Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
237 Cards in this Set
- Front
- Back
|
EAP uses what layer of the OSI model ?
|
Layer 2
|
|
|
RSNA uses what security encryption method?
|
TKIP/RC4 or CCMP/AES
Note: CCMP will show the RSN IE. |
|
|
What does RSNIE mean?
|
Robust Security Network Information Element
|
|
|
What frames will you find RSNIE ?
|
RSN(IE)
The following management frames: From the AP: Beacon and Probe Response frames From the client: Association and REassociation frames |
|
|
PTK Pairwise Transient Key is used to encrypt/decrypt what traffic?
|
802.11 Unicast traffic between the client and AP
|
|
|
GTK Group Temporal Key is used to encrypt/decrypt what traffic?
|
802.11 broadcast and multicast traffic between the client and AP
|
|
|
What does PTK mean ?
|
Pairwise Transient Key
|
|
|
What does GTK mean ?
|
Group Temporal Key
|
|
|
"Cipher suite selectors" start with what 3 octets
|
00-0F-AC
|
|
|
The RSN information element field is found in four different 802.11 management frames:
|
AP: Beacon, Probe Response
CLIENT: Association Request and RE-Association Request frames |
|
|
802.11F was an attempt to standardize what ?
|
Roaming on the DS "distribution system". AP-to-AP roaming.
|
|
|
IAPP stands for what ?
|
Inter-Access Point Protocol
|
|
|
IAPP does what ?
|
Its enhanced roaming for autonomous access points
|
|
|
RSNA stands for what ?
|
Robust Security Network Association
|
|
|
PMKID is a unique identifier for an individual WHAT?
|
PMKSA
|
|
|
PMKID is found in what RSNIE frames?
|
CLIENT: Association and Re-Association frames
|
|
|
The PMKID can reference the following types of pairwise master key associations:
|
1) PMKSA derived from a PSK target AP.
2) Cached PMKSA from 802.1X auth 3) Cached PMKSA that has been obtained through pre-authentication with a target AP. |
|
|
A unique identifier is created for each PMKSA that has been established between the authenticator and the supplicant. What is it called?
|
The pairewise master key identifier (PMKID) refers to the a PMKSA.
|
|
|
What is the PTKSA assocation between ?
|
Authenticator and Supplicant
|
|
|
PTKSA stands for what ?
|
Pairwise Transient Key Association
|
|
|
What is the PMKSA association between ?
|
Authentication Server and Supplicant
|
|
|
PMKSA stands for what ?
|
Pairwise Master Key Association
|
|
|
802.11-2007 / 802.11i standard defines two fast secure roaming mechanisms. What are they ?
|
Preauthentication and PMK Caching
|
|
|
RSNA is an association between what ?
|
RSNA is an association between stations that share unique dynamic encryption keys
|
|
|
RSNA stands for what ?
|
Robust Security Network Association
|
|
|
Which system authentication is the ONLY pre-RSNA security mechanism that has not been deprecated ?
|
Open System Authentication
|
|
|
802.11-2007 standard defines robust security that requires what 2 authentication types
|
802.1X/EAP or PSK
|
|
|
(True / False)
The current 802.11-2007 standard still defines WEP as a legacy encryption method for pre-RSNA |
TRUE
|
|
|
(True / False)
Dynamic wep was never defined by the 802.11 standard |
TRUE
|
|
|
(True / False)
Open system authentication has been the only pre-RSNA security mechanism that has not been deprecated. |
TRUE -- It has not
|
|
|
What is the data payload of a 802.11 frame called?
|
MSDU - Mac Service Data Unit
|
|
|
(True / False)
The current 802.11-2007 standard still defines WEP as a legacy encryption method for pre-RSNA security. |
TRUE
|
|
|
MPPE which is used to encrypt PPTP (VPN) uses what algorithem?
|
RC4
|
|
|
(TRUE / FALSE)
Point to Point Tunneling Protocol PPTP has its own security ? |
FALSE -- It uses MPPE
Microsoft Point to Point Encryption |
|
|
L2TP stands for for?
