CompTIA Security Plus Mock Test Q1470

A network administrator argues that WPA2 encryption is not needed, as MAC filtering is enabled on the access point. Which of the following would show the administrator that wpa2 is also needed?

A.
Deploy an evil twin with mac filtering
B. Flood access point with random mac addresses
C. Sniff and clone a mac address
D. DNS poison the access point

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1445

A security administrator is reviewing logs and notices multiple attempts to access the HVAC controls by a workstation with an IP address from the open wireless network. Which of the following would be the best way to prevent this type of attack from occurring again?

A. Implement VLANs to separate the HVAC
B. Enable WPA2 security for the wireless network
C. Install a HIDS to protect the HVAC system
D. Enable Mac filtering for the wireless network


Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1333

Ann a security administrator wants a limit access to the wireless network. Which of the following can be used to do this without using certificates?

A. Employ EPA-TLS
B. Employ PEAP on all laptops
C. Enable MAC filtering
D. Disable SSID broadcasting

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1026

Which of the following provides the strongest authentication security on a wireless network?

A. MAC filter
B. WPA2
C. WEP
D. Disable SSID broadcast

Correct Answer: B
Section: Cryptography

Explanation:
The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) authentication protocols were designed to address the core, easy-to-crack problems of WEP.

Incorrect Answers:
A: MAC filtering would increase the security, but an authentication protocol such as WPA2 would still be required.
Note: When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with users’ computers and enters those addresses. When a client attempts to
connect and other values have been correctly entered, an additional check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is
forbidden from doing so.
C: WEP is weak compared to WPA2. WEP has many vulnerabilities.
D: Disabling SSID broadcasting is not the best solution.
One method of protecting the network that is often recommended is to disable, or turn off, the SSID broadcast (also known as cloaking). The access point is still there, and it is still
accessible by those who have been told of its existence by the administrator, but it prevents those who are just scanning from finding it. This is considered a very weak form of security,
because there are still other ways, albeit a bit more complicated, to discover the presence of the access point besides the SSID broadcast.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 171, 178, 183, 258

CompTIA Security Plus Mock Test Q1025

Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?

A. Disable default SSID broadcasting.
B. Use WPA instead of WEP encryption.
C. Lower the access point’s power settings.
D. Implement MAC filtering on the access point.

Correct Answer: D
Section: Cryptography

Explanation:
If MAC filtering is turned off, any wireless client that knows the values looked for (MAC addresses) can join the network. When MAC filtering is used, the administrator compiles a list of
the MAC addresses associated with users’ computers and enters those addresses. When a client attempts to connect and other values have been correctly entered, an additional
check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is forbidden from doing so.

Incorrect Answers:
A: Disabling SSID broadcasting is not the best solution.
One method of protecting the network that is often recommended is to disable, or turn off, the SSID broadcast (also known as cloaking). The access point is still there, and it is still
accessible by those who have been told of its existence by the administrator, but it prevents those who are just scanning from finding it. This is considered a very weak form of security,
because there are still other ways, albeit a bit more complicated, to discover the presence of the access point besides the SSID broadcast.
B: WPA offers better protection than WEP, but is not the best solution here.
C: On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided. However, this
would help here. Employees would still be in the range of the access point.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 171, 178, 183, 258

CompTIA Security Plus Mock Test Q623

Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?

A. Disable SSID broadcast
B. Install a RADIUS server
C. Enable MAC filtering
D. Lowering power levels on the AP


Correct Answer: C
Section: Threats and Vulnerabilities

Explanation:
MAC filtering is commonly used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network.
MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network.

Incorrect Answers:
A: Disabling SSID broadcasting for the wireless network would make the network invisible to users’ computers. The user would need to know the name (SSID) of the network and enter it manually in order to connect to the network. However, it does not prevent access to the network by anyone that knows the SSID of the wireless network.
B: A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access. It is used by wireless networks that require WPA-Enterprise security. It can restrict which users can log on to the wireless network. However, it does not restrict which devices can connect to the wireless network.
D: Lowering the power levels on the access point would reduce the range of the wireless network. However, it does not restrict which devices (within range) can connect to the wireless network.

References:
http://en.wikipedia.org/wiki/MAC_filtering

CompTIA Security Plus Mock Test Q622

A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server?

