CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 231:

  A security administrator develops a web page and limits input into the fields on the web page as well as filters special characters in output. The administrator is trying to prevent which of the following attacks?

  A. Spoofing

  B. XSS

  C. Fuzzing

  D. Pharming

  Correct Answer: B

  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.

  Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised

  site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts

  into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user.

  By validating user input and preventing special characters, we can prevent the injection of client- side scripting code.

  Incorrect Answers:

  A: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource locator (URL) spoof attacks. All types of spoofing are designed to imitate something or someone.

  Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is sent with falsified "From:" entry to try and trick victims that the message is from a friend, their bank, or some other legitimate source. Any

  email that claims it requires your password or any personal information could be a trick.

  In a caller ID attack, the spoofer will falsify the phone number he/she is calling from. Input validation is not used to prevent spoofing. Therefore, this answer is incorrect.

  C: Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt

  to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes. Fuzz testing was originally developed by Barton Miller at the University of Wisconsin in 1989. This is not what is described in this

• Question 232:

  A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of 192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?

  A. Brute force password attack

  B. Cross-site request forgery

  C. Cross-site scripting

  D. Fuzzing

  Correct Answer: B

  Cross-Site Request Forgery--also known as XSRF, session riding, and one-click attack-- involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge, and it employs some type of social networking to pull it off. For example, assume that Evan and Spencer are chatting through Facebook. Spencer sends Evan a link to what he purports is a funny video that will crack him up. Evan clicks the link, but it actually brings up Evan's bank account information in another browser tab, takes a screenshot of it, closes the tab, and sends the information to Spencer. The reason the attack is possible is because Evan is a trusted user with his own bank. In order for it to work, Evan would need to have recently accessed that bank's website and have a cookie that had yet to expire. The best protection against cross-site scripting is to disable the running of scripts (and browser profi les). Incorrect Answers: A: A Brute Force attack is usually carried out by software that attempts to guess a password by sending multiple authentication requests will different passwords until authentication is successful. This is not what is described in this question. Therefore, this answer is incorrect.

  C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, Cross- Site Request Forgery exploits the trust that a site has in a user's browser. Therefore, this answer is incorrect.

  D: Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes. Fuzz testing was originally developed by Barton Miller at the University of Wisconsin in 1989. This is not what is described in this question. Therefore, this answer is incorrect.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 335 http://searchsecurity.techtarget.com/definition/fuzz-testing

• Question 233:

  Which of the following wireless protocols could be vulnerable to a brute-force password attack? (Select TWO).

  A. WPA2-PSK

  B. WPA - EAP - TLS

  C. WPA2-CCMP

  D. WPA -CCMP

  E. WPA - LEAP

  F. WEP

  Correct Answer: AE

  A brute force attack is an attack that attempts to guess a password. WPA2-PSK and WEP both use a "Pre-Shared Key". The pre-shared key is a password and therefore is susceptible to a brute force attack.

  Incorrect Answers:

  B: EAP-TLS uses the handshake protocol in TLS, not its encryption method. Client and server authenticate each other using digital certificates. Client generates a pre-master secret key by encrypting a random number with the server's public key and sends it to the server. Both client and server use the pre-master to generate the same secret key. WPA using EAP-TLS does not use a password or pre-shared key so it is not susceptible to a brute force attack. Therefore, this answer is incorrect.

  C: Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. The advanced encryption of CCMP ensures that WPA2 with CCMP is not susceptible to a brute force attack. Therefore, this answer is incorrect.

  D: Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. The advanced encryption of CCMP ensures that WPA2 with CCMP is not susceptible to a brute force attack. Therefore, this answer is incorrect.

  E: LEAP (Lightweight Extensible Authentication Protocol) requires frequent re-authentication using different keys. The frequent changing of the key makes WPA with LEAP less susceptible to a brute force attack. Therefore, this answer is incorrect

  References: http://encyclopedia2.thefreedictionary.com/EAP-TLS

• Question 234:

  Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?