(VPN) |
Layer 2 Tunneling Protocol (L2TP)
|
|
|
(True / False)
802.11-2007 standard does define ssid "clocking" in the standard? |
FALSE - It does not
|
|
|
WEP - The IV is in clear text or encrypted text ?
|
Clear Text
|
|
|
What is the size of a WEP IV?
|
24 bits
|
|
|
Most cipher algorithms can be categorized as what two types?
|
symmetric and Asymmetric
|
|
|
Symmetric cipher algorithms use the same key to encrypt and decrypt?
|
Yes -- both side use the same key
|
|
|
Asymmetric uses the same key or does it use a public and private key ?
|
It uses a public and private key
|
|
|
Which 3 encryption types use symmetric cipher algorithm?
|
WEP, TKIP and CCMP
|
|
|
Name the types of encryption that use STREAM CIPHER:
|
RC4
|
|
|
Name the types of encryption that use BLOCK CIPHER:
|
RC5, DES, 3DES, AES
|
|
|
What key sizes does AES come in?
|
128,192, and 256 BITS
|
|
|
Statement:
FIPS 197 defines AES, Advanced Encryption Standard |
STATEMENT
|
|
|
Statement:
FIPS 140-2 standard defines security requirements for cryptography modules |
STATEMENT
|
|
|
802.11-2007 standard defines 3 encryption standards:
|
WEP, TKIP, CCMP
|
|
|
Does the 802.11-2007 standard define TKIP countermeasure procedures?
|
YES it does
|
|
|
What 5 components are used to create a pairwise transient key (PTK) during the 4 way handshake?
|
PTK = PRF (PMK+ANonce+SNonce+AA+SPA)
|
|
|
What handshake is used to deliver a new GTK key to supplicants?
|
The Group Key Handshake
|
|
|
name 2 types of security policy's
|
general and functional
|
|
|
what are 2 types of layer 1 attacks?
|
intentional and unintentional
|
|
|
What layers are encrypted with CCMP/AES
|
Layers 3 - 7
|
|
|
WPA2 uses which cipher suite(s) and encryption method(s)?
|
CCMP/AES, TKIP/RC4
|
|
|
WPA uses which cipher suite and encryption method?
|
TKIP/RC4
|
|
|
AES processing used within CCMP uses AES with a ______ - bit key?
|
128 bit key
|
|
|
What are the service sets defined by the 802.11-2007 standard?
|
BSS - Basic Service Set
ESS - Extended Service Set IBSS - Independent Basic Service Set QBSS - QoS Basic Service Set |
|
|
What is another name for physical carrier sense?
|
Clear Channel Assessment (CCA)
|
|
|
What is another name for virtual carrier sense?
|
Network Allocation Vector (NAV)
|
|
|
Which frame is used by a client station to initiate the roaming process?
|
reassociation request frame
|
|
|
WEP encryption uses the _____ algorithm and uses a(n) ______ cipher.
|
RC4, STREAM
|
|
|
What does the 802.1X standard define?
|
port based access control
|
|
|
Name some types of EAP that always use tunneled authentication?
|
EAP-
TTLS PEAP FAST |
|
|
What types of EAP requires a client side certificate?
|
TLS
PEAPv0-EAP-TLS |
|
|
Which type of EAP has a 3 phases of operation ?
|
EAP-FAST
|
|
|
Which phase of EAP-FAST is used for automatic PAC provisioning?
|
PHASE -0
|
|
|
What ports are used by a radius server?
|
1812/1813
1645/1646 |
|
|
When using VPN which layers are encrypted ?
|
4-7
|
|
|
What are 2 fast secure roaming mechanisms defined by the 802.11-2007 standard?
|
Preauthentication and PMK caching
|
|
|
What is the common non standard way of fast secure romaming?
|
OKC
|
|
|
What mechanisms does the 802.11r-2008 amendment define?
|
Fast Basic Service Set Transition (FT)
|
|
|
In 802.1X the uncontrolled port sends what type of traffic ?
|
Uncontrolled ports allows EAP authentication traffic
|
|
|
In 802.1X the controlled port sends what type of traffic ?
