ITN - 261 CHAPTER 11 QUESTIONS &
ANSWERS 100% CORRECT
What are the two types of wireless networks?
1. Star and ring
2. Bus and hybrid
3. Infrastructure and hybrid
4. Infrastructure and ad hoc - ANSWER4. Infrastructure and ad hoc
An infrastructure wireless network is one that uses an access point. An ad hoc wireless
network is one organized by the participants. These are the two types of wireless
networks. Star, ring, bus, and hybrid are all wired topologies.
How many stages are used in the WPA handshake?
1. Two
2. Four
3. Three
4. One - ANSWER2. Four
There are four stages used in a WPA handshake. This four-stage process is used to
derive the key and agree on capabilities.
While there are Bluetooth devices that will transmit much further, a common range is
about 300 feet (100 meters) for Bluetooth 4.0.
What tool could you use to enable sniffing on your wireless network to acquire all
headers?
1. Ettercap
2. Tcpdump
3. Aircrack-ng
4. Airmon-ng - ANSWER4. Airmon-ng (Air Monitoring - Next Generation)
Tcpdump can be used to capture frames/packets. Ettercap is used for captures and
spoofing attacks. Neither can capture all headers, including radio headers in a wireless
network. The package aircrack-ng includes the program airmon-ng, which can turn on
monitor mode on a network interface. The program aircrack-ng itself cannot do that.
, What mode has to be enabled on a network interface to allow all headers in wireless
traffic to be captured?
1. Promiscuous
2. Monitor
3. Radio
4. Wireless LAN - ANSWER2. Monitor
Promiscuous mode is used on network interfaces to collect frames that are not destined
for the network interface. This is insufficient on a wireless network because the radio
headers are not captured. To capture radio headers, monitor mode needs to be enabled
in addition to the promiscuous mode that will always be set to get all frames and all
information from the frame. Only monitor mode gives the radio headers.
What wireless attack would you use to take a known piece of information in order to be
able to decrypt wireless traffic?
1. Sniffing
2. Deauthentication
3. Key reinstallation
4. Evil twin - ANSWER3. Key reinstallation
Sniffing can be used to collect information that may be needed to launch wireless
attacks. A deauthentication attack can be used to force a station to generate traffic. An
evil twin attack uses a rogue access point to pretend to be a legitimate network. In order
to decrypt network traffic, you would need the key. One way to get the key is to reuse
information from network traffic that generated a known key. This is a key reinstallation
attack.
What is the purpose of performing a Bluetooth scan?
1. Identifying open ports
2. Identifying available profiles
3. Identifying endpoints
4. Identifying vendors - ANSWER3. Identifying endpoints
Bluetooth doesn't use ports. While profiles are important, you get the profile capabilities
during the pairing process. Just performing a scan won't get you a list of supported
profiles. While you should be able to identify vendors as part of the process of running a
Bluetooth scan, it's not the purpose of the scan. The purpose is to identify endpoints
and their associated addresses so you can run other attacks on them.
What is the purpose of a deauthentication attack?
1. Disabling stations
2. Forcing stations to reauthenticate
ANSWERS 100% CORRECT
What are the two types of wireless networks?
1. Star and ring
2. Bus and hybrid
3. Infrastructure and hybrid
4. Infrastructure and ad hoc - ANSWER4. Infrastructure and ad hoc
An infrastructure wireless network is one that uses an access point. An ad hoc wireless
network is one organized by the participants. These are the two types of wireless
networks. Star, ring, bus, and hybrid are all wired topologies.
How many stages are used in the WPA handshake?
1. Two
2. Four
3. Three
4. One - ANSWER2. Four
There are four stages used in a WPA handshake. This four-stage process is used to
derive the key and agree on capabilities.
While there are Bluetooth devices that will transmit much further, a common range is
about 300 feet (100 meters) for Bluetooth 4.0.
What tool could you use to enable sniffing on your wireless network to acquire all
headers?
1. Ettercap
2. Tcpdump
3. Aircrack-ng
4. Airmon-ng - ANSWER4. Airmon-ng (Air Monitoring - Next Generation)
Tcpdump can be used to capture frames/packets. Ettercap is used for captures and
spoofing attacks. Neither can capture all headers, including radio headers in a wireless
network. The package aircrack-ng includes the program airmon-ng, which can turn on
monitor mode on a network interface. The program aircrack-ng itself cannot do that.
, What mode has to be enabled on a network interface to allow all headers in wireless
traffic to be captured?
1. Promiscuous
2. Monitor
3. Radio
4. Wireless LAN - ANSWER2. Monitor
Promiscuous mode is used on network interfaces to collect frames that are not destined
for the network interface. This is insufficient on a wireless network because the radio
headers are not captured. To capture radio headers, monitor mode needs to be enabled
in addition to the promiscuous mode that will always be set to get all frames and all
information from the frame. Only monitor mode gives the radio headers.
What wireless attack would you use to take a known piece of information in order to be
able to decrypt wireless traffic?
1. Sniffing
2. Deauthentication
3. Key reinstallation
4. Evil twin - ANSWER3. Key reinstallation
Sniffing can be used to collect information that may be needed to launch wireless
attacks. A deauthentication attack can be used to force a station to generate traffic. An
evil twin attack uses a rogue access point to pretend to be a legitimate network. In order
to decrypt network traffic, you would need the key. One way to get the key is to reuse
information from network traffic that generated a known key. This is a key reinstallation
attack.
What is the purpose of performing a Bluetooth scan?
1. Identifying open ports
2. Identifying available profiles
3. Identifying endpoints
4. Identifying vendors - ANSWER3. Identifying endpoints
Bluetooth doesn't use ports. While profiles are important, you get the profile capabilities
during the pairing process. Just performing a scan won't get you a list of supported
profiles. While you should be able to identify vendors as part of the process of running a
Bluetooth scan, it's not the purpose of the scan. The purpose is to identify endpoints
and their associated addresses so you can run other attacks on them.
What is the purpose of a deauthentication attack?
1. Disabling stations
2. Forcing stations to reauthenticate
