Questions and Answers

1. 

Which of the following authentication methods would you use to protect a wireless network for an organization that has an existing PKI and in which all computers and users have been issued certificates with private keys? (Choose all that apply.)

1. Open network authentication

2. Shared network authentication

3. 802.1X PEAP authentication

4. 802.1X EAP-TLS authentication

5. 802.1X EAP-MD5 CHAP authentication

2. 

Which of the following authentication methods would you use to protect a wireless network for an organization that prefers using user names and passwords for authentication? (Choose all that apply.)

1. Open network authentication

2. Shared network authentication

3. 802.1X PEAP authentication

4. 802.1X EAP-TLS authentication

5. 802.1X EAP-MD5 CHAP authentication

1. 

a and d. To authenticate users and computers with certificates, you should use open network authentication and 802.1X EAP-TLS authentication.

2. 

a and c. To authenticate users by using a user name and password, you should use open network authentication and 802.1X PEAP authentication.

1. 

Which of the following can be configured by using a GPO?

1. A Windows XP Service Pack 1 wireless client with WEP encryption

2. A Windows XP Service Pack 1 wireless client with WPA encryption

3. A Windows 98 wireless client with WEP encryption

4. A Microsoft Windows Mobile 2003 wireless client with WEP encryption

2. 

Which setting must be enabled to initiate dynamically rekeyed WEP?

1. Minutes Server Can Remain Idle Before It Is Disconnected

2. Minutes Client Can Be Connected

3. Allow Access Only On These Days And At These Times

4. Allow Access Only To This Number

5. Allow Access Only Through These Media

3. 

Which of the following pieces of information is not required when configuring the WPA?

1. The IP addresses of the wireless clients

2. The IP address of the RADIUS server

3. The SSID

4. The shared key

5. The encryption level

6. The authentication method

1. 

a. Windows XP clients can be configured with WEP encryption. The other clients cannot be configured by using a GPO.

2. 

b. When editing a RAP, you should specify a number of minutes in the Minutes Client Can Be Connected box to cause WEP to generate a new encryption key on a regular basis.

3. 

a. You do not have to configure the IP addresses of the wireless clients. In fact, wireless clients do not receive an IP address until after authenticating.

1. 

Which of the following risks are posed to your organization by the presence of a rogue wireless network? (Choose all that apply.)

1. An attacker could use a wireless network card to capture traffic between two wired network hosts.

2. An attacker could access hosts on your internal network from the lobby of your building with a wireless-enabled mobile computer.

3. An attacker could use your Internet connection from the lobby of your building with a wireless-enabled mobile computer.

4. An attacker could capture an attorney’s e-mail credentials as the attorney downloads his messages across the wireless link.

5. An attacker with a wireless network card could join your Active Directory domain.

2. 

Which of the following would reduce the risk of a security compromise resulting from a vulnerable rogue wireless network? (Choose all that apply.)

1. Publishing a wireless network security policy allowing employee-managed WAPs that have authentication and encryption enabled.

2. Publishing a wireless network security policy forbidding employee-managed WAPs.

3. Publishing instructions for other employees to access the current employee- managed WAP.

4. Deploying an IT-managed WAP using open network authentication without encryption.

5. Deploying an IT-managed WAP with WEP encryption and 802.1X authentication.

6. Educating internal employees about the risks associated with wireless networks.

1. 

b, c, and d. Attackers can use a rogue WAP that is poorly secured to access your internal network, capture wireless traffic, and use your Internet connection, but they cannot capture wired traffic or gain access to internal resources that require authentication.

2. 

a, b, e, and f. Deploying an IT-managed WAP would be ideal because it would allow employees to take advantage of the benefits of wireless networks while minimizing the risks by allowing IT to configure authentication and encryption. Additionally, educating employees and publishing a security policy reduces the risk that an employee will configure an unprotected WAP.

1. 

Which of the following is the likely cause of the problem?

1. The mobile computer is not a member of the domain.

2. The wireless network configuration was not applied by a GPO.

3. The laptop computer does not support WPA.

4. SSID broadcasts are disabled.

5. The laptop computer does not trust your root CA.

6. MAC address filtering is enabled and does not have the laptop computer’s MAC address listed.

1. 

e. The laptop computer must be configured to trust your root CA before it can establish a connection to the RADIUS server. The other possible causes would not prevent the computer from connecting, with the exception of MAC address filtering. MAC address filtering could cause this problem, because the laptop computer’s MAC address would not be on the approved list on the WAP. However, MAC address filtering is rarely used on networks with multiple WAPs.