|
Blocks all un EAP traffic until the client is successfully AUTH
|
|
|
EAP-PEAP has how many phases ?
|
2
|
|
|
What is the major difference between EAP-PEAP and EAP-TTLS
|
EAP-TTLS supports more inner protocols
|
|
|
EAP-FAST has how many phases?
|
3 Phases -- Phase 0 is optional
|
|
|
Radius uses what UDP ports?
|
1812 - 1813
1645 - 1646 |
|
|
Machine Authentication uses what for AD authentication?
|
SID - System Identifier
|
|
|
What are the 802.11 frames called that are carry the EAP data between the supplicant and the radius server?
|
EAPOL- EAP Over Lan
|
|
|
What radius ports are used for Authentication?
|
1645 or 1812
|
|
|
What radius ports are used for Authorization?
|
1646 / 1813
|
|
|
Leap uses what internal encryption exclusively ?
|
MsChapV2
|
|
|
802.1X has two types of ports. What are they ?
|
uncontrolled and controlled
|
|
|
802.1X has two types of ports. What type of traffic does the uncontrolled port allow?
|
Only EAP frames
|
|
|
802.1X has two types of ports. What type of traffic does the controlled port allow?
|
It waited for a EAP success. After which, it will allow all data traffic through.
|
|
|
Does EAP MD5 provide mutual authentication?
|
NO
|
|
|
Does EAP MD5 allow for the creation of dynamic encryption keys ?
|
NO, since it doesnt allow for mutual authentication. Encryption would be static wep or no encryption at all.
|
|
|
Name 3 reasons why MD5 shouldn't be used in Wireless Authentication.
|
1. One way authentication
2. User name in clear text 3. Weak MD5 hash |
|
|
Peap has how many phases?
|
2
|
|
|
The first phase in peap does what ?
|
Builds a TLS tunnel
|
|
|
The second phase in peap does what ?
|
Send the AD logon
|
|
|
Statement: Windows Zero Config uses the outer identity as the INNER identity.
|
****
|
|
|
Statement: EAP-GTC uses RSA token also very similar to EAP-POTP
|
****
|
|
|
EAP-TLS has how many phases?
|
o
|
|
|
EAP-FAST has how many phases?
|
Phase 0,1,2 -- Phase 0 is optional
|
|
|
EAP-FAST Phase zero is what ?
|
PAC provisioning
|
|
|
EAP-FAST doesnt use x509 certs, what does it use?
|
PAC
|
|
|
EAP-TLS has how many phases?
|
0
|
|
|
EAP-TLS generally doesnt have a TLS tunnel but you can optionally protect the cert exchange in the inner tunnel with what ?
|
"privacy" mode
|
|
|
EAP-GTC and use a TOKEN or name and password which is sent in the clear, true of false?
|
True
|
|
|
EAP-POTP is used for what type of EAP?
|
RSA / Token
|
|
|
Windows WZC sends the users ID in the clear when using EAP, true or false?
|
TRUE
|
|
|
EAP MD5 and EAP LEAP have how many supplicant identities?
|
1
|
|
|
EAP-PEAP and other tunneled EAPs have how many supplicant identities?
|
2
|
|
|
Which EAP out doesnt support TOKEN ?
|
EAP-PEAP MsChapv2
|
|
|
The 802.11-2007 standard defines 2 classes of security methods using pre-RSNA and RSNA.
Pre RSN is what type of security ? |
STATIC WEp
|
|
|
RSNA security methods use either tkip/rc4 or ccmp/aes?
TRUE or FALSE |
TRUE
|
|
|
How many EAPOL-Keys are sent from the authenticator to the supplicant when dynamic wep is deployed?
|
2 Keys
1 - Broadcast Key 1 - Set key |
|
|
RSNA requires 2 802.11 STAs to establish procedures to authenticate and associate with each other as well as create dynamic encryption keys through a process call the 4 way handshake.
