CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 251:

  Which of the following types of wireless attacks would be used specifically to impersonate another WAP in order to gain unauthorized information from mobile users?

  A. IV attack

  B. Evil twin

  C. War driving

  D. Rogue access point

  Correct Answer: B

  An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue

  hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique.

  For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency

  and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name.

  In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy

  for novice users to set up evil twin exploits.

  Incorrect Answers:

  A: An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or "number occurring once," as an encryption program uses it only once per

  session.

  An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV

  attack. An IV attack is not used to impersonate another WAP. Therefore this answer is incorrect.

  C: War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can

  be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office

  building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources. War driving is not used to impersonate another WAP. Therefore this

  answer is incorrect.

  D: A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-themiddle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless

  router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in

  conjunction with a rogue RADIUS server, depending on security configuration of the target network. A rogue access point can be used to impersonate another WAP but it doesn't have to whereas an Evil Twin WAP always impersonates

  another WAP. Therefore, this answer is incorrect.

  References: http://www.techopedia.com/definition/5057/evil-twin http://www.techopedia.com/definition/26858/initialization-vector http://en.wikipedia.org/wiki/Rogue_access_point

• Question 252:

  After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output: MAC SSID ENCRYPTION POWER BEACONS 00:10:A1:36:12:CC MYCORP WPA2 CCMP 60 1202 00:10:A1:49:FC:37 MYCORP WPA2 CCMP 70 9102 FB:90:11:42:FA:99 MYCORP WPA2 CCMP 40 3031 00:10:A1:AA:BB:CC MYCORP WPA2 CCMP 55 2021 00:10:A1:FA:B1:07 MYCORP WPA2 CCMP 30 6044

  Given that the corporate wireless network has been standardized, which of the following attacks is underway?

  A. Evil twin

  B. IV attack

  C. Rogue AP

  D. DDoS

  Correct Answer: A

  The question states that the corporate wireless network has been standardized. By `standardized' it means the wireless network access points are running on hardware from the same vendor. We can see this from the MAC addresses used.

  The first half of a MAC address is vendor specific. The second half is network adapter specific. We have four devices with MAC addresses that start with 00:10:A1.

  The "odd one out" is the device with a MAC address starting FB:90:11. This device is from a different vendor. The SSID of the wireless network on this access point is the same as the other legitimate access points. Therefore, the access

  point with a MAC address starting FB:90:11 is impersonating the corporate access points. This is known as an Evil Twin.

  An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue

  hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique.

  For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency

  and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name.

  In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy

  for novice users to set up evil twin exploits.

  Incorrect Answers:

  B: An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or "number occurring once," as an encryption program uses it only once per

  session.

  An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV

  attack. This is not what is described in this question. Therefore, this answer is incorrect.

  C: A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-themiddle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless

  router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in

  conjunction with a rogue RADIUS server, depending on security configuration of the target network. The Evil Twin in this question is a type of rogue access point. However, as the access point is impersonating the corporate network, it is

  classed as an Evil Twin.

  Therefore, this answer is incorrect.

  D: A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for

  example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are

  that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and

  shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply

  add more attack machines. This after all will end up completely crashing a website for periods of time. This is not what is described in this question.

  Therefore, this answer is incorrect.

  References: http://www.techopedia.com/definition/5057/evil-twin http://www.techopedia.com/definition/26858/initialization-vector http://en.wikipedia.org/wiki/Denial-of-service_attack

• Question 253:

  After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points:

  Corpnet Coffeeshop FreePublicWifi

  Using this information the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created?

  A. Infrastructure as a Service

  B. Load balancer

  C. Evil twin

  D. Virtualized network

  Correct Answer: C

  In this question, the attacker has created another wireless network that is impersonating one of more of the three wireless networks listed in the question. This is known as an Evil Twin. An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique. For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name. In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy for novice users to set up evil twin exploits.

  Incorrect Answers:

  A: Infrastructure as a Service is a term used to describe cloud based services hosted by cloud service providers. For example, a cloud provider might provide a web service. The cloud provider hosts the service on virtualized computers behind the scenes. As a customer, you just pay for web service without requiring knowledge of the hardware that the service is hosted on. This is not what is described in this question. Therefore, this answer is incorrect.

  B: A load balancer distributes traffic between servers. For example, you could have two or more web servers hosting your corporate website. The DNS record for the website will point to the virtual IP of the load balancer. The load balancer will then share web requests between the web servers. This is not what is described in this question. Therefore, this answer is incorrect.

  D: A virtualized network is a network created on physical servers running Hypervisor software such as Microsoft HyperV or VMware VSphere. Virtualized networks are also used by cloud service providers. A cloud service is a service running on virtual servers. This is not what is described in this question. Therefore, this answer is incorrect.

  References: http://www.techopedia.com/definition/5057/evil-twin

• Question 254:

  The system administrator has been notified that many users are having difficulty connecting to the company's wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?

