CEH-Bk4_Ch01-Review Question Answers

CEH-Bk4_Ch01-Review Question Answers

• List the two basic methods for locating access points.

There are two basic methods for locating unauthorized access points: requesting a beacon and sniffing the air.

• List the steps to access a WLAN.

List available wireless networks, then simply log on with your user name and password if it is a secure access point, or connect directly if it is an open wireless network (unsecure).

• What is WEP?

Wired Equivalent Privacy (WEP) is a security protocol designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to that which is usually expected of a wired LAN. WEP is a component of the IEEE 802.11 WLAN standards.

• Discuss the differences between WEP and WPA.

WEP’s primary purpose is to provide for confidentiality of data on wireless networks at a level equivalent to that of wired LANs, but it is weak and fails to meet any of its goals. WPA fixes most of WEP’s problems but adds some new vulnerabilities. WPA2 makes wireless networks as secure as wired networks.

• List the steps to hack a wireless network.

Step 1: Find Networks to Attack

Step 2: Choose the Network to Attack

Step 3: Analyze the Network

Step 4: Crack the WEP Key

Step 5: Sniff the Network

• What is LEAP?

The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary, closed solution that offers username/password-based authentication between a wireless client and a RADIUS server. LEAP conducts mutual authentication. It is used with the IEEE 802.1x standard for LAN port access control.

• How does an administrator secure a wireless network?

By installing WEP, WPA, and WPA2.

(Ethical Hacking and Countermeasures, Secure Network Operating Systems and Infrastructures (CEH), 2e EC-Council) 1 / 4

• What is a rogue access point?

An unauthorized access points that can allow anyone with an 802.11-equipped device onto the network.

• / 4

CEH-Bk4_Ch02-Review Question Answers

• Name four physical security threats.

Vandalism • Disgruntled or former employees may try to compromise the system.• Systems could be mishandled during civil unrest or a disaster.Theft • Lack of proper security and locks may result in theft of equipment.• The presence of an alert guard within the premises can help prevent theft.Natural Calamities • Earthquakes

• Tarpaulins/plastic sheets should be readily available in the system room.

Covering computing assets in an emergency may mitigate damage.

• Magnetic tapes should be covered to prevent wear and tear.
• Operators should be trained on how to properly cover equipment.

• Fire and smoke

• Fires are generally caused by human error.
• Fire alarms and extinguishers should be placed well within reach of

employees.

• Smoke detectors should be placed on the ceiling and in other locations.
• A separate, secure smoking zone should be available to company

employees.• Flood

• Periodic inspections under the flooring in the data processing room

must be conducted to check for water seepage, especially during times of heavy precipitation.

• Water detectors should be installed and subjected to periodic checks.
• Administrators should be aware of proper shutdown procedures, and

exercise drills must be performed regularly.• Lightning and thunder 3 / 4

• All computer systems should have a UPS (uninterruptible power

supply) to protect the systems from voltage fluctuations, sudden power surges, or power outages.

• Such incidents can damage the hardware of a computer, especially the

memory chips.Dust • Dust that accumulates on hardware hinders its performance.• Dust can seriously hinder a PC’s ability to cool down.• Even if the computer’s case has never been opened, dust can still get in through the drive openings. An effective way to remove dust from the inside of a CPU is with compressed air, which can be used to blow dust away from the motherboard and other components.Water • PCs should not be placed near water sources that can splash onto the components or drip down into them.• PCs should not be placed near windows. During storms, there may be a chance of water getting inside the CPU through the openings meant for cooling.• PCs should be placed in an environment where humidity is controlled.Explosions • Chemicals should be placed in isolation.Terrorist Attacks • Terrorist actions can often occur regardless of a building’s security. These types of attacks can be extremely destructive. The building should be adequately lit at night on all sides.• Only people with proper security clearance should be permitted into the data processing area. Suspicious parties should be reported to security and/or the concerned authorities.

• What are compromising emanations, or CEs?

Information that is unintentionally leaked out of computers through energy

emissions are known as CE, or compromising emanations, and they can occur as:

• Electromagnetic fields set free by elements of plaintext processing equipment • Text-related signals coupled to cipher, power, signal, control, or other

• / 4