TRUE / FALSE |
TRUE
|
|
|
What is the 48 bit (6 octet) Macs address of an access points radio called?
|
BSSID
Basic Service Set Identifier |
|
|
Statement:
RSN security associations are used within a BBS. All clients have unique keys. |
****
|
|
|
Which "cipher suite selector" does 00-0F-AC-04 reference:
|
(CCMP)
|
|
|
Which "cipher suite selector" does 00-0F-AC-02 reference:
|
(TKIP)
|
|
|
Which "cipher suite selector" does 00-0F-AC-01 reference:
|
(WEP-40)
|
|
|
Which "cipher suite selector" does 00-0F-AC-05 reference:
|
(WEP-104)
|
|
|
Which "AKM" suite does 00-0F-AC-01 reference:
|
(802.1X)
|
|
|
Which "AKM" suite does 00-0F-AC-02 reference:
|
(PSK)
|
|
|
AKM stand for what ?
|
Authentication and key management (AKM)
|
|
|
** STATEMENT **
Supplicants sends an EAPOL-Start message. |
***********
|
|
|
What is a pairwise relationship ?
|
Pairwise relationship can be defined as two entities that are associated with each other:
|
|
|
The MSK is often reference as this:
|
Sometimes referred to as the AAA key.
|
|
|
PMK is simply computed as the first ____ bits (bits 0–255) of the MSK.
|
256
|
|
|
Key Confirmation Key (KCK) is used for what ?
|
The KCK is used to provide data integrity during the 4-Way Handshake and Group Key Handshake.
|
|
|
(KCK) references what ?
|
Key Confirmation Key
|
|
|
Key Encryption Key (KEK) is used for what ?
|
The KEK is used by the EAPOL-Key frames to provide data privacy during the 4-Way Handshake and Group Key Handshake.
|
|
|
(KEK) references what ?
|
Key Encryption Key
|
|
|
Key (TK) is used for what ?
|
The TK is the temporal encryption key used to encrypt and decrypt the MSDU payload of 802.11 data frames between the supplicant and the authenticator.
|
|
|
(TK) references what ?
|
Temporal Encryption Key
|
|
|
*** STATEMENT ***
4-Way Handshake can also be used to generate keys for proprietary encryption such as xSec. |
**********
|
|
|
What type of encryption and how many bits does xSec use?
|
xSec is a Layer 2 encryption cipher that uses 256-bit AES.
|
|
|
EAPOL-KEY frames are used for the implementation of three different frame exchanges:
|
*4-Way Handshake
*Group Key Handshake *Peer Key Handshake |
|
|
802.1X/EAP authentication is completed when the access point sends an ______ frame and the AP can now initiate the 4-Way Handshake.
|
EAP SUCCESS
|
|
|
A pseudo-random function (PRF) does what ?
|
Hashes various inputs to derive a pseudo-random value.
|
|
|
What is (PRF) ?
|
pseudo-random function
|
|
|
How often is a nonce used with a PMK?
|
A nonce is only used once and is never used again with the PMK.
|
|
|
What 5 things are needed to create a PTK key ?
|
pairwise master key
authenticator nonce supplicant nonce authenticator’s MAC address (AA) supplicant’s MAC address (SPA) |
|
|
What is a nonce ?
|
A nonce is a random numerical value that is generated one time only. A nonce is used in cryptographic operations and is associated with a given cryptographic key.
|
|
|
How many nonces are created during a 4-Way Handshake ?
|
Two nonces are created by the 4-Way Handshake: the authenticator nonce (ANonce) and the supplicant nonce (SNonce).
|
|
|
*** STATEMENT ***
PTK= PRF (PMK + ANonce + SNonce + AA + SPA) |
********
|
|
|
*** STETAMENT ***
Please do not confuse Group Key Handshake with the two EAPOL-Key frame exchange that is used to distribute dynamic WEP keys. Although both handshakes use a two EAPOL-Key frame exchange, each handshake has an entirely different purpose. Also remember that dynamic WEP is proprietary and that the two EAPOL-Key frame exchange used by dynamic WEP is not an RSN security association. |
************
|
|
|
What does (STSL) stand for ?
|
station-to-station link (STSL)
|
|
|
Which frame in the 4 way handshake says to install the GTK key ?
