ActualTests.Cisco.640-802.Exam.Q.and.A.08.15.08-DDU (1130589), страница 65
Текст из файла (страница 65)
Whichtwo statements best describe the wireless security standard that is defined by WPA?(Choose two)Actualtests.com - The Power of Knowing640-802A. It requires use of an open authentication methodB. It specifies the use of a dynamic encryption keys that change each time a clientestablishes a connectionC.
It includes authentication by PSKD. It specifies use of a static encryption key that must be changed frequently to enhancesecurityAnswer: B, CExplanation:WPA is a more powerful security technology for Wi-Fi networks than WEP. It providesstrong data protection by using encryption as well as strong access controls and userauthentication. WPA utilizes 128-bit encryption keys and dynamic session keys to ensureyour wireless network's privacy and enterprise security.There are two basic forms of WPA:WPA Enterprise (requires a Radius server)WPA personal (also known as WPA-PSK)Either can use TKIP or AES for encryption.
Not all WPA hardware supports AES.WPA-PSK is basically an authentication mechanism in which users provide some formof credentials to verify that they should be allowed access to a network. This requires asingle password entered into each WLAN node (Access Points, Wireless Routers, clientadapters, bridges). As long as the passwords match, a client will be granted access to aWLAN.Encryption mechanisms used for WPA and WPA-PSK are the same. The only differencebetween the two is in WPA-PSK, authentication is reduced to a simple commonpassword, instead of user-specific credentials.The Pre-Shared Key (PSK) mode of WPA is considered vulnerable to the same risks asany other shared password system - dictionary attacks for example.
Another issue may bekey management difficulties such as removing a user once access has been granted wherethe key is shared among multiple users, not likely in a home environment.Reference: http://www.dslreports.com/faq/wifisecurity/2.2_WPAQUESTION 574:In an effort to increase security within the Certkiller wireless network, WPA is beingutilized. Which two statements shown below best describe the wireless securitystandard that is defined by WPA? (Choose two)A. It requires use of an open authentication methodB. It specifies use of a static encryption key that must be changed frequently to enhancesecurityC. It includes authentication by PSKD. It specifies the use of dynamic encryption keys that change each time a clientestablishes a connectionActualtests.com - The Power of Knowing640-802E.
It requires that all access points and wireless devices use the same encryption keyF. WPA works only with Cisco access pointsAnswer: C, DQUESTION 575:Certkiller has chosen WPA over WEP in their wireless network. What is one reasonwhy WPA encryption is preferred over WEP in this network?A.
The WPA key values remain the same until the client configuration is changed.B. The values of WPA keys can change dynamically while the system is used.C. The access point and the client are manually configured with different WPA keyvalues.D. A WPA key is longer and requires more special characters than the WEP key.E. None of the aboveAnswer: BQUESTION 576:You need to determine the proper security settings on a new CertkillerWLAN-capable office. Which encryption type would WPA2 use in this office?A.
PSKB. AES-CCMPC. PPK via IVD. TKIP/MICE. None of the aboveAnswer: BExplanation:In 2004, the IEEE 802.11i task group responsible for Wi-Fi security for the WLANprovided a series of recommendations to fix known problems with Wireless EquivalentPrivacy (WEP). Its recommendations included using encryption techniques known asAdvanced Encryption Standard Counter-Mode Cipher Block Chaining (AES-CCMP) orAES for short.AES is not the end of the story, as the industry had a problem when it moved from WEPto AES. What could be done, for example, about legacy devices that could not supportthe upgrade to AES? The IEEE 802.11i task group recommended using the TemporalKey Integrity Protocol (TKIP).
As a patch, TKIP is not as secure as AES, but it protectsagainst all currently known attacks.The urgent need to fix WEP caused the Wi-Fi Alliance to develop security patchActualtests.com - The Power of Knowing640-802recommendations for Wi-Fi Protected Access (WPA) before the IEEE finalizedstandards. WPA was drawn from an early draft of the IEEE 802.11i standard, and thereare significant differences between WPA and TKIP. What is similar is that neither theWPA patch for WEP nor the TKIP patch is as secure as AES.The Wi-Fi Alliance later came out with a new security recommendation-WPA, version 2(WPA2)-to make WPA consistent with IEEE 802.11i standards. One improvement toWPA2 was the recommendation to use AES-CCMP encryption mode.
