CompTIA Security Plus Mock Test Q717

An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?

A. The malicious user has access to the WPA2-TKIP key.
B. The wireless access point is broadcasting the SSID.
C. The malicious user is able to capture the wired communication.
D. The meeting attendees are using unencrypted hard drives.


Correct Answer: C
Section: Threats and Vulnerabilities

Explanation:
In this question, the wireless users are using WPA2-TKIP. While TKIP is a weak encryption protocol, it is still an encryption protocol. Therefore, the wireless communications between
the laptops and the wireless access point are encrypted.
The question states that user was able to intercept ‘clear text’ HTTP communication between the meeting attendees and the Internet. The HTTP communications are unencrypted as
they travel over the wired network. Therefore, the malicious user must have been able to capture the wired communication.
TKIP and AES are two different types of encryption that can be used by a Wi-Fi network. TKIP stands for “Temporal Key Integrity Protocol.” It was a stopgap encryption protocol
introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now
deprecated.

Incorrect Answers:
A: TKIP provides a rekeying mechanism which ensures that every data packet is sent with a unique encryption key. Therefore, having a WPA2-TKIP key would not enable the user to
decrypt the data. Furthermore, if the wireless communications were captured, they would still be encrypted. This question states that the user was able to intercept ‘clear text’ (nonencrypted)
HTTP communication.
B: The wireless access point broadcasting the SSID would not enable interception of clear text HTTP communication between the meeting attendees and the Internet.
D: The meeting attendees using unencrypted hard drives would not enable interception of clear text HTTP communication between the meeting attendees and the Internet. The
communication was intercepted between the laptops and the Internet. It was not read from the hard drives.

References:

Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both?