|
#3
|
|
|
How many handshakes does a peerkey have ?
|
2
|
|
|
Name the 2 handshakes that a peerkey has ?
|
*SMK Handshake
*STK Handshake |
|
|
What does SMK stand for?
|
STSL Master Key (SMK)
(Station to Station Link) |
|
|
What does STK stand for?
|
STSL Transient Key (STK)
|
|
|
What is the 802.11z draft ?
|
(DLS) Direct Link Setup between two peer stations within a BSS
|
|
|
STA will send a _______ request frame to initiate the roaming handoff.
|
reassociation
|
|
|
** STATEMENT **
The RSNA PSK is 256 bits in length or 64 characters when expressed in hex. |
*************
|
|
|
(PBKDF) stands for what ?
|
password-based key generation function (PBKDF)
|
|
|
What is a PBHKDF used for ?
|
A PSK is generated using a PBKDF
PSK = PBKDF2(PassPhrase, ssid, ssidLength, 4096, 256) |
|
|
The limit of ___ is mandated so as to differentiate between an ASCII passphrase and a PSK that is 64 hexadecimal characters.
|
The limit of 63 is mandated so as to differentiate between an ASCII passphrase and a PSK that is 64 hexadecimal characters.
|
|
|
What does (AKMP) stand for?
|
authentication and key management protocol
|
|
|
authentication and key management protocol (AKMP) can be either a preshared (PSK) or an EAP protocol - True / False.
|
True
|
|
|
*** STATEMENT ***
256-bit PSK is also used as the pairwise master key (PMK). |
*****
|
|
|
What was 802.11F attempt to fix?
|
Standardize how roaming mechanisms work behind the scenes on the DS medium.
Also, vendor interoperability vendor to vendor romaing. |
|
|
PMKSA is an association between what ?
|
Supplicant and Authentication Server
|
|
|
PTKSA is an association between what?
|
Supplicant and Authenticator
|
|
|
PMKID refers to what?
|
PMKSA
|
|
|
The PMKID is found in what information element ?
|
RSN element
|
|
|
A PMKID can reference what 3 types of PMKSAs?
|
1) PMKSA derived from a PSK for a target AP
2) A cached PMKSA from a 802.1X/EAP Authentication 3) A cached PMKSA that has been obtained through preauthentication with a target ap |
|
|
A PMKID is a unique identifier of what ?
|
Individual PMKSAs
|
|
|
The PKMID count filed specifics what ?
|
The number of PMKIDs the supplicant has 0 - whatever
|
|
|
What is AKMP ?
|
Authentication and Key Management Protocol
|
|
|
The 802.11-2007 standard states a client station can establish a new PMKSA during the roaming process with 1 of 4 different methods
|
* 802.1X/EAP
* PSK Authentication * PMK Caching * Preauthentication |
|
|
PMK cache is also called what ?
|
Fast Secure Roam Back
|
|
|
TRUE / FALSE
OKC is a 802.11 standard |
False
|
|
|
OKC, where does the PMK live ?
|
WLC / Authenticator
|
|
|
With OKC, how many PMKs does a client have ?
|
1
|
|
|
The 802.11-2007 Standard defines a PMKID as the following:
|
PMKID= HMAC-SHA1-128 + PMK + AA + SPA
Hash combines PMK+AA+SPA |
|
|
802.11r-2008 amendment is known as what ?
|
Fast BSS Transition (FT)
|
|
|
What is the main difference between OKC and FT?
|
802.11r-2008 amendment fully defines the key hierarchy
|
|
|
Name the key holder roles in (FT)
|
PMK-R0 R0KH Auth-Server to (WLC)
PMK-R1 R1KH Authenticator (AP) PMK-S0 S0KH Supplicant PMK-S1 S1KH Supplicant |
|
|
What is the summary of the order of the FT keys ?
