CompTIA Security+
cryptographic protocols ANS: Protocols meant to ensure security via encryption and cryptography.
Wired Equivalent Privacy (WEP) ANS: The first security iteration of 802.11, used a shared password
encryption scheme that within a few years was discovered to be mathematically crackable. Uses 128-bit
keys, and uses a 48-bit initialization vector.
RC4 ANS: Built into WEP as its encryption protocol and was very efficient because, as a streaming
protocol, it rapidly encrypts 1 bit (rather than entire blocks) of plaintext at a time. It uses a wide range of
key sizes, from 40-bit to 2048-bit keys.
Wi-Fi Protected Access (WPA) ANS: A security standard for users of computing devices equipped with
wireless internet connections, or Wi-Fi. It improved upon and replaced the original Wi-Fi security
standard, Wired Equivalent Privacy (WEP).
Wi-Fi Protected Access 2 - Pre-Shared Key (WPA-PSK) ANS: A method of securing your network using
WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home
users without an enterprise authentication server.
WPA-Enterprise ANS: A wireless security mechanism designed for small to large enterprise wireless
networks. It is an enhancement to the WPA security protocol with advanced authentication and
encryption.
Temporal Key Integrity Protocol (TKIP) ANS: A security protocol used in the IEEE 802.11 wireless
networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an
interim solution to replace WEP without requiring the replacement of legacy hardware. Makes it
possible to use dynamic keys, which are generated on a per-packet basis.
Wi-Fi Protected Access, version 2 (WPA2) ANS: The name of the final official implementation of the
802.11i wireless security protocol standard developed by the IEEE.
,WPA/WPA2 passphrase ANS: Can be from 8 to 63 case-sensitive ASCII characters, or 64 hexadecimal
characters. Now, this passphrase is not the actual WPA/WPA2 key; the passphrase is used to generate
the 256-bit pre-shared key that must be entered into all wireless devices on the same wireless network.
_______ uses TKIP; _______ uses AES. ANS: WPA, WPA2
Advanced Encryption Standard (AES) ANS: A symmetric encryption algorithm. The algorithm was
developed by two Belgian cryptographer Joan Daemen and Vincent Rijmen. AES was designed to be
efficient in both hardware and software, and supports a block length of 128 bits and key lengths of 128,
192, and 256 bits.
Counter-mode (CTR) Cipher Block Chaining Message Authentication Code Protocol (CMC-MAC) ANS:
Mode of encryption employed by AES which uses a 128-bit key and 128-bit block size (since it is a block
symmetric cipher, as opposed to the streaming RC4 symmetric cipher used in WEP and WPA), as well as
48-bit initialization vectors (IVs). Also known as CCMP.
Wi-Fi Protected Setup (WPS) ANS: A wireless network security standard that tries to make connections
between a router and wireless devices faster and easier. WPS works only for wireless networks that use
a password that is encrypted with the WPA Personal or WPA2 Personal security protocols.
802.1X ANS: A port-based access control most seen on corporate wireless networks as the preferred
form of authentication and access management control, it is not a wireless standard at all and can be
used in wired networks as well.
supplicant ANS: An entity at one end of a point-to-point LAN segment that seeks to be authenticated by
an authenticator attached to the other end of that link.
authenticator ANS: Usually a network switch or wireless access point that serves as the point of
connection for computers joining the network.
authentication server ANS: The source providing the authentication services to the wireless network.
,*True of False:*
The built-in wireless client in Windows usually lacks the features to connect to 802.1X wireless
networks. Third-party clients are often required. ANS: True
*True or False:*
802.1X can use several different types of authentication protocols. ANS: True. EAP, EAP-TLS, EAP-TTLS,
PEAP, LEAP, and EAP-FAST.
Extensible Authentication Protocol (EAP) ANS: An authentication framework frequently used in wireless
networks and point-to-point connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and
is updated by RFC 5247.
EAP Transport Layer Security (EAP-TLS) ANS: Defined in RFC 5216, is an IETF open standard that uses the
Transport Layer Security (TLS) protocol, and is well-supported among wireless vendors.
