Chapter 4

Which of the following tunneling protocols encrypts VPN traffic using TLS over port 443?

Secure Socket Tunneling Protocol (SSTP)

What does a healthy Network Access Control (NAC) client typically require?

Up-to-date operating system with all patches and fixes, enabled firewall, and up-to-date antivirus software

Which of the following describes the operation of a RADIUS server in WPA2 Enterprise mode?

It requires users to authenticate with unique credentials, and blocks access if proper credentials are not provided.

What is the difference between wireless routers and wireless access points (APs) according to the CompTIA Security+ exam study material?

All wireless routers are APs, but not all APs are wireless routers.

What is a main benefit of using IPsec’s Tunnel mode over Transport mode?

The IP addresses that are used within the internal network are encrypted.

What is the purpose of a Wi-Fi analyzer in a site survey?

To identify activity on channels within the wireless spectrum and analyze activity in the 2.4-GHz and 5-GHz frequency ranges

What is a primary security concern when using direct access VPNs over a public network?

Unauthorized disclosure of encapsulated and encrypted traffic

Which of the following represents a common type of RFID attack?

Sniffing or eavesdropping

What is the primary purpose of MAC cloning in a security context?

To bypass MAC filtering by pretending to be an authorized system

What is one of the goals of a honeypot?

To allow security professionals to observe an attacker’s techniques.

Which of the following statements about Wi-Fi Protected Setup (WPS) is not true?

WPS is safe if it is used with WPA2.

What is the difference between the use of credentials in the Enterprise mode and PSK mode in WPA2, and which one provides the authentication?

Enterprise mode uses unique credentials for each user for authentication while PSK mode uses only a passphrase for authorization, not authentication

What is Bluejacking in the context of Bluetooth device attacks?

 It is the practice of sending unsolicited messages to nearby Bluetooth devices

What is a false positive in the context of IDSs?

It is when an IDS sends an alarm or alert when there is no actual attack.

Why is it a good practice to change the default SSID of an Access Point (AP)?

It prevents attackers from guessing the make and model of the AP

What is the main difference between Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs)?

IDSs detect potential attacks and IPSs prevent them

What is a primary indication of a Near Field Communication (NFC) attack?

Unauthorized charges on a credit card statement

What is the main difference between an Omni and directional antenna?

Omnidirectional antennas transmit and receive signals in all directions while directional antennas transmit in one direction.

What is one significant characteristic of the EAP-TTLS authentication protocol?

It allows systems to use some older authentication methods such as Password Authentication Protocol (PAP) within a TLS tunnel

What is the official default port for a RADIUS server in the context of WPA2 Enterprise mode?

1812

What is the primary difference between War Driving and War Flying?

War Driving involves walking or driving, while War Flying involves flying on planes or drones.

Which of the following statements about PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol) is correct?

PAP sends passwords over a network in cleartext.

EX - The Password Authentication Protocol (PAP) sends passwords across a network in cleartext, which is a significant security risk. Unlike PAP, the Challenge Handshake Authentication Protocol (CHAP) does not send passwords over the network in cleartext, making it more secure.

What is a significant weakness of the Password Authentication Protocol (PAP)?

It sends passwords over the network in cleartext.

What is one of the issues related to wireless networks mentioned in the text?

They are susceptible to vulnerabilities and many users don’t understand how to properly secure them.

In IPsec, what is the benefit of using Tunnel mode over Transport mode?

Tunnel mode encrypts both the payload and the packet headers, hiding internal networking addresses.

Which of the following accurately describes the term ’Bluesnarfing’?

It refers to the unauthorized access to, or theft of information from, a Bluetooth device

Which wireless security protocol is most vulnerable to attacks?

WPA with TKIP

What differentiates an always-on VPN from an on-demand VPN?

Always-on VPNs create a connection as soon as the user’s device connects to the Internet.

What is the main consequence of a SYN flood attack?

Resources on the server are consumed and can cause it to crash

Which of the following is the BEST description of an Evil Twin in network security?

It is a rogue access point that uses the same (or similar) SSID as a legitimate access point to trick users into connecting with it.

What were some of the early wireless cryptographic protocols, and why are they not recommended for use today?

WEP and WPA, because they are easy to exploit

Where should sensors be installed if you want to monitor all attacks on your network?