MSK> ? > ? > ? |
MSK>PMK-R0>PMK-R1>PTK
|
|
|
MDIE (FT) is what ?
|
mobility domain information element
|
|
|
MDID (FT) is what ?
|
mobility domain identifier it lives inside the MDIE.
|
|
|
FT supports 2 type of roaming. What are they ?
|
Over the Air FT
Over the DS FT |
|
|
FTAA (FT) is what ?
|
FT Authentication Algorithm
|
|
|
FTAA creates what type of keys ?
|
Dynamic Keys
|
|
|
802.11k defines what ?
|
RRM radio resources <measurement>.
|
|
|
802.11k uses what 2 types of reports ?
|
channel load request / report
neighbor request / report |
|
|
Is the 802.11k amendment part of of the 802.11-2007 standard ?
|
no it is not
|
|
|
The IEEE keeps compatibility and coexistence between what ?
|
Network Equipment
|
|
|
Internet Engineering Task Force (IETF) is responsible for creating what ?
|
<Internet standards> RFC
Many of these standards are integrated into the wireless networking and security protocols and standards. |
|
|
WiFi Alliance performs certification testing to make sure of what ?
|
To make sure wireless networking equipment conforms to the 802.11 WLAN communication guidelines, similar to the IEEE 802.11-2007 standard.
|
|
|
International Organization for Standardization (ISO) created what ?
|
The Open Systems Interconnection (OSI) model, which is an architectural model for data communications.
|
|
|
IEEE 802.11-2007 standard defines communication mechanisms only at what "2" layers of the OSI model ?
|
Physical layer
and MAC sublayer of the Data-Link layer of the OSI model. |
|
|
RFC stands for what ?
|
Request for Comments (RFC)
|
|
|
What groups releases RFCs?
|
Internet Engineering Task Force (IETF)
|
|
|
The WiFi Alliance, was originally named what ?
|
Wireless Ethernet Compatibility Alliance (WECA),
|
|
|
The Wi-Fi Alliance’s main task is what?
|
To ensure the interoperability of WLAN products by providing certification testing.
|
|
|
IEEE defines the 802.11 communications at what layers ?
|
IEEE defines the 802.11 communications at the Physical layer and the MAC sublayer of the Data-Link layer.
|
|
|
The upper portion is the IEEE Data link layer is called what ?
|
802.2 Logical Link Control (LLC) sublayer, which is identical for all 802-based networks, although not used by all of them.
|
|
|
**** STATEMENT ****
CWG-RF—Multimedia Converged Wireless Group-RF Profile (CWG-RF) was developed jointly by the Wi-Fi Alliance and the Cellular Telecommunications and Internet Association (CTIA), now known as The Wireless Association. |
CWG-RF defines performance metrics for Wi-Fi and cellular radios in a converged handset to help ensure that both technologies perform well in the presence of the other. All CTIA-certified handsets now include this certification.
|
|
|
What is CWG-RF?
|
Converged Wireless Group-RF Profile (CWG-RF)
|
|
|
The bottom portion of the Data-Link layer is called what ?
|
The Media Access Control (MAC) sublayer, which is identical for all 802.11-based networks. The 802.11-2007 standard defines operations at the MAC sublayer.
|
|
|
Multimedia (WMM)—Multimedia WMM is based on the QoS mechanisms that were originally defined in what amendment?
|
IEEE 802.11e amendment.
|
|
|
When you’re securing a wireless 802.11 network, 5 major components are typically required:
|
Data privacy
Authentication, authorization, and accounting (AAA) Segmentation Monitoring Policy |
|
|
A cipher is an algorithm used to perform what ?
|
A cipher is an algorithm used to perform encryption.
|
|
|
The techniques needed to encrypt and decrypt information forms the science known as what ?
|
cryptology
|
|
|
cryptology is derived from the Greek language and translates to mean what ?
|
“hidden word.”
|
|
|
The goal of cryptology is to take a piece of information, often referred to as plaintext, and, using a process or algorithm, also referred to as a key or cipher, to transform the plaintext into encrypted text, also known as what ?
|
ciphertext.
|
|
|
The encryption process
Plaintext-->Cipher--> What ? |
cipertext
|
|
|
The encryption process
Plaintext--> What ?--> Cipher text |
Cipher
|
|
|
The science of concealing the plaintext and then revealing it is known as what ?
