Tutorial test: Implementing WLAN security countermeasures

Hone your knowledge of WLAN protection strategies with this multiple-choice test.

Test your knowledge of wireless LAN countermeasures with this series of multiple-choice questions. To learn more about implementing wireless LAN countermeasures, listen to the accompanying SearchSecurity.com on-demand tutorial webcast. For a refresher course on identifying WLAN threats, take our other tutorial test.

To take the test, jot down your answers on a piece of scrap paper, then check your answers here. No peeking!

1. Which of the following should be considered when developing a wireless security policy?
a) Business needs that prompted WLAN deployment
b) Threats inherent to WLAN usage
c) Value of business assets put at risk by WLAN access
d) All of the above

2. Which of the following is NOT a possible business consequence of wireless attack?
a) Increased cost and resource competition due to unauthorized WLAN use.
b) Downtime due to DoS attack launched from WLAN.
c) Loss of irreplaceable data on stolen PDA.
d) Legal liability due to wireless eavesdropping on confidential data.

3. Companies should create acceptable use policies (AUP) for hotspots if they…
a) Are a hotspot operator / public Internet access provider.
b) Want to ban traveler use of public hotspots.
c) Plan to provide employees with hotspot accounts.
d) All of the above.

4. Steps that effectively help to reduce the risk of war driving do NOT include…
a) Positioning APs so that most signal falls within your workspace.
b) Pulling down window shades and closing office doors.
c) Adjusting AP power output.
d) Adding after-market directional antennas to focus signal.

5. Using MAC address control lists to explicitly deny access to a list of unauthorized devices is a highly effective and scalable countermeasure.
a) True
b) False

6. Putting a firewall between your WLAN and your wired network CANNOT
a) Narrow permitted access.
b) Throttle network usage.
c) Prevent peer-to-peer attack on the WLAN.
d) Log traffic to and from the WLAN.

7. Entry-level APs can be harder to defend because they often lack more advanced security features found in enterprise-grade APs.
a) True
b) False

8. Which of the following measures does NOT harden a wireless device against wireless peer attack?
a) Turning on WEP.
b) Running antivirus software.
c) Disabling unused interfaces.
d) Enabling personal firewall features.

9. Service Set Identifiers (SSIDs) are shared secrets that should not be disclosed to anyone except for authorized WLAN users.
a) True
b) False

10. Which of the following is considered a best practices recommendation for configuring Shared Key Authentication in private networks?
a) Use values that identify the AP location so that stations can find it.
b) Use alphanumeric values that are easy to remember.
c) The more traffic on the WLAN, the more often you should update key values.
d) Avoid hexadecimal values – they are too hard to enter correctly.

11. Extensible Authentication Protocol methods that should be used with 802.1X port access control on your wireless LAN include…
a) EAP-MD5
d) Any EAP method that supports your security policy.
e) All of the above.

12. Protected EAP is harder to deploy than LEAP because it requires a client-side certificate.
a) True
b) False

13. Which of the following provides privacy for data transmitted to and from individual stations, preventing peers from eavesdropping on each other?
a) WEP with static shared keys.
b) TKIP with per-session base keys.
c) IPsec VPN tunnels.
d) B and C, but not A.

14. Where do TKIP encryption keys come from?
a) They're derived from a base key delivered via 802.1X.
b) They're derived from a base key configured as a passphrase.
c) They're derived by mixing in the source station's MAC address.
d) All of the above.

15. WEP and IPSec both encrypt data, so there is never any point in using both.
a) True
b) False

16. SSL "captive portals" protect the confidentiality of user logins and passwords, but do not encrypt user data after authentication.
a) True
b) False

17. The IETF IP Security (IPSec) standard does NOT provide…
a) Packet Source Authentication
b) Interactive User Authentication
c) Data Confidentiality
d) Data Integrity

This was last published in June 2003

Dig Deeper on Wireless network security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.