On the Internet side of the firewall

What does an HTML5 VPN portal use to encrypt its sessions?

TLS

What describes a key way in which heuristic/behavioral detection systems operate?

They compare current network behavior against a baseline of normal operating conditions to detect potential attacks.

What are the two primary detection methods used for attack detection in an IDS (Intrusion detection system)?

Signature-based and anomaly-based

What is the primary purpose of a honeypot in a live network?

 To deceive attackers and divert them from the live network

Which of the following statements is correct regarding Wireless Access Points (APs) and wireless routers based on the given text?

All wireless routers are APs, but not all APs are wireless routers.

What is a true negative in IDS or IPS?

When an IDS or IPS does not send an alarm or alert, and there is no actual attack.

What are the two essential security benefits that TACACS+ provides over RADIUS?

TACACS+ encrypts the entire authentication process and uses multiple challenges and responses

What is a primary feature or capability of signature-based IDSs?

They use a database of known vulnerabilities or known attack patterns to detect threats

Which cryptographic protocol does WPA3 use instead of the Pre-shared Key (PSK) used with WPA2?

Simultaneous Authentication of Equals (SAE)

Ex - WPA3 uses Simultaneous Authentication of Equals (SAE) instead of the Pre-shared Key (PSK) used with WPA2. This leads to a stronger security protocol.

Which of the following best describes a ’false negative’ in the context of an Intrusion Detection System (IDS)?

It is when an attacker is actively attacking the network, but the system fails to detect it.

What is the best protection against wireless replay attacks?

Implementing WPA2 and WPA3

Ex - WPA2 and WPA3 are resistant to replay attacks, thus they offer the best protection against such attacks.

Which wireless standard uses both the 2.4 GHz and 5 GHz bands?

801.11n

What type of acknowledgment does a captive portal typically ask for when offering free Internet access?

Users to check a box agreeing to an acceptable use policy (AUP)

What is the purpose of a honeynet in cyber security?

To deceive attackers and prevent them from attacking the live network

What is a captive portal and how can it be used as an alternative to IEEE 802.1X?

It is a network management solution that redirects users to a splash page before granting them access to the Internet.

What is the function of the Authentication Header (AH) in IPsec?

It allows the IPsec conversation hosts to authenticate with each other

What is the main function of a honeyfile in cybersecurity?

It’s a decoy file designed to lure and deceive attackers

What is the difference between a wireless access point (AP) and a wireless router according to the CompTIA Security+ SY0-701 text?

All wireless routers are APs, but not all APs are wireless routers

What is the primary difference between IPS and IDS systems?

An IPS can detect, react to, and prevent attacks, while an IDS only monitors and responds to attacks after they’ve commenced.

What are the limitations of a Network-based Intrusion Detection System (NIDS)?

 It cannot detect anomalies on individual systems or decrypt encrypted traffic

Where does the traffic pass through for a host-based intrusion detection system (HIDS) to monitor?

Through the network interface card (NIC)

What does Chapter 3, ’Exploring Network Technologies and Tools’, cover?

Basic network technologies and protocols

What are the cryptographic protocols used by WPA2 (IEEE 802.11i)?

AES and CCMP

Ex - WPA2 (IEEE 802.11i) uses strong cryptographic protocols such as Advanced Encryption Standard (AES) and Counter-mode/CBC-MAC Protocol (CCMP).

What is the primary purpose of a honeypot in a network security context?

To deceive attackers and divert them from the live network

How does the Challenge Handshake Authentication Protocol (CHAP) maintain security during authentication as compared to Password Authentication Protocol (PAP)?

CHAP combines the shared secret with a nonce, hashes it, and sends it over the network.

Ex - CHAP is more secure than PAP as it does not send the shared secret (similar to a password) in plaintext over the network. Instead, it combines the shared secret with a unique, non-repeating number (nonce), hashes it, and sends it over the network, thereby preventing interception and misuse of the data.

Which EAP method provides an extra layer of protection for the usual EAP method by encapsulating and encrypting the EAP conversation in a Transport Layer Security (TLS) tunnel?

PEAP

Ex - PEAP (Protected EAP) provides an additional layer of protection for standard EAP by encapsulating and encrypting the EAP conversation within a Transport Layer Security (TLS) tunnel. This ensures the communication channel is secured, even in situations where the physical security might be compromised.