  A. HTTPS

  B. WEP

  C. WPA

  D. WPA 2

  Correct Answer: B

  WEP offers no end-to-end TLS encryption.

  The WEP process consists of a series of steps as follows:

  The wireless client sends an authentication request.

  The Access Point (AP) sends an authentication response containing clear-text (uh-oh!) challenge text. The client takes the challenge text received and encrypts it using a static WEP key. The client sends the encrypted authentication packet

  to the AP. The AP encrypts the challenge text using its own static WEP key and compares the result to the authentication packet sent by the client. If the results match, the AP begins the association process for the wireless client.

  The big issue with WEP is the fact that it is very susceptible to a Man in the Middle attack. The attacker captures the clear-text challenge and then the authentication packet reply. The attacker then reverses the RC4 encryption in order to

  derive the static WEP key. Yikes! As you might guess, the designers attempted to strengthen WEP using the approach of key lengths. The native Windows client supported a 104-bit key as opposed to the initial 40-bit key. The fundamental

  weaknesses in the WEP process still remained however.

  Incorrect Answers:

  A: HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the

  pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks.

  Therefore, this answer is incorrect.

  C: WPA (WiFi Protected Access) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer's wireless equipment. WPA is a much improved encryption

  standard that delivers a level of security beyond anything that WEP can offer. It bridges the gap between WEP and 802.11i (WPA2) networks. WPA uses Temporal Key Integrity Protocol (TKIP), which is designed to allow WEP to be upgraded

  through corrective measures that address the existing security problems. WPA is able to achieve over 500 trillion possible key combinations and re-keying of global encryption keys is required. The encryption key is changed after every frame

  using TKIP. This allows key changes to occur on a frame by frame basis and to be automatically synchronized between the access point and the wireless client. The TKIP encryption algorithm is stronger than the one used by WEP. WPA is

  compatible with many older access points and network cards. WPA uses TKIP to provide TLS encryption. Therefore, this answer is incorrect.

  D: WPA2 is the latest implementation of WPA and provides stronger data protection and network access control. It provides WiFi users with a higher level of assurance that only authorized users can access their wireless networks. WPA2 is

  based on the IEEE 802.11i standard and provides government grade security. 802.11i describes the encrypted transmission of data between systems of 802.11a and 802.11b wireless LANs. It defines new encryption key protocols including

  the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).

  WPA2 uses TKIP or AES to provide TLS encryption. Therefore, this answer is incorrect.

  References:

  http://blog.ine.com/2010/10/16/wlan-security-wep/

  http://searchsoftwarequality.techtarget.com/definition/HTTPS http://www.onlinecomputertips.com/networking/wep_wpa.html

• Question 235:

  A security administrator discovered that all communication over the company's encrypted wireless network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted in an attempt to steal other employee's credentials. Which of the following technology is MOST likely in use on the company's wireless?

  A. WPA with TKIP

  B. VPN over open wireless

  C. WEP128-PSK

  D. WPA2-Enterprise

  Correct Answer: C

  WEP's major weakness is its use of static encryption keys. When you set up a router with a WEP encryption key, that one key is used by every device on your network to encrypt every packet that's transmitted. But the fact that packets are encrypted doesn't prevent them from being intercepted, and due to some esoteric technical flaws it's entirely possible for an eavesdropper to intercept enough WEP-encrypted packets to eventually deduce what the key is. This problem used to be something you could mitigate by periodically changing the WEP key (which is why routers generally allow you to store up to four keys). But few bother to do this because changing WEP keys is inconvenient and time-consuming because it has to be done not just on the router, but on every device that connects to it. As a result, most people just set up a single key and then continue using it ad infinitum. Even worse, for those that do change the WEP key, new research and developments reinforce how even changing WEP keys frequently is no longer sufficient to protect a WLAN. The process of 'cracking' a WEP key used to require that a malicious hacker intercept millions of packets plus spend a fair amount of time and computing power. Researchers in the computer science department of a German university recently demonstrated the capability to compromise a WEP-protected network very quickly. After spending less than a minute intercepting data (fewer than 100,000 packets in all) they were able to compromise a WEP key in just three seconds.

