Which of the following best practices makes a wireless network more difficult to find?
A. Implement MAC filtering
B. UseWPA2-PSK
C. Disable SSID broadcast
D. Power down unused WAPs
Correct Answer: C
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it's a discoverable value using a wireless
packet sniffer. Thus, the SSID should be disabled if the network isn't for public use.
Incorrect Answers:
A: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. It does not, however, increase the difficulty of finding a wireless network.
B: WPA-Personal, also referred to as WPA-PSK (Pre-shared key) mode, is designed for home and small office networks and doesn't require an authentication server. Each wireless network device authenticates with the access point using the same 256-bit key generated from a password or passphrase. Using this option will not decrease the chances of discovering the wireless network.
D: Using this option will not decrease the chances of discovering the wireless network in use.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.
A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue?
A. The SSID broadcast is disabled.
B. The company is using the wrong antenna type.
C. The MAC filtering is disabled on the access point.
D. The company is not using strong enough encryption.
Correct Answer: A
When the SSID is broadcast, any device with an automatic detect and connect feature is able to see the network and can initiate a connection with it. The fact that they cannot access the network means that they are unable to see it.
Incorrect Answers:
B: The antenna type deals with signal strength and direction. It will not have a bearing on whether technology is older.
C: The network information is being given to the vendors, therefore MAC filtering is not the issue.
D: The network information is being given to the vendors, therefore encryption is not the issue.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.
Question 1093:
While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network SSIDs are:
A. no longer used to authenticate to most wireless networks.
B. contained in certain wireless packets in plaintext.
C. contained in all wireless broadcast packets by default.
D. no longer supported in 802.11 protocols.
Correct Answer: B
The SSID is still required for directing packets to and from the base station, so it can be discovered using a wireless packet sniffer.
Incorrect Answers:
A, D: The SSID is still used as a unique identifier for a wireless LAN. It is therefore still valid for authentication, and also still supported in 802.11 protocols.
C: Devices which are configured to connect to a network which does not broadcast its SSID may try to connect to the network by broadcasting for the network. This results in the SSID being revealed to wireless snoopers in the vicinity of the device. It is not included by default.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61. http://en.wikipedia.org/wiki/Service_set_(802.11_network)
Question 1094:
A security architect wishes to implement a wireless network with connectivity to the company's internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?
A. Disabling SSID broadcasting
B. Implementing WPA2 - TKIP
C. Implementing WPA2 - CCMP
D. Filtering test workstations by MAC address
Correct Answer: A
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it's a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn't for public use.
Incorrect Answers:
B: WPA2 makes use of CCMP, not TKIP.
C: WPA2 is an encryption scheme, but it will not make discovering the network difficult.
D: This will block devices not included in the MAC address list from accessing the network, but it will not make discovering the network difficult.
An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?
A. SSID broadcast
B. MAC filter
C. WPA2
D. Antenna placement
Correct Answer: A
Numerous networks broadcast their name (known as an SSID broadcast) to reveal their presence.
Incorrect Answers:
B: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. It does not, however, make finding the wireless network name any easier.
C: WPA2 deals with encryption, not the wireless network name.
D: This will increase or decrease signal strength and availability, but has nothing to do with the wireless network name being discovered.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 183. Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.
Question 1096:
If you don't know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?
A. macconfig
B. ifconfig
C. ipconfig
D. config
Correct Answer: B
To find MAC address of a Unix/Linux workstation, use ifconfig or ip a.
Incorrect Answers:
A: macconfig is not a valid command-line utility.
C: To find MAC address of a Windows-based workstation, use ipconfig.
D: config on its own will not solve the problem.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 60.
Question 1097:
A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up. Which of the following BEST allows the analyst to restrict user access to approved devices?
A. Antenna placement
B. Power level adjustment
C. Disable SSID broadcasting
D. MAC filtering
Correct Answer: D
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.
Incorrect Answers:
A, B: This will increase or decrease signal strength and availability, but will not restrict user access.
C: Numerous networks broadcast their name (known as an SSID broadcast) to reveal their presence. Removing the presence will affect both authorized and unauthorized devices.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.
Question 1098:
After entering the following information into a SOHO wireless router, a mobile device's user reports being unable to connect to the network: PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB
Which of the following is preventing the device from connecting?
A. WPA2-PSK requires a supplicant on the mobile device.
B. Hardware address filtering is blocking the device.
C. TCP/IP Port filtering has been implemented on the SOHO router.
D. IP address filtering has disabled the device from connecting.
Correct Answer: B
MAC filtering allows you to include or exclude computers and devices based on their MAC address.
Incorrect Answers:
A: WPA2-PSK is used to encrypt a network using a plain-English passphrase between 8 and 63 characters long. C, D: The information entered into the SOHO wireless router are MAC addresses, therefore these options are not valid.
Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to
connect her personal tablet computer to the same wireless network and could not connect.
Which of the following is MOST likely the reason?
A. The company wireless is using a MAC filter.
B. The company wireless has SSID broadcast disabled.
C. The company wireless is using WEP.
D. The company wireless is using WPA2.
Correct Answer: A
MAC filtering allows you to include or exclude computers and devices based on their MAC address.
Incorrect Answers:
B: because she could connect to the wireless with the first device, the SSID must be broadcasting. C, D: Both WEP and WPA2 require a password or phrase.
References:
https://technet.microsoft.com/en-us/magazine/ff521761.aspx Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.
Question 1100:
Which of the following means of wireless authentication is easily vulnerable to spoofing?
A. MAC Filtering
B. WPA - LEAP
C. WPA - PEAP
D. Enabled SSID
Correct Answer: A
Each network interface on your computer or any other networked device has a unique MAC address. These MAC addresses are assigned in the factory, but you can easily change, or "spoof," MAC addresses in software.
Networks can use MAC address filtering, only allowing devices with specific MAC addresses to connect to a network. This isn't a great security tool because people can spoof their MAC addresses. Incorrect Answers:
B: WPA LEAP (Wifi Protected Access Lightweight Extensible Authentication Protocol) combine to ensure a secure wireless authentication method. WPA LEAP is not easily vulnerable to spoofing.
C: WPA PEAP (Wifi Protected Access Protected Extensible Authentication Protocol) combine to ensure a secure wireless authentication method. WPA PEAP is not easily vulnerable to spoofing.
D: Enabling SSID broadcasting makes the wireless network visible to clients. It is not a means of wireless authentication.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JK0-022 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.