A BYOD policy in which employees are able to access the wireless guest network is in effect in an organization. Some users however are using the Ethernet port in personal laptops to the wired network. Which of the following could an administrator use to ensure that unauthorized devices are not allowed to access the wired network?
A. VLAN access rules configured to reject packets originating from unauthorized devices B. Router access lists configured to block the IP addresses of unauthorized devices C. Firewall rules configured to block the MAC addresses of unauthorized devices D. Port security configured shut down the port when unauthorized devices connect
A company uses port security based on an approved MAC list to secure its wired network and WPA2 to secure its wireless network. Which of the following prevents an attacker from learning authorized MAC addresses?
A. Port security prevents access to any traffic that might provide an attacker with authorized MAC addresses B. Port security uses certificates to authenticate devices and is not part of a wireless protocol C. Port security relies in a MAC address length that is too short to be cryptographically secure over wireless networks D. Port security encrypts data on the network preventing an attacker form reading authorized MAC addresses
A security administrator has been tasked with setting up a new internal wireless network that must use end to end TLS. Which of the following may be used to meet this objective?
A. WPA B. HTTPS C. WEP D. WPA 2
Correct Answer: D Section: Cryptography
Wi-Fi Protected Access 2 (WPA2) was intended to provide security that’s equivalent to that on a wired network, and it implements elements of the 802.11i standard. In April 2010, the
Wi-Fi Alliance announced the inclusion of additional Extensible Authentication Protocol (EAP) types to its certification programs for WPA- and WPA2- Enterprise certification programs.
EAP-TLS is included in this certification program.
Note: Although WPA mandates the use of TKIP, WPA2 requires Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). CCMP uses 128-bit AES
encryption with a 48-bit initialization vector. With the larger initialization vector, it increases the difficulty in cracking and minimizes the risk of a replay attack.
A: The difference between WPA and WPA2 is that the former implements most, but not all, of 802.11i in order to be able to communicate with older wireless devices that might still
need an update through their firmware in order to be compliant.
B: HTTPS is not a protocol for wireless communication. HTTPS is a communications protocol for secure communication over a computer network, with especially wide deployment on
C: In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA). WEP does include support for TLS.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 75, 171, 172-173, 274