Given: AAA is an architectural framework used to provide three separate security components in a network. Listed below are three phrases that each describe one aspect of the AAA framework.
Option-1 This AAA function is performed first and validates user identify prior to determining the network resources to which they will be granted access.
Option-2 This function is used for monitoring and auditing purposes and includes the collection of data that identifies what a user has done while connected.
Option-3 This function is used to designate permissions to a particular user.
What answer correctly pairs the AAA component with the descriptions provided above?
Answer : D
When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the
802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?
Answer : C
Given: XYZ Company has recently installed a controller-based WLAN and is using a
RADIUS server to query authentication requests to an LDAP server. XYZ maintains user- based access policies and would like to use the RADIUS server to facilitate network authorization.
What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)
Answer : B,E
You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)
Answer : A,C,D
Given: XYZ Company has recently installed an 802.11ac WLAN. The company needs the ability to control access to network services, such as file shares, intranet web servers, and
Internet access based on an employee's job responsibilities.
What WLAN security solution meets this requirement?
Answer : D
You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other
(STA2) used 11 EAP frames (excluding ACK frames) before the 4-way handshake.
Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful?
(Choose the single most probable answer given a stable WLAN.)
Answer : E
What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?
Answer : B
What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE
802.11 4 Way Handshake?
Answer : A
Given: When the CCMP cipher suite is used for protection of data frames, 16 bytes of overhead are added to the Layer 2 frame. 8 of these bytes comprise the MIC.
What purpose does the encrypted MIC play in protecting the data frame?
Answer : B
Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.
What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?
Answer : B
Given: You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet. What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)
Answer : D
What drawbacks initially prevented the widespread acceptance and use of Opportunistic
Key Caching (OKC)?
Answer : B
What protocols allow a network administrator to securely manage the configuration of
WLAN controllers and access points? (Choose 2)
Answer : B,F
A single AP is configured with three separate WLAN profiles, as follows:
1. SSID: ABCData BSSID: 00:11:22:00:1F:C3 VLAN 10 Security: PEAPv0/EAP-
MSCHAPv2 with AES-CCMP 3 current clients
2. SSID: ABCVoice BSSID: 00:11:22:00:1F:C4 VLAN 60 Security: WPA2-Personal with AES-CCMP 2 current clients
3. SSID: Guest BSSID: 00:11:22:00:1F:C5 VLAN 90 Security: Open with captive portal authentication 3 current clients
Three STAs are connected to ABCData. Three STAs are connected to Guest. Two STAs are connected to ABCVoice.
How many unique GTKs and PTKs are currently in place in this scenario?
Answer : B
Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.
In this remote scenario, what single wireless security practice will provide the greatest security for Fred?
Answer : A