethernet (PoE) is defined by the IEEE 802.3af and 802.3at standards.
PoE allows an Ethernet switch to provide power to an attached device (for example, a wireless access point, security camera, or IP phone) by applying power to the same wires in a UTP cable that are used to transmit and receive data.

CompTIA Network+ Question B-47

While implementing wireless access points into the network, one building is having connectivity issues due to light fixtures being replaced in the ceiling, while all other buildings’ connectivity is performing as expected. Which of the following should be exchanged on the access points installed in the building with connectivity issues?

A. UTP patch cables
B. Antenna
C. Power adapter
D. Security standard

Correct Answer: B

CompTIA Network+ Question A-17

Which of the following devices implements CSMA/CA virtually through the RTS/CTS protocols?

A. Firewall
B. Router
C. 802.11 AP
D. Switch

Correct Answer: C

Explanation:
802.11 AP is a Wireless Access Point used in a wireless network.
If two computers on a network send data frames at the same time, a collision between the frames can occur. The frames are then discarded and the sending computers will attempt to send the data again.
Carrier sense multiple access with collision avoidance (CSMA/CA) is a protocol used in wireless networks where computers connected to the wireless network attempt to avoid collisions by transmitting data only when the channel is sensed to be “idle”. Carrier Sense Multiple Access/Collision Detect (CSMA/CD) is unreliable in wireless networks because computers connected to the wireless network often cannot see each other so CSMA/CA is a better option for avoiding collisions.
Request to Send/Clear to Send (RTS/CTS) can also be used to mediate access to the wireless network. This goes some way to alleviating the problem of computers not being able to see each other because in a wireless network, the Wireless Access Point only issues a “Clear to Send” to one node at a time.
With RTS/CTS, a Request to Send (RTS) packet is sent by the sending computer, and a Clear to Send (CTS) packet is sent by the intended receiver. This will alert all computers within range of the sender, receiver or both, to not transmit for the duration of the transmission. This is known as the IEEE 802.11 RTS/CTS exchange.

CompTIA Network+ Question A-1

A company has decided to update their usage policy to allow employees to surf the web unrestricted from their work computers. Which of the following actions should the IT security team implement to help protect the network from attack as a result of this new policy?

A. Install host-based anti-malware software
B. Implement MAC filtering on all wireless access points
C. Add an implicit deny to the core router ACL
D. Block port 80 outbound on the company firewall
E. Require users to utilize two-factor authentication

Correct Answer: A

Explanation:
To protect the computers from employees installing malicious software they download on the internet, antimalware should be run on all systems.
After a single machine in a company is compromised and is running malicious software (malware), the attacker can then use that single computer to proceed further into the internal network using the compromised host as a pivot point. The malware may have been implemented by an outside attacker or by an inside disgruntled employee.