A. The new virtual server’s MAC address was not added to the ACL on the switch
B. The new virtual server’s MAC address triggered a port security violation on the switch
C. The new virtual server’s MAC address triggered an implicit deny in the switch
D. The new virtual server’s MAC address was not added to the firewall rules on the switch

Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
Configuring the switch to allow only traffic from computers based upon their physical address is known as MAC filtering. The physical address is known as the MAC address. Every network adapter has a unique MAC address hardcoded into the adapter.
You can configure the ports of a switch to allow connections from computers with specific MAC addresses only and block all other MAC addresses.
In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network.
MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network.

Incorrect Answers:
B: The new virtual server’s MAC address triggering a port security violation on the switch may happen if the MAC address was not added to the ACL on the switch. However, the port security violation is not the actual cause of the users being unable to connect to the server. The MAC address not being added to the ACL on the switch is what would prevent the users connecting to the server. Therefore this answer is incorrect.
C: The new virtual server’s MAC address triggering an implicit deny in the switch would happen if the MAC address met a condition that caused the deny. This is unlikely. The MAC address not being added to the ACL on the switch to allow access if more likely. Therefore this answer is incorrect.
D: Dedicated network switches don’t tend to have firewalls. A typical home wireless router may function as a switch and a firewall. However, even in this case, the firewall typically wouldn’t prevent communications between devices connected to the switch. This answer is very unlikely and is therefore incorrect.

References:
http://en.wikipedia.org/wiki/MAC_filtering

CompTIA Security Plus Mock Test Q519

Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?

A. WEP
B. MAC filtering
C. Disabled SSID broadcast
D. TKIP

Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network.
MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network.
While giving a wireless network some additional protection, MAC filtering can be circumvented by scanning a valid MAC (via airodumping) and then spoofing one’s own MAC into a validated one.

Incorrect Answers:
A: WEP short for Wired Equivalent Privacy is a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP is an encryption method to secure the connection. WEP uses a 40-bit or 104-bit encryption key that must be manually entered on wireless access points and devices. Although WEP is considered to be a weak security protocol, it is not defeated by spoofing.
C: Disabling SSID broadcast is a security measure that makes the wireless network invisible to computers; it will not show up in the list of available wireless networks. To connect to the wireless network, you need to know the SSID of the network and manually enter it. Spoo fing is not used to circumvent this security measure.
D: TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP), the original WLAN security protocol. TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products. TKIP is not defeated by spoofing.

References:
http://en.wikipedia.org/wiki/MAC_filtering
http://searchmobilecomputing.techtarget.com/definition/TKIP

CompTIA Security Plus Mock Test Q188

An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?

A. Use a stateful firewall
B. Enable MAC filtering
C. Upgrade to WPA2 encryption
D. Force the WAP to use channel 1

Correct Answer: B
Section: Network Security

Explanation:
MAC addresses are also known as an Ethernet hardware address (EHA), hardware address or physical address. Enabling MAC filtering would allow for a WAP to restrict or allow access based on the hardware address of the device.

Incorrect Answers:
A: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding response or reply from the external entity. It will not, however, restrict
access based on the hardware address of the device.
C: WPA2 encryption would prevent access if the correct password or passphrase is not entered. It will not, however, restrict access based on the hardware address of the device.
D: Forcing the WAP to use channel 1 will help if there are multiple WAPs using the same channel. It will not, however, restrict access based on the hardware address of the device.

References:
https://en.wikipedia.org/wiki/MAC_address
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 6, 61
https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
https://en.wikipedia.org/wiki/List_of_WLAN_channels

CompTIA Security Plus Mock Test Q167

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).

A. Disable the wired ports
B. Use channels 1, 4 and 7 only
C. Enable MAC filtering
D. Disable SSID broadcast
E. Switch from 802.11a to 802.11b

Correct Answer: C,D
Section: Network Security

Explanation
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

Incorrect Answers:
A: Disabling the wired ports will not prevent outsiders from connecting to the AP and gaining unauthorized access.
B: Selecting the correct channels will prevent interference, not unauthorized access.
E: Doing this will decrease the bandwidth and increase the risk of interference.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 61
https://technet.microsoft.com/en-us/library/cc783011(v=ws.10).aspx