  Incorrect Answers:

  B: WPA (WiFi Protected Access) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer's wireless equipment. WPA is a much improved encryption

  standard that delivers a level of security beyond anything that WEP can offer. It bridges the gap between WEP and 802.11i (WPA2) networks. WPA uses Temporal Key Integrity Protocol (TKIP), which is designed to allow WEP to be upgraded

  through corrective measures that address the existing security problems. WPA is able to achieve over 500 trillion possible key combinations and re-keying of global encryption keys is required. The encryption key is changed after every frame

  using TKIP. This allows key changes to occur on a frame by frame basis and to be automatically synchronized between the access point and the wireless client. The TKIP encryption algorithm is stronger than the one used by WEP. WPA is

  compatible with many older access points and network cards. WPA with TKIP is considered more secure than WEP. Therefore, this answer is incorrect.

  C: It's very unlikely that each computer connected to the wireless access point is configured to use a VPN connection. Furthermore, VPN connections are secure.

  Therefore, this answer is incorrect.

  D: WPA2 is the latest implementation of WPA and provides stronger data protection and network access control. It provides WiFi users with a higher level of assurance that only authorized users can access their wireless networks. WPA2 is

  based on the IEEE 802.11i standard and provides government grade security. 802.11i describes the encrypted transmission of data between systems of 802.11a and 802.11b wireless LANs. It defines new encryption key protocols including

  the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).

  There are two versions of WPA2:

  WPA2 Personal and WPA2 Enterprise. WPA2 Personal protects unauthorized network access by utilizing a setup password. WPA2 Enterprise verifies network users through a server. WPA2 is much more secure than WEP. Therefore, this

  answer is incorrect.

  References: http://www.webopedia.com/DidYouKnow/Computer_Science/WEP_WPA_wireless_security.as p http://www.onlinecomputertips.com/networking/wep_wpa.html

• Question 236:

  Which of the following software allows a network administrator to inspect the protocol header in order to troubleshoot network issues?

  A. URL filter

  B. Spam filter

  C. Packet sniffer

  D. Switch

  Correct Answer: C

  Every data packet transmitted across a network has a protocol header. To view a protocol header, you need to capture and view the contents of the packet with a packet sniffer.

  A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.

  Incorrect Answers:

  A: A URL filter is used to block URLs (websites) to prevent users accessing the website. It is not used to view protocol headers. Therefore, this answer is incorrect.

  B: A spam filter is used for email. All inbound (and sometimes outbound) email is passed through the spam filter to detect spam emails. The spam emails are then discarded or tagged as potential spam according to the spam filter configuration. A spam filter is not used to view protocol headers. Therefore, this answer is incorrect.

  D: A switch is a network device. Most computers on the network will be plugged into a switch. Switches maintain a MAC Table that maps individual MAC addresses on the network to the physical ports on the switch. This allows the switch to direct data out of the physical port where the recipient is located, as opposed to indiscriminately broadcasting the data out of all ports as a hub does. The advantage of this method is that data is bridged exclusively to the network segment containing the computer that the data is specifically destined for. A switch is not used to view protocol headers. Therefore, this answer is incorrect.

  References: http://www.techopedia.com/definition/4113/sniffer

• Question 237:

  Which of the following network devices is used to analyze traffic between various network interfaces?

  A. Proxies

  B. Firewalls

  C. Content inspection

  D. Sniffers

  Correct Answer: D

  A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.

  Incorrect Answers:

  A: Web proxies tend to be used for caching web page content and/or restricting access to websites to aid compliance with company Internet usage policies. They are not used to analyze traffic between various network interfaces. Therefore, this answer is incorrect.

  B: A firewall is designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All data packets entering or leaving the intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria; typically a combination of port and IP address. A firewall is not used to analyze traffic between various network interfaces. Therefore, this answer is incorrect.

  C: Content inspection is the process of examining typically web content as it is downloaded to a client computer. The content of a web page is examined but the data packets themselves are not captured and examined as is the case with a packet sniffer. Therefore this answer is incorrect.