EAP Tunneled Transport Layer Security (EAP-TTLS) ANS: An EAP (Extensible Authentication Protocol)
method that encapsulates a TLS (Transport Layer Security) session, consisting of a handshake phase and
a data phase. Functionally equivalent to PEAP.
Protected EAP (PEAP) ANS: A version of EAP that uses Transport Layer Security (TLS).
Lightweight Extensible Authentication Protocol (LEAP) ANS: A proprietary protocol developed by Cisco
and used in their wireless LAN devices for authentication. LEAP uses dynamic WEP keys and provides for
mutual authentication between wireless clients and a centralized RADIUS server. LEAP requires wireless
clients to reauthenticate periodically, and when they do, they must use a new WEP key.
, EAP-FAST (for Flexible Authentication via Secure Tunneling) ANS: Replacement for LEAP which
addresses LEAP's security issues. EAP-FAST is lightweight but uses TLS tunnels to add security during
authentication.
federated system ANS: Involves the use of a common authentication system and credentials database
that multiple entities use and share.
Wireless Survey/Stumbler ANS: A tool that facilitates detection of Wireless LANs using the 802.11b,
802.11a and 802.11g WLAN standards.
Packet Grabber ANS: Tool for intercepting a data packet that is crossing or moving over a specific
computer network.
rogue access points ANS: A form of attack that involves setting up a false or fake AP to attract
unsuspecting people to connect to it, so that a malicious person can then monitor all of the victims'
network traffic.
evil twin attack ANS: An attack where a hacker could set up a rogue AP that is broadcasting the same (or
very similar) Service Set Identifier (SSID), which appears as the wireless network's name to ordinary
users.
jamming ANS: A form of intentional interference on wireless networks, designed as a denial-of-service
(DoS) attack.
For the most part, this ____________ is unintentional. ANS: interference
deauthentication attack ANS: A type of denial-of-service attack that targets communication between a
user and a Wi-Fi wireless access point.
disassociation attack ANS: A form of deauthentication attack.
cryptographic protocols ANS: Protocols meant to ensure security via encryption and cryptography.
Wired Equivalent Privacy (WEP) ANS: The first security iteration of 802.11, used a shared password
encryption scheme that within a few years was discovered to be mathematically crackable. Uses 128-bit
keys, and uses a 48-bit initialization vector.
RC4 ANS: Built into WEP as its encryption protocol and was very efficient because, as a streaming
protocol, it rapidly encrypts 1 bit (rather than entire blocks) of plaintext at a time. It uses a wide range of
key sizes, from 40-bit to 2048-bit keys.
Wi-Fi Protected Access (WPA) ANS: A security standard for users of computing devices equipped with
wireless internet connections, or Wi-Fi. It improved upon and replaced the original Wi-Fi security
standard, Wired Equivalent Privacy (WEP).
Wi-Fi Protected Access 2 - Pre-Shared Key (WPA-PSK) ANS: A method of securing your network using
WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home
users without an enterprise authentication server.
WPA-Enterprise ANS: A wireless security mechanism designed for small to large enterprise wireless
networks. It is an enhancement to the WPA security protocol with advanced authentication and
encryption.
Temporal Key Integrity Protocol (TKIP) ANS: A security protocol used in the IEEE 802.11 wireless
networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an
interim solution to replace WEP without requiring the replacement of legacy hardware. Makes it
possible to use dynamic keys, which are generated on a per-packet basis.
Wi-Fi Protected Access, version 2 (WPA2) ANS: The name of the final official implementation of the
802.11i wireless security protocol standard developed by the IEEE.
,WPA/WPA2 passphrase ANS: Can be from 8 to 63 case-sensitive ASCII characters, or 64 hexadecimal
characters. Now, this passphrase is not the actual WPA/WPA2 key; the passphrase is used to generate
the 256-bit pre-shared key that must be entered into all wireless devices on the same wireless network.
