Lesson 3 Quiz Answers

1.) The correct answer is: b. MAC addresses can be spoofed.
Because MAC addresses are never encrypted, attackers can observe legitimate station or AP addresses and change their own MAC address to bypass any type of MAC access control list. This "spoofing" means that MAC ACLs can only discourage intrusions, not prevent them.

<< Back to quiz

2.) The correct answer is: b. Captive portals
MAC ACLs are impractical in visitor WLANs where station addresses are not known in advance. PSKs and 802.1X can only be used by stations that have WPA-compatible cards and software, and thus present challenges for networks that have little or no control over user devices. Portal authentication is popular in these environments because it can be used, without advance configuration, by any station with an ordinary browser.

<< Back to quiz

3.) The correct answer is: a. Easy to configure
WPA-Personal was defined as an alternative to WPA-Enterprise because 802.1X is relatively complex to deploy, requiring an authentication server, user credentials and per-station software/configuration.

<< Back to quiz

4.) The correct answer is: a. EAP-TLS: Transport Layer Security
EAP-TLS provides mutual authentication, using digital certificates to identify the server and the client. LEAP, PEAP, and EAP-TTLS are often used to avoid issuing client-side certificates, instead using another kind of client credential like username/password.

<< Back to quiz

5.) The correct answer is: e. All of the above
These are just a few of the many decision criteria that may come into play when deciding how to lock down your WLAN.

>> Move to Lesson 4: How to use wireless IDS/IPS

<< Return to Lesson 3 quiz

This was last published in February 2006

Dig Deeper on Wireless network security