  References: http://www.techopedia.com/definition/4113/sniffer

• Question 238:

  Which statement is TRUE about the operation of a packet sniffer?

  A. It can only have one interface on a management network.

  B. They are required for firewall operation and stateful inspection.

  C. The Ethernet card must be placed in promiscuous mode.

  D. It must be placed on a single virtual LAN interface.

  Correct Answer: C

  A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.

  Incorrect Answers:

  A: A packet sniffer can have more than one interface on a management network. Therefore, this answer is incorrect.

  B: A packet sniffer is not required for firewall operation and stateful inspection. Firewalls and packet sniffers are two different devices. Therefore, this answer is incorrect.

  D: A virtual LAN interface is not required for packet sniffing. Therefore, this answer is incorrect.

  References: http://www.techopedia.com/definition/4113/sniffer

• Question 239:

  Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO's office with various connected cables from the office. Which of the following describes the type of attack that was occurring?

  A. Spear phishing

  B. Packet sniffing

  C. Impersonation

  D. MAC flooding

  Correct Answer: B

  A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing packets sent from a computer system is known as packet sniffing. However, packet sniffing requires a physical connection to the network. The switch hidden in the ceiling is used to provide the physical connection to the network. Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).

  A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.

  Incorrect Answers:

  A: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear

  to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent

  source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority. The attack described in this question is not an example of spear phishing. Therefore, this answer is incorrect.

  C: Impersonation is where a person, computer, software application or service pretends to be someone it's not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat.

  However, the attack described in this question is not an example of impersonation.

  Therefore, this answer is incorrect.

  D: In computer networking, MAC flooding is a technique employed to compromise the security of network switches. Switches maintain a MAC Table that maps individual MAC addresses on the network to the physical ports on the switch. This

  allows the switch to direct data out of the physical port where the recipient is located, as opposed to indiscriminately broadcasting the data out of all ports as a hub does. The advantage of this method is that data is bridged exclusively to the

  network segment containing the computer that the data is specifically destined for. In a typical MAC flooding attack, a switch is fed many Ethernet frames, each containing different source MAC addresses, by the attacker. The intention is to

  consume the limited memory set aside in the switch to store the MAC address table. The attack described in this question is not an example of MAC flooding. Therefore, this answer is incorrect.

  References: http://en.wikipedia.org/wiki/Packet_analyzer http://en.wikipedia.org/wiki/MAC_flooding

• Question 240:

  Sara, a security administrator, is noticing a slow down in the wireless network response. Sara launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway?

  A. IV attack

  B. Interference

  C. Blue jacking

  D. Packet sniffing

  Correct Answer: A

  In this question, it's likely that someone it trying to crack the wireless network security. An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or "number occurring once," as an encryption program uses it only once per session. An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV attack. A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. For example if a one-letter word exists in a message, it may be either "a" or "I" but it can't be "e" because the word "e" is non-sensical in English, while "a" has a meaning and "I" has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence corresponding to each letter. Using an initialization vector changes the binary sequence corresponding to each letter, enabling the letter "a" to be represented by a particular sequence in the first instance, and then represented by a completely different binary sequence in the second instance.

  WEP (Wireless Equivalent Privacy) is vulnerable to an IV attack. Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.

  Incorrect Answers:

  B: There can be many sources of interference to network communications especially in wireless networks. However, interference would not cause large numbers of ARP packets to be sent to the wireless access point. Therefore, this answer is incorrect.

  C: Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth- enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames. Bluejacking would not cause large numbers of ARP packets to be sent to the wireless access point. Therefore, this answer is incorrect.

  D: Packet sniffing is the process of intercepting data as it is transmitted over a network. A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer. Packet sniffing would not cause large numbers of ARP packets to be sent to the wireless access point. Therefore, this answer is incorrect.

  References: http://www.techopedia.com/definition/26858/initialization-vector http://en.wikipedia.org/wiki/Bluejacking http://www.techopedia.com/definition/4113/sniffer