WPA2 has thusbecome synonymous with AES.The table below summarizes the different encryption algorithms used for WLAN privacy.WLAN Encryption OptionsMost secureAES-CCMP/WPA2They are resistant to allknown crypto-analysisBelieved secureTKIP and WPA patchto WEPThey offer defenseagainst currently knownattacksWEPThey can be cracked byanalyzing a sufficientamount of datatransmission.Weak securityReference: http://www.convergedigest.com/bp-bbw/bp1.asp?ID=465&ctgy=MeshQUESTION 577:You need to add a wireless access point to a new Certkiller office.
Which additionalconfiguration step is necessary in order to connect to an access point that has SSIDbroadcasting disabled?A. Configure open authentication on the AP and the clientB. Set the SSID value in the client software to publicC. Set the SSID value on the client to the SSID configured on the APD. Configure MAC address filtering to permit the client to connect to the APE. None of the aboveAnswer: CQUESTION 578:Which of the following data network would you implement if you wanted a wirelessnetwork that had a relatively high data rate, but was limited to very shortdistances?Actualtests.com - The Power of Knowing640-802A. Broadband personal comm. Service (PCS)B.
Broadband circuitC. InfraredD. Spread spectrumE. CableAnswer: CExplanation:A good example of the range of an infrared is a television remote control or a garage dooropener. Infrared networks are capable of high data rates, but they are limited in thedistance between the infrared points, and also by the fact that a line of sight between thenodes is usually required.Incorrect Answers:A, D: Although these are both wireless methods, the data rate capabilities are somewhatlimited, especially when compared to infrared links.B, E: Although these are both capable of relatively high data rates, they do not usewireless technology.QUESTION 579:You need to troubleshoot an interference issue with the Certkiller wireless LAN.Which two devices can interfere with the operation of this network because theyoperate on similar frequencies? (Choose two)A. Microwave ovenB.
AM radioC. ToasterD. CopierE. Cordless phoneF. IP phoneG. I-podAnswer: A, EQUESTION 580:You need to create a security plan for the Certkiller network. What should be partof a comprehensive network security plan?A. Delay deployment of software patches and updates until their effect on end-userequipment is well known and widely reportedB. Minimize network overhead by deactivating automatic antivirus client updatesC.
Encourage users to use personal information in their passwords to minimize theActualtests.com - The Power of Knowing640-802likelihood of passwords being forgottenD. Physically secure network equipment from potential access by unauthorizedindividualsE. Allow users to develop their own approach to network securityF. None of the aboveAnswer: DExplanation:Computer systems and networks are vulnerable to physical attack; therefore, proceduresshould be implemented to ensure that systems and networks are physically secure.Physical access to a system or network provides the opportunity for an intruder todamage, steal, or corrupt computer equipment, software, and information.
Whencomputer systems are networked with other departments or agencies for the purpose ofsharing information, it is critical that each party to the network take appropriate measuresto ensure that its system will not be physically breached, thereby compromising the entirenetwork. Physical security procedures may be the least expensive to implement but canalso be the most costly if not implemented. The most expensive and sophisticatedcomputer protection software can be overcome once an intruder obtains physical accessto the network.QUESTION 581:As the Certkiller network security administrator, you are concerned with thevarious possible network attacks. Which type of attack is characterized by a flood ofpackets that are requesting a TCP connection to a server?A. Trojan HorseB.
ReconnaissanceC. Denial of ServiceD. Brute ForceE. VirusF. WormAnswer: CExplanation:A denial-of-service attack (DoS attack) is an attempt to make a computer resourceunavailable to its intended users. Although the means to, motives for and targets of a DoSattack may vary, it generally comprises the concerted, malevolent efforts of a person orpersons to prevent an Internet site or service from functioning efficiently or at all,temporarily or indefinitely. Among these are Network connectivity attacks.These attacks overload the victim with TCP packets so that its TCP/IP stack is not able tohandle any further connections, and processing queues are completely full with nonsenseActualtests.com - The Power of Knowing640-802malicious packets.
As a consequence of this attack, legitimate connections are denied.One classic example of a network connectivity attack is a SYN FloodQUESTION 582:The Certkiller administrator is concerned with enhancing network security. To dothis, what are two recommended ways of protecting network device configurationfiles from outside security threats on the network? (Choose two)A. Use a firewall to restrict access from the outside to the network devicesB. Allow unrestricted access to the console or VTY portsC.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