  A. The certificate used to authenticate users has been compromised and revoked.

  B. Multiple war drivers in the parking lot have exhausted all available IPs from the pool to deny access.

  C. An attacker has gained access to the access point and has changed the encryption keys.

  D. An unauthorized access point has been configured to operate on the same channel.

  Correct Answer: D

  Wireless Access Points can be configured to use a channel. If you have multiple access points within range of each other, you should configure the access points to use different channels. Different channels use different frequencies. If you have two access points using the same channel, their wifi signals will interfere with each other. The question states that that many users are having difficulty connecting to the company's wireless network. This is probably due to the signal being weakened by interference from another access point using the same channel. When the administrator takes a new laptop and physically goes to the access point and connects with no problems, he is able to connect because he is near the access point and therefore has a strong signal.

  Incorrect Answers:

  A: If the certificate used to authenticate users has been compromised and revoked, no one would be able to authenticate. Users would still be able to initially connect to the access point to start the authentication process. Therefore, this answer is incorrect.

  B: The question asks for the most likely answer. Multiple war drivers in the parking lot using all the IPs is pretty unlikely. Interference from another access point is far more likely. Therefore, this answer is incorrect.

  C: If the encryption keys had been changed on the access point, no one would be able to connect to it. Therefore, this answer is incorrect.

• Question 255:

  Which of the following attacks would cause all mobile devices to lose their association with corporate access points while the attack is underway?

  A. Wireless jamming

  B. Evil twin

  C. Rogue AP

  D. Packet sniffing

  Correct Answer: A

  When most people think of frequency jamming, what comes to mind are radio, radar and cell phone jamming. However, any communication that uses radio frequencies can be jammed by a strong radio signal in the same frequency. In this

  manner, Wi-Fi may be attacked with a network jamming attack, reducing signal quality until it becomes unusable or disconnects occur. With very similar methods, a focused and aimed signal can actually break access point hardware, as with

  equipment destruction attacks.

  Incorrect Answers:

  B: An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this

  rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique.

  For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency

  and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name.

  In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy

  for novice users to set up evil twin exploits. An evil twin access point would not cause all mobile devices to lose their association with corporate access points. Therefore, this answer is incorrect.

  C: A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-themiddle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless

  router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in

  conjunction with a rogue RADIUS server, depending on security configuration of the target network. A rogue access point would not cause all mobile devices to lose their association with corporate access points. Therefore, this answer is

  incorrect.

  D: Packet sniffing is the process of intercepting data as it is transmitted over a network. A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or

  switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case

  of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular

  segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known

  as a packet analyzer. Packet sniffing would not cause all mobile devices to lose their association with corporate access points. Therefore, this answer is incorrect.

  References:

  http://whatis.techtarget.com/definition/frequency-jammer http://www.techopedia.com/definition/5057/evil-twin http://en.wikipedia.org/wiki/Rogue_access_point

  http://www.techopedia.com/definition/4113/sniffer

• Question 256:

  Which of the following is where an unauthorized device is found allowing access to a network?

  A. Bluesnarfing

  B. Rogue access point

  C. Honeypot

  D. IV attack

  Correct Answer: B

  A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-themiddle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server- client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.

  Incorrect Answers:

  A: Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital

  assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages -- without

  leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices,

  but others are vulnerable as long as Bluetooth is enabled. This is not what is described in this question. Therefore, this answer is incorrect.

  C: A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies. A Honeypot luring a hacker into a system has several main purposes:

  The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned. The hacker can be caught and stopped while trying to obtain root access to the

  system. By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.

  This is not what is described in this question. Therefore, this answer is incorrect.

  D: An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or "number occurring once," as an encryption program uses it only once per

  session.

  An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV

  attack.

  A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. For example if a one-letter word exists in a message, it may be either "a" or "I" but it can't

  be "e" because the word "e" is non-sensical in English, while "a" has a meaning and "I" has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence corresponding to

  each letter.

  Using an initialization vector changes the binary sequence corresponding to each letter, enabling the letter "a" to be represented by a particular sequence in the first instance, and then represented by a completely different binary sequence in

  the second instance. This is not what is described in this question. Therefore, this answer is incorrect.

  References: http://en.wikipedia.org/wiki/Rogue_access_point http://searchmobilecomputing.techtarget.com/definition/bluesnarfing http://www.techopedia.com/definition/26858/initialization-vector

• Question 257:

  Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring?

  A. A user has plugged in a personal access point at their desk to connect to the network wirelessly.

  B. The company is currently experiencing an attack on their internal DNS servers.

  C. The company's WEP encryption has been compromised and WPA2 needs to be implemented instead.

  D. An attacker has installed an access point nearby in an attempt to capture company information.

  Correct Answer: D

  The question implies that users should be required to enter their domain credentials upon connection to the wireless network. The fact that they are connecting to a wireless network without being prompted for their domain credentials and they are unable to access network resources suggests they are connecting to a rogue wireless network. A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server- client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.

  Incorrect Answers:

  A: A personal access point would not have the same SSID as the corporate wireless network. Therefore, other network computers would not attempt to connect to the personal access point. Therefore, this answer is incorrect.