|
cryptography
|
|
|
The science of decrypting the ciphertext without knowledge of the key or cipher is known as what ?
|
cryptanalysis
. |
|
|
RBAC stands for what ?
|
role-based access control
|
|
|
Two key components of any wireless security solution are what ?
|
data privacy (encryption)
authentication (identity verification) |
|
|
(CCMP) is a Cipher Block and uses was for Encryption ?
|
Advanced Encryption Standard (AES)
|
|
|
802.11i defines two methods of authentication, what are they ?
|
IEEE 802.1X authorization framework
preshared keys (PSKs). |
|
|
TKIP and CCMP are encryption or Ciphers ?
|
Encryption
* Think TKIP (Protocol) * Think CCMP (Protocol) |
|
|
AES and RC4 are encryption or Ciphers ?
|
Ciphers
* Think RC4 Cipher Stream * Think AES Cipher Block |
|
|
802.11r was ratified when ?
|
July 2008 and is published as IEEE 802.11r-2008.
|
|
|
802.11k was ratified when ?
|
June 2008 and is published as IEEE 802.11k-2008.
|
|
|
802.11w was ratified when ?
|
September 2009 and is published as IEEE 802.11w-2009.
|
|
|
What is the purpose of 802.11w ?
|
“protected” management frame
|
|
|
Which 802.11 management frame is used during passive scanning ?
|
Beacon
|
|
|
Which 802.11 management frames are used during active scanning?
|
Probe Request / Probe Response
|
|
|
What are the 2 methods of authentication that are defined by the original 802.11 standard?
|
Open System / Shared Key
|
|
|
Which authentication method requires the use of a static wep key ?
|
Shared Key
|
|
|
Why is wep / shared key weaker then open system?
|
Shared Key, because the challenge key is sent in clear text
|
|
|
What protocol is used for authentication in the 802.1X frame work ?
|
EAP
|
|
|
There are three pre-RSNA or legacy security mechanisms: name them:
|
Open System authentication, Shared Key authentication, and WEP encryption.
|
|
|
*** STATEMENT ***
Well, two types of standards exist in the world of technology; de jure standards and de facto standards. Essentially de jure (Latin for “concerning law”) standards are typically defined and ratified by a standards body, such as the IEEE, whereas de facto (Latin for “concerning fact”) standards are established by practice or usage. |
***
|
|
|
The 802.11 authentication merely establishes an initial connection between what ?
|
The 802.11 authentication merely establishes an initial connection between the client and the access point.
|
|
|
Open authentication is a _______ authentication because there is no exchange or verification of identity between the devices.
|
null authentication
|
|
|
Shared Key authentication requries how many frames to be exchanged ?
|
4
|
|
|
Why is shared key WEP weak ?
|
AP sends a cleartext challenge to the client station in an authentication response.
|
|
|
Shared Key authentication requires this type of security
|
WEP
|
|
|
The payload of an 802.11 data frame is called what ?
|
The payload of an 802.11 data frame is called the MAC Service Data Unit (MSDU). The MSDU contains data from the LLC and Layers 3–7.
|
|
|
The ______ is that it is the data payload in a 802.11 frame that contains the IP packet plus some LLC data.
|
the MSDU is that it is the data payload that contains the IP packet plus some LLC data.
|
|
|
The original 802.11 standard defined what two WEP BITS as supported encryption methods.
|
The original 802.11 standard defined both 64-bit WEP and 128-bit WEP as supported encryption methods.
|
|
|
Although the WEP IV is said to be new for every frame, there are only ______ different IV combinations;
|
16,777,216 different IV combinations;
|
|
|
What is the hex character range ?
|
hex characters (0–9 and A–F)
|
|
|
A 40-bit static key consists of _____ hex characters or ____ ASCII characters,
|
A 40-bit static key consists of 10 hex characters or 5 ASCII characters,
|
|
|
104-bit static key consists of ___ hex characters or ____ ASCII characters.
|
104-bit static key consists of 26 hex characters or 13 ASCII characters.
|
