Passive 802 Exploitation

True

True

True or False: Passive 802.11 Exploitation is the ability to exploit information of already-collected signals WITHOUT transmitting any frames into a wireless network.

• True

• False

False

True or False: A target is always aware when passive exploitation is being conducted.

• True

• False

Keylogging

When an intruder is not actively doing anything, just monitoring information to exploit at a later time, this is referred to as passive exploitation. Which of the following is an example of passive exploitation?

• Targeting

• Keylogging

• Backlogging

• Re-logging

AP

The settings on a(n) _______ can help the client determine what kind of three specific kinds of encryption to use or not to use.

• Device

• Router

• AP

• None of These

WEP, WPA, WPA2

The three kinds of 802.11 Encryption are:

• WEP, WPA1, WPA3

• WEP, WPA, WPA2

• WPA1, WPA2, WPA3

• WEP, WEP2, WPA

1997

Wire Equivalency Privacy (WEP), also known as the original IEEE 802.11 standard of encryption, was originally ratified in what year?

• 1992

• 1994

• 1995

• 1997

WPA

Wired Equivalent Privacy (WEP), was decommissioned in 2004, and succeeded by what??

• WEP 2.0

• WEBV2

• WPA2

• WPA

Temporal Key Integrity Protocol (TKIP)

Alongside using the same RC4 stream cipher and CRC-32 checksum, what protocol did WPA use as a solution to WEP shortcomings?

• Temporal Key Integrity Protocol (TKIP)

• Temporal Load Key Protocol (TLKP)

• Temporary Keyed Initial Protocol (TKIP)

• None of the above. WEP didn’t have any shortcomings.

WPA2

WPA was later succeeded by what?

• WPA 1.1

• WPA 3

• WPA2

• WEP2

True

True or False: WPA2 defines two types of security: Passphrase Authentication and 802.1X/EAP security.

• True

• False

Small office/Home office networks (SOHO)

Passphrase Authentication is for what kinds of networks?

• Enterprise Networks

• Small office/Home office networks (SOHO)

• Recreational office/Home office networks (ROHO)

• Commercial Networks

Enterprise Networks

802.1X/EAP security is for what kinds of networks?

• Commercial Networks

• Enterprise Networks

• Small office/Home office networks (SOHO)

• None of the above.

Advanced Encryption Standard (AES)

What standard, not protocol, replaced the RC4 Cipher used in WEP and temporal key integrity protocol (TKIP)?

• Advanced Encryption Standard (AES)

• Advanced Clear Text Standard (ACTS)

• Advanced Key Standard (AKS)

• Advanced Cipher Standard (ACS)

Aircrack

What tool is used for wi-fi hacking and security?

• Aircrack

• CCMP

• Counter-mode

• AES

All of the above

Aircrack is an all-in-one tool that can be used as what?

• Packet Sniffer

• WEP/WPA/WPA2 cracker

• Analyzing and Hash Capturing Tool

• All of the above

Brute Force Attack

What kind of attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys?

• Brute Force Attack

• Dictionary Attack

• Man-In-The-Middle-Attack

• None of the above

True

True or False: A Brute Force Attack could take less than a minute to crack.

• True

• False

Simple Brute Force Attack

What type of Brute Force Attack is where the attacker makes logical guesses to crack your authentication system that aren’t assisted by software tools?

• Reverse Brute Force Attack

• Hybrid Brute Force Attack

• Simple Brute Force Attack

• Strong Brute Force Attack

Simple Brute Force Attack

Which Brute Force Attack would be where an attacker may use your birth year as a pin?

• Reverse Brute Force Attack

• Simple Brute Force Attack

• Hybrid Brute Force Attack

• Strong Brute Force Attack

Hybrid Brute Force Attack

What type of Brute Force Attack is where they use a simple approach to try and test several possible combinations by guessing possible passwords that are beyond the scope of their logic?

• Reverse Brute Force Attack

• Simple Brute Force Attack

• Hybrid Brute Force Attack

• Strong Brute Force Attack

Reverse Brute Force Attack

Which type of attack is used where an attacker isn’t targeting a specific user, but instead is using a leaked password and testing it against multiple user IDs?

• Reverse Brute Force Attack

• Simple Brute Force Attack

• Hybrid Brute Force Attack

• Strong Brute Force Attack

True

True or False: Dictionary Attack requires an attacker to use ordinary words (as they are in the dictionary) paired with a typical sequence of numbers or special characters in order to crack the password.

• True

• False

Man-In-The-Middle

What type of attack allows attackers to eavesdrop on the communication between two targets?

• Soldier-In-The-Middle

• Man-In-The-Middle

• Hacker-In-The-Middle

• Attacker-In-The-Middle

True

True or False: PSK is a shared key in between two clients in order to use a “secure” channel.

• True

• False

Using a wireless sniffer or protocol analyzer

What is the first main step in a successful WPA passive attack?

• Using a wireless sniffer or protocol analyzer

• Waiting for a wireless client to authenticate through a four-way handshake

• Use a Brute Force Attack

• None of the above

Chop-Chop

What was the main attack against the CRC32 checksum?

• Hand-Hand

• Run-Run

• Chop-Chop

• Brute Force

128

When an attacker truncates the last byte of the encrypted packet and guesses the value, what is the average amount of guesses it takes to guess the right value?

• 224

• 100

• 128

• 32

True

True or False: WPA2-PSK (Pre-Shared Key) is the most secure form of encryption used on personal wireless networks.

• True

• False

True

True or False: The main vulnerability on WPA2 was called KRACK – Key Reinstallation Attack.

• True

• False

True

True or False: During a KRACK, the attack is against a 4-way handshake, and does not exploit access points themselves, but instead targets users.

• True

• False