What is the purpose of reporting based on rules within an Intrusion Detection System (IDS)?

To allow administrators to configure rules based on organizational requirements

What is meant by ’True Positive’ in the context of Intrusion Detection Systems (IDS)?

It occurs when an IDS or IPS sends an alarm or alert after recognizing an attack.

What is unique about using the PSK mode with WPA2, as opposed to Enterprise mode?

PSK mode does not provide authentication

Ex - PSK mode offers access to the network anonymously using a pre-shared key or a passphrase, but it does not provide authentication. The user’s identity is not established in PSK mode, which is why it is less secure than Enterprise mode.

What is the primary purpose of a captive portal?

To force users using web browsers to complete a certain process before allowing network access

Which of the following protocols does NOT provide all three AAA services; authentication, authorization, and accounting?

Kerberos

Ex - Kerberos is sometimes referred to as an AAA protocol, but it does not provide any accounting services.

What is the main purpose of RADIUS Federation in 802.1X servers?

To enable a federation using 802.1X and RADIUS servers, allowing users to log on once and access shared resources with the other entity without logging on again

What is the primary purpose of a captive portal in the context of paid internet access?

To authenticate users

Why is L2TP not used by itself for VPN traffic?

L2TP does not provide any encryption

Ex - L2TP does not provide any encryption. Because of this, it cannot be used by itself for VPN traffic. Instead, data must be encrypted with another protocol, such as IPsec, before being passed to L2TP for transport over the VPN.

Which of the following statements is correct according to the text?

All wireless routers are APs.

What is one of the major benefits of using a centralized RADIUS server as compared to separate databases for each VPN server?

It cuts down on labor and potential errors associated with updating multiple databases

Ex -  As per the information provided, RADIUS is a centralized authentication service, which means it eliminates the need for keeping separate databases for each VPN server. When there’s a change, like modification to the password, it’s easier to update one central server than multiple separate ones. Thus, the use of a RADIUS server can simplify operations and reduce potential errors as well as labor involved.

Which of the following authentication protocols was designed by Cisco as a secure replacement for Lightweight EAP (LEAP), and supports but does not require certificates?

EAP-FAST

Ex - Cisco designed EAP-FAST (Flexible Authentication via Secure Tunneling) as a secure replacement for Lightweight EAP (LEAP). Digital certificates are supported in EAP-FAST, but they are not mandatory.

What makes Protected EAP (PEAP) different from other authentication protocols?

PEAP provides an extra layer of protection by encapsulating and encrypting the EAP conversation in a Transport Layer Security (TLS) tunnel.

What does a heat map produced by a site survey tool show in a wireless network?

The color-coded representation of wireless signals strength.

Ex - A heat map, created by a site survey tool, provides a color-coded representation of wireless signal strengths within the surveyed area. This allows administrators to identify where wireless signals are strongest and spots where signals may be weak or non-existent.

Why is physical security important for Access Points (APs)?

Unauthorized devices can be connected to APs by attackers to collect network traffic

Ex - If attackers can physically access an AP, they can connect unauthorized devices to it and collect network traffic. This activity can compromise sensitive information and disrupt network operations.

What is a common method used by attackers to degrade the performance of a wireless network?

Transmitting noise or another radio signal on the same frequency used by the network

What is the difference between a split tunnel and a full tunnel in the context of a VPN?

A full tunnel encrypts all traffic after a user has connected to a VPN while a split tunnel only encrypts traffic destined for the VPN’s private network.

What is a key requirement for conducting a sniffing or eavesdropping attack on an RFID system?

The attacker needs to know the system frequency of the RFID

Ex - To successfully sniff or eavesdrop on an RFID system, an attacker must know the RFID system’s frequency and have a receiver tuned to that frequency. Additionally, the attacker needs to know the protocols used by the RFID system to interpret the data.

What is the potential threat of fake telemetry data in SCADA systems as shown in the Massachusetts example?

It can cause excessive pressure leading to explosions

Ex - The example provided shows that incorrect telemetry data can prompt the system to produce excessive pressure in natural gas lines, potentially leading to dangerous explosions.

Which of the following best describes a Denial-of-Service (DoS) attack on an RFID system?

