CompTIA Security Plus Mock Test Q577

Which of the following wireless protocols could be vulnerable to a brute-force password attack? (Select TWO).

A. WPA2-PSK
B. WPA – EAP – TLS
C. WPA2-CCMP
D. WPA -CCMP
E. WPA – LEAP
F. WEP


Correct Answer: A,E
Section: Threats and Vulnerabilities

Explanation:
A brute force attack is an attack that attempts to guess a password. WPA2-PSK and WEP both use a “Pre-Shared Key”. The pre-shared key is a password and therefore is susceptible to a brute force attack.

Incorrect Answers:
B: EAP-TLS uses the handshake protocol in TLS, not its encryption method. Client and server authenticate each other using digital certificates. Client generates a pre-master secret key by encrypting a random number with the server’s public key and sends it to the server. Both client and server use the pre-master to generate the same secret key. WPA using EAP-TLS does not use a password or pre-shared key so it is not susceptible to a brute force attack.
C: Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. The advanced encryption of CCMP ensures that WPA2 with CCMP is not susceptible to a brute force attack.
D: Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. The advanced encryption of CCMP ensures that WPA2 with CCMP is not susceptible to a brute force attack.
E: LEAP (Lightweight Extensible Authentication Protocol) requires frequent re-authentication using different keys. The frequent changing of the key makes WPA with LEAP less susceptible to a brute force attack. Therefore, this answer is incorrect

References:
http://encyclopedia2.thefreedictionary.com/EAP-TLS