EC-COUNCIL EC-COUNCIL Certifications 312-50 Questions & Answers

• Question 401:

  Which of the following is true of the wireless Service Set ID (SSID)? (Select all that apply.)

  A. Identifies the wireless network

  B. Acts as a password for network access

  C. Should be left at the factory default setting

  D. Not broadcasting the SSID defeats NetStumbler and other wireless discovery tools

  Correct Answer: AB

• Question 402:

  Which of the following wireless technologies can be detected by NetStumbler? (Select all that apply)

  A. 802.11b

  B. 802.11e

  C. 802.11a

  D. 802.11g

  E. 802.11

  Correct Answer: ACD

  If you check the website, cards for all three (A, B, G) are supported. See: http://www.stumbler.net/

• Question 403:

  Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?

  A. There is no mutual authentication between wireless clients and access points

  B. Automated tools like AirSnort are available to discover WEP keys

  C. The standard does not provide for centralized key management

  D. The 24 bit Initialization Vector (IV) field is too small

  Correct Answer: C

  The lack of centralized key management in itself is not a reason that the WEP encryption is vulnerable, it is the people setting the user shared key that makes it unsecure.

• Question 404:

  In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning. He places the antenna for the access points near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the building's center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Ulf figures that with this and his placement of antennas, his wireless network will be safe from attack.

  Which of the following statements is true?

  A. With the 300 feet limit of a wireless signal, Ulf's network is safe.

  B. Wireless signals can be detected from miles away, Ulf's network is not safe.

  C. Ulf's network will be safe but only of he doesn't switch to 802.11a.

  D. Ulf's network will not be safe until he also enables WEP.

  Correct Answer: D

• Question 405:

  In an attempt to secure his wireless network, Bob turns off broadcasting of the SSID. He concludes that since his access points require the client computer to have the proper SSID, it would prevent others from connecting to the wireless network. Unfortunately unauthorized users are still able to connect to the wireless network.

  Why do you think this is possible?

  A. Bob forgot to turn off DHCP.

  B. All access points are shipped with a default SSID.

  C. The SSID is still sent inside both client and AP packets.

  D. Bob's solution only works in ad-hoc mode.

  Correct Answer: B

  All access points are shipped with a default SSID unique to that manufacturer, for example 3com uses the default ssid comcomcom.

• Question 406:

  In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network's speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same. Why does this happen in the VPN over wireless implementation?

  A. The stronger encryption used by the VPN slows down the network.

  B. Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications.

  C. VPNs use larger packets then wireless networks normally do.

  D. Using a VPN on wireless automatically enables WEP, which causes additional overhead.

  Correct Answer: B

  By applying VPN the access point will have to recalculate all headers destined for client and from clients twice.

• Question 407:

  RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless LAN. WEP is known to be insecure even if we are using a stream cipher that is known to be secured.

  What is the most likely cause behind this?

  A. There are some flaws in the implementation.

  B. There is no key management.

  C. The IV range is too small.

  D. All of the above.

  E. None of the above.

  Correct Answer: D

  Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets. Many WEP systems require a key in hexadecimal format. Some users choose keys that spell words in the limited 0-9, A-F hex character set, for example C0DE C0DE C0DE C0DE. Such keys are often easily guessed.

• Question 408:

  WEP is used on 802.11 networks, what was it designed for?

  A. WEP is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what it usually expected of a wired LAN.

  B. WEP is designed to provide strong encryption to a wireless local area network (WLAN) with a lever of integrity and privacy adequate for sensible but unclassified information.

  C. WEP is designed to provide a wireless local area network (WLAN) with a level of availability and privacy comparable to what is usually expected of a wired LAN.

  D. WEOP is designed to provide a wireless local area network (WLAN) with a level of privacy comparable to what it usually expected of a wired LAN.

  Correct Answer: A

  WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts -any WEP key can be cracked with readily available software in two minutes or less -- and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004.

• Question 409:

  Sandra is conducting a penetration test for ABC.com. She knows that ABC.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g.

  Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions

  herself around the building several times, Sandra is not able to detect a single AP.

  What do you think is the reason behind this?

  A. Netstumbler does not work against 802.11g.

  B. You can only pick up 802.11g signals with 802.11a wireless cards.

  C. The access points probably have WEP enabled so they cannot be detected.

  D. The access points probably have disabled broadcasting of the SSID so they cannot be detected.

  E. 802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal.

  F. Sandra must be doing something wrong, as there is no reason for her to not see the signals.

  Correct Answer: D

  Netstumbler can not detect networks that do not respond to broadcast requests.

• Question 410:

  Which are true statements concerning the BugBear and Pretty Park worms? Select the best answers.

  A. Both programs use email to do their work.

  B. Pretty Park propagates via network shares and email

  C. BugBear propagates via network shares and email

  D. Pretty Park tries to connect to an IRC server to send your personal passwords.

  E. Pretty Park can terminate anti-virus applications that might be running to bypass them.

  Correct Answer: ACD

  Both Pretty Park and BugBear use email to spread. Pretty Park cannot propagate via network shares, only email. BugBear propagates via network shares and email. It also terminates anti- virus applications and acts as a backdoor server for someone to get into the infected machine. Pretty Park tries to connect to an IRC server to send your personal passwords and all sorts of other information it retrieves from your PC. Pretty Park cannot terminate anti-virus applications. However, BugBear can terminate AV software so that it can bypass them.