| < Day Day Up > |
|
Page
10-15
1. | Which of the following authentication methods would you use to protect a wireless network for an organization that has an existing PKI and in which all computers and users have been issued certificates with private keys? (Choose all that apply.)
|
|
2. | Which of the following authentication methods would you use to protect a wireless network for an organization that prefers using user names and passwords for authentication? (Choose all that apply.)
|
|
Answers
1. | a and d. To authenticate users and computers with certificates, you should use open network authentication and 802.1X EAP-TLS authentication. |
2. | a and c. To authenticate users by using a user name and password, you should use open network authentication and 802.1X PEAP authentication. |
Page
10-34
1. | Which of the following can be configured by using a GPO?
|
|
2. | Which setting must be enabled to initiate dynamically rekeyed WEP?
|
|
3. | Which of the following pieces of information is not required when configuring the WPA?
|
|
Answers
1. | a. Windows XP clients can be configured with WEP encryption. The other clients cannot be configured by using a GPO. |
2. | b. When editing a RAP, you should specify a number of minutes in the Minutes Client Can Be Connected box to cause WEP to generate a new encryption key on a regular basis. |
3. | a. You do not have to configure the IP addresses of the wireless clients. In fact, wireless clients do not receive an IP address until after authenticating. |
Page
10-36
1. | Which of the following risks are posed to your organization by the presence of a rogue wireless network? (Choose all that apply.)
|
|
2. | Which of the following would reduce the risk of a security compromise resulting from a vulnerable rogue wireless network? (Choose all that apply.)
|
|
Answers
1. | b, c, and d. Attackers can use a rogue WAP that is poorly secured to access your internal network, capture wireless traffic, and use your Internet connection, but they cannot capture wired traffic or gain access to internal resources that require authentication. |
2. | a, b, e, and f. Deploying an IT-managed WAP would be ideal because it would allow employees to take advantage of the benefits of wireless networks while minimizing the risks by allowing IT to configure authentication and encryption. Additionally, educating employees and publishing a security policy reduces the risk that an employee will configure an unprotected WAP. |
Page
10-38
1. | Which of the following is the likely cause of the problem?
|
|
Answers
1. | e. The laptop computer must be configured to trust your root CA before it can establish a connection to the RADIUS server. The other possible causes would not prevent the computer from connecting, with the exception of MAC address filtering. MAC address filtering could cause this problem, because the laptop computer’s MAC address would not be on the approved list on the WAP. However, MAC address filtering is rarely used on networks with multiple WAPs. |
| < Day Day Up > |
|