_______ uses TKIP; _______ uses AES. ANS: WPA, WPA2
Advanced Encryption Standard (AES) ANS: A symmetric encryption algorithm. The algorithm was
developed by two Belgian cryptographer Joan Daemen and Vincent Rijmen. AES was designed to be
efficient in both hardware and software, and supports a block length of 128 bits and key lengths of 128,
192, and 256 bits.
Counter-mode (CTR) Cipher Block Chaining Message Authentication Code Protocol (CMC-MAC) ANS:
Mode of encryption employed by AES which uses a 128-bit key and 128-bit block size (since it is a block
symmetric cipher, as opposed to the streaming RC4 symmetric cipher used in WEP and WPA), as well as
48-bit initialization vectors (IVs). Also known as CCMP.
Wi-Fi Protected Setup (WPS) ANS: A wireless network security standard that tries to make connections
between a router and wireless devices faster and easier. WPS works only for wireless networks that use
a password that is encrypted with the WPA Personal or WPA2 Personal security protocols.
802.1X ANS: A port-based access control most seen on corporate wireless networks as the preferred
form of authentication and access management control, it is not a wireless standard at all and can be
used in wired networks as well.
supplicant ANS: An entity at one end of a point-to-point LAN segment that seeks to be authenticated by
an authenticator attached to the other end of that link.
authenticator ANS: Usually a network switch or wireless access point that serves as the point of
connection for computers joining the network.
authentication server ANS: The source providing the authentication services to the wireless network.
,*True of False:*
The built-in wireless client in Windows usually lacks the features to connect to 802.1X wireless
networks. Third-party clients are often required. ANS: True
*True or False:*
802.1X can use several different types of authentication protocols. ANS: True. EAP, EAP-TLS, EAP-TTLS,
PEAP, LEAP, and EAP-FAST.
Extensible Authentication Protocol (EAP) ANS: An authentication framework frequently used in wireless
networks and point-to-point connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and
is updated by RFC 5247.
EAP Transport Layer Security (EAP-TLS) ANS: Defined in RFC 5216, is an IETF open standard that uses the
Transport Layer Security (TLS) protocol, and is well-supported among wireless vendors.
EAP Tunneled Transport Layer Security (EAP-TTLS) ANS: An EAP (Extensible Authentication Protocol)
method that encapsulates a TLS (Transport Layer Security) session, consisting of a handshake phase and
a data phase. Functionally equivalent to PEAP.
Protected EAP (PEAP) ANS: A version of EAP that uses Transport Layer Security (TLS).
Lightweight Extensible Authentication Protocol (LEAP) ANS: A proprietary protocol developed by Cisco
and used in their wireless LAN devices for authentication. LEAP uses dynamic WEP keys and provides for
mutual authentication between wireless clients and a centralized RADIUS server. LEAP requires wireless
clients to reauthenticate periodically, and when they do, they must use a new WEP key.
, EAP-FAST (for Flexible Authentication via Secure Tunneling) ANS: Replacement for LEAP which
addresses LEAP's security issues. EAP-FAST is lightweight but uses TLS tunnels to add security during
authentication.
federated system ANS: Involves the use of a common authentication system and credentials database
that multiple entities use and share.
Wireless Survey/Stumbler ANS: A tool that facilitates detection of Wireless LANs using the 802.11b,
802.11a and 802.11g WLAN standards.
Packet Grabber ANS: Tool for intercepting a data packet that is crossing or moving over a specific
computer network.
rogue access points ANS: A form of attack that involves setting up a false or fake AP to attract
unsuspecting people to connect to it, so that a malicious person can then monitor all of the victims'
network traffic.
evil twin attack ANS: An attack where a hacker could set up a rogue AP that is broadcasting the same (or
very similar) Service Set Identifier (SSID), which appears as the wireless network's name to ordinary
users.
jamming ANS: A form of intentional interference on wireless networks, designed as a denial-of-service
(DoS) attack.
For the most part, this ____________ is unintentional. ANS: interference
deauthentication attack ANS: A type of denial-of-service attack that targets communication between a
user and a Wi-Fi wireless access point.
disassociation attack ANS: A form of deauthentication attack.