  B: This is not a DNS issue. The users are able to connect to the rogue access point without entering their domain credentials. If the DNS system was compromised, the users would not be able to connect to the wireless network. Therefore, this answer is incorrect.

  C: WEP encryption is considered to be very weak in terms of security and WPA2 is recommended. However, compromised WEP encryption would not cause the symptoms described in this question. Therefore, this answer is incorrect.

  References: http://en.wikipedia.org/wiki/Rogue_access_point

• Question 258:

  Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company's access point and finds no issues. Which of the following should the technician do?

  A. Change the access point from WPA2 to WEP to determine if the encryption is too strong

  B. Clear all access logs from the AP to provide an up-to-date access list of connected users

  C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter

  D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap

  Correct Answer: C

  The users may be connecting to a rogue access point. The rogue access point could be hosting a wireless network that has the same SSID as the corporate wireless network. The only way to tell for sure if the access point the users are connecting to is the correct one is to check the MAC address. Every network card has a unique 48-bit address assigned. A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model. MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. A network node may have multiple NICs and each NIC must have a unique MAC address. MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64.

  Incorrect Answers:

  A: Strong encryption would not cause slow connections to the internet. WPA2 is the standard wireless network encryption method today and all new computers are capable of using it. Therefore, this answer is incorrect.

  B: Clearing all access logs on the access point would not resolve the connectivity issues. Therefore, this answer is incorrect.

  D: Blocking all inbound and outbound traffic on the access point will render the access point useless as it will not be able to send or receive data. Therefore, this answer is incorrect.

  References: http://en.wikipedia.org/wiki/MAC_address

• Question 259:

  Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?

  A. Interference

  B. Man-in-the-middle

  C. ARP poisoning

  D. Rogue access point

  Correct Answer: D

  MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists.

  In this question, a rogue access point would need to be able to connect to the network to provide access to network resources. If the MAC address of the rogue access point isn't allowed to connect to the network port, then the rogue access point will not be able to connect to the network.

  Incorrect Answers:

  A: There can be many sources of interference to network communications especially in wireless networks. However, limiting the MAC addresses that can connect to a network port will not prevent interference. Therefore, this answer is

  incorrect.

  B: In cryptography and computer security, a man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

  One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in

  fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an

  attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle. Limiting the MAC addresses that can connect to a network port is not used to prevent man-in-the-middle attacks.

  Therefore, this answer is incorrect.

  C: Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged

  ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker's known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's

  computer first instead of sending it to the original destination. As a result, both the user's data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user.

  ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR). Limiting the MAC addresses that can connect to a network port is not used to prevent ARP poisoning. Therefore, this answer is incorrect.

  References: http://en.wikipedia.org/wiki/MAC_filtering http://www.techopedia.com/definition/27471/address-resolution-protocol-poisoning-arp- poisoning

• Question 260:

  A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following.

  SSID State Channel Level Computer AreUs1 connected 1 70dbm Computer AreUs2 connected 5 80dbm Computer AreUs3 connected 3 75dbm Computer AreUs4 connected 6 95dbm

  Which of the following is this an example of?

  A. Rogue access point

  B. Near field communication

  C. Jamming

  D. Packet sniffing

  Correct Answer: A

  The question states that the building has three wireless networks. However, the scan is showing four wireless networks with the SSIDs: Computer AreUs1 , Computer AreUs2 , Computer AreUs3 and Computer AreUs4. Therefore, one of these wireless networks probably shouldn't be there. This is an example of a rogue access point. A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-themiddle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server- client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.

  Incorrect Answers:

  B: Near field communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 10 cm or less. NFC operates at 13.56 MHz on ISO/IEC 18000-3 air interface and at rates ranging from 106 kbit/s to 424 kbit/s.

  NFC always involves an initiator and a target; the initiator actively generates an RF field that can power a passive target. This enables NFC targets to take very simple form factors such as tags, stickers, key fobs, or cards that do not require

  batteries. NFC peer-to-peer communication is possible, provided both devices are powered. NFC tags contain data and are typically read-only, but may be rewriteable. They can be custom- encoded by their manufacturers or use the

  specifications provided by the NFC Forum, an industry association charged with promoting the technology and setting key standards. The tags can securely store personal data such as debit and credit card information, loyalty program data,

  PINs and networking contacts, among other information. The NFC Forum defines four types of tags that provide different communication speeds and capabilities in terms of configurability, memory, security, data retention and write

  endurance. Tags currently offer between 96 and 4,096 bytes of memory.

  The SSID's in the question indicate wireless networks. Therefore this answer is incorrect.

  C: Jamming is used to block transmissions typically over wireless or radio frequencies. This is not what is described in this question. Therefore, this answer is incorrect.

  D: Packet sniffing is the process of intercepting data as it is transmitted over a network. A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or

  switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case

  of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular

  segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known

  as a packet analyzer.

  This is not what is described in this question. Therefore, this answer is incorrect.

  References: http://en.wikipedia.org/wiki/Rogue_access_point http://en.wikipedia.org/wiki/Near_field_communication http://www.techopedia.com/definition/4113/sniffer