Flooding the RFID system’s frequency with noise causing disruption in normal services

Which EAP method requires certificates on both the server and the clients?

EAP-TLS

Ex - EAP-Transport Layer Security (EAP-TLS) is one of the most secure EAP standards. It requires certificates on both the 802.1X server and the clients. These certificates help provide strong authentication and encryption services.

Which of the following best describes the action of a ’bluebugging’ attack?

Install a backdoor after gaining full access to a Bluetooth device, allowing the attacker to listen in on conversations and access other functionality of the phone

What is a rogue access point (rogue AP) as discussed in the text?

An access point installed within a network without official authorization

Ex - As described in the text, a rogue AP is an access point placed within a network without official authorization. It might be installed by an employee bypassing security or by an attacker.

What is the main vulnerability of WEP protocol that makes it easy to crack?

It uses a small initialization vector (IV) and reuses keys

Ex - WEP, an early wireless security protocol, uses a relatively small 24-bit number for the IV. This small IV resulted in wireless networks reusing keys, which means the same IV gets used repeatedly, making WEP easy to crack by enabling the attacker to predict the IV and thus decrypt the communication.

What role must be enabled to create a VPN on a Windows server?

Direct Access VPN role

Ex - If you have a Windows server, you can enable the Direct Access VPN role and configure the Routing and Remote Access console to create a VPN.

Which version of an NAC agent is mistakenly referred to as an ’agentless’ capability by some NAC vendors according to the text?

Dissolvable agent

Ex - According to the text, some NAC vendors refer to dissolvable agents as an agentless capability, even though this is somewhat of a misnomer. A dissolvable agent is downloaded and runs on the client when the client logs on remotely, provides information and status back to the NAC system, then removes itself.

What method can an attacker use to bypass MAC filtering in a wireless network?

Impersonating an allowed MAC address

What is a false positive in the context of IDS or IPS?

When an IDS or IPS sends an alarm or alert when there is no actual attack.

What does a Replay attack in the context of RFID systems refer to?

Configuring a bogus tag to mimic the tag attached to a valuable object

Ex - A Replay attack in RFID systems typically involves an attacker eavesdropping on communication to gather data from a legitimate tag. The attacker then uses this data to configure a bogus tag that mimics the original, allowing them to fool the system into thinking that the stolen object is still in place.

What is the role of an 802.1X server in a network?

It provides port-based authentication and prevents rogue devices from connecting.

Ex - The 802.1X server provides port-based authentication, ensuring only authorized clients can connect to the device or network. It can prevent rogue devices from connecting by requiring authentication for each port. This means before a client can gain access to the network, they must authenticate themselves. If they cannot do this, network access is blocked.

What is a disassociation attack?

It’s an attack that involves sending a disassociation frame to the wireless access point with a spoofed MAC address of the victim.

What is a key advantage of the site-to-site VPN model as compared to a traditional remote access VPN?

It requires no additional steps from the user

Ex - The site-to-site VPN model allows networks to connect without requiring additional steps on the user’s part. This is a key advantage over traditional remote access VPNs (host-to-gateway model), where the end user must make a direct connection to the VPN server.

Where does a VPN server typically send a user’s log-in credentials for validation?

To the internal RADIUS server

Ex -The VPN server sends the user’s log-in credentials to the internal RADIUS server for validation. The RADIUS server may have a database of users and passwords, but it’s more common for it to pass the credentials on to another server (like an LDAP server) for validation.

What is the difference between Bluesnarfing and Bluebugging?

Bluesnarfing refers to unauthorized access to or theft of information from a Bluetooth device, while Bluebugging also involves installing a backdoor in addition to gaining full access to the device.

What is one method of performing a site survey when planning and deploying a wireless network?

Using a Wi-Fi analyzer

Ex - The text states that one method of performing a site survey is with a Wi-Fi analyzer. Wi-Fi analyzers identify activity on channels within the wireless spectrum and analyze activity in the 2.4-Ghz and 5-GHz frequency ranges.

What is the key difference between PEAP and EAP-TLS?

EAP-TLS requires certificates on the 802.1X server and the clients

Ex - EAP-TLS is different from PEAP and EAP-TTLS in the fact that it requires certificates on both the 802.1X server as well as the clients. This provides additional security for the communications.