CCNA Wireless Chapter 17 Exam Answers

The 4 main threats to wireless NW’s are:
1) Ad-hoc NW formation
2) Rogue AP’s
3) Client missassociations
4) Directed wireless network attacks

What exactly is client missassociation?
An SSID profile is saved and active scanning is in operation, resulting in a client connecting to a network without knowing

What are 4 examples of directed wireless network attacks?
1) DoS
2) Recon probes
3) Authent. penetration
4) MITM attacks

How are directed wireless network attacks most often mitigated?
By authenticating and encrypting management frames.

What is this process of mitigation called exactly?
MFP: management frame protection

Management frames are usually sent unauthenticated and unencrypted

What does MFP do to management frames?
It digitally signs them

The two MFP modes are:
1) Infrastructure
2) Client

In infrastructure MFP,
A hash is generated for every management frame and placed before the FCS

Client MFP is only available with…
CCX 5+ “Cisco compatible extensions”

What does Client MFP/CCX do to management frames
It uses 802.11i to encrypt mgmt frames between the client and the AP

What does Client MFP/CCX defend most effectively against?
MITM and DoS attacks

In Client MFP/CCX, a key is generated for each AP

Why can’t mobile devices associate with MFP LAN’s?
They don’t have the processing power required for the extra encryption/authentication techniques

2 older security methods are:
1) SSID —> wrong SSID? no association
2) MAC authentication

What is open authentication?
It means no authentication key is required

What is the 4 step process to open authentication?
1) Probe
2) Probe response
3) Auth
4) Auth response

In WEP authentication, a ____ key is used to encrypt traffic
WEP key

In WEP, the header is not encrypted is not encrypted, but the the data is is

What encryption type does WEP use?

What are the 3 different sizes for WEP keys?
40 bits
104 bits
128 bits

In WEP, every key is combined with an….
Initialization vector

What is the basic process of WEP association?
1) Auth request
2) Challenge text packet
3) Challenge text encrypted by supplicant
4) If AP able to decrypt properly supplicant has the right key

EAP is defined under which two RFC’s?
2284, and 3748

EAP usually works alongside..
802.1x or RADIUS

The 4 EAP message types are
1) Request — to supplicant
2) Response — from supplicant
3) Success
4) Failure

What is Cisco LEAP?
A proprietary username/PW based auth. system between a client and a RADIUS server

What is Cisco LEAP’s weakness?
Susceptible to eavesdropping

EAP-TLS is defined under…
RFC 2716

EAP-TLS uses… _________ for authentication
Digital certificates

EAP-TLS uses…__________ to secure communications between client and RADIUS server

In EAP-TLS, the ________ and __________ authenticate to eachother
client and server

What is TLS based on?
SSL 3.0

What did EAP-TTLS add to EAP-TLS?

PEAP is very similar to..

What are the 3 authentication options for PEAP?

What is fast-reconnect?
Roaming b/t AP’s made seamless b/c TLS session ID’s are cached by WLC

The 3 roles of the 802.1x framework are…
1) Supplicant
2) Authenticator
3) Authentication server

It can be said that the authenticator controls __________ access to the network

If a Cisco ACS is being used as the Authentication server, more _____________ methods of authentication are available

802.1x: After the client sends a probe request to the AP, the AP will respond with a…
AP probe response which contains sec params.

What happens after the AP sends its probe response?
The client is associated but traffic is blocked until 802.1x auth is complete

The 802.1x authentication challenge is encrypted by

How does the client response to this challenge?
With a credential response

What does authenticator do with the credential response?
Converts it to a RADIUS access request and sends it to the AS

What does the AS do upon receiving the RADIUS access request?
It responds with a challenge that specifies what credentials are required of the supplicant

What happens if the client responds with the correct credentials?
The AS transmits a success message and encryption key

WPA2 is aka

What is a PMK?
Pairwise master key,
It is created on a RADIUS server when a client authenticates

Where is the PMK sent?
From the AS to the authenticator

What is PMK used for?
To encrypt the exchange of the temporal session key

What is the PMK derived from that results in the authenticator and supplicant having the same one?
It is derived from client information

PMK’s are used to make PTK’s and GTK’s.

PTK’s and GTK’s are made in a
4 way handshake process

WPA2-PSK is aka
personal mode

WPA2-PSK is encrypted with…
A 256 bit PMK