Authentication and Encryption 2
Here you will find answers to Authentication and Encryption – Part 2
Question 1
What two statements are true about AES-CCMP? (Choose two)
A. It is an encryption algorithm used in the 802.11i security protocol.
B. It is defined in 802.1X.
C. It is the encryption algorithm used in TKIP implementations.
D. It is required in WPA.
E. It is required in WPA2.
Answer: A E
Explanation
Advanced Encryption Standard (AES) is the cipher system used by RSN. It is the equivalent of the RC4 algorithm used by WPA. However the encryption mechanism is much more complex and does not suffer from the problems associated with WEP. AES is a block cipher, operating on blocks of data 128bits long.
CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA. CCMP computes a Message Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code (CBC-MAC) method. Changing even one bit in a message produces a totally different result.
The AES-CCMP encryption algorithm used in the 802.11i (WPA2) security protocol. It uses the AES block cipher, but restricts the key length to 128 bits. AES-CCMP incorporates two sophisticated cryptographic techniques (counter mode and CBC-MAC) and adapts them to Ethernet frames to provide a robust security protocol between the mobile client and the access point.
AES itself is a very strong cipher, but counter mode makes it difficult for an eavesdropper to spot patterns, and the CBC-MAC message integrity method ensures that messages have not been tampered with.
Question 2
One of the advantages of implementing EAP-FAST is that there is no need to implement which item as part of your authentication infrastructure?
A. an access control server
B. a Certificate Authority infrastructure
C. a client that supports EAP-FAST
D. a RADIUS server
Answer: B
Explanation
Please login or register to see this part
Question 3
What is the Default Local Database size for authenticating local users?
A. 512 entries
B. 1024 entries
C. 2048 entries
D. 4096 entries
E. 8192 entries
Answer: A
Question 4
When using the Pre-Shared Key authentication method for WPA or WPA2, the pre-shared key is used for which two functions? (Choose two)
A. to act as the Group Transient Key during the bidirectional handshake
B. to act as the Pairwise Master Key during the bidirectional handshake
C. to derive the nonce at each side of the exchange
D. to derive the Pairwise Transient Key
Answer: B D
Explanation
Please login or register to see this part
Question 5
EAP-FAST was first supported where?
A. CCXv1
B. CCXv2
C. CCXv3
D. CCXv4
E. CCXv5
Answer: C
Explanation
The Cisco Compatible Extensions (CCX) program ensures that wireless clients are compatible with Cisco WLAN equipment. The following is a brief list of the features supported by each CCX specification:
CCXv1 – Standard 802.11 features, 802.1X with LEAP
CCXv2 – WPA, 802.1X with PEAP
CCXv3 – WPA2, 802.1X with EAP-FAST
CCXv4 – Network Admission Control (NAC), Call Admission Control for VoIP
CCXv5 – Advanced troubleshooting and client reporting functionality
Question 6
Which authentication method best supports a large enterprise deployment where over the air security is a necessity?
A. Open Authentication with Web Authentication
B. PSK with WEP
C. WPA with PSK
D. WPA2 with EAP-FAST
E. WPA2 with PSK
Answer: D
Question 7
Which statement applies to TKIP?
A. is part of the initial key exchange used to derive apairwise temporal key
B. is used to encrypt a WEP authenticated session
C. is used to encrypt the data for WPA sessions
D. is used to secure the initial authentication credential exchange between client and authenticator
Answer: C
Explanation
Please login or register to see this part
Question 8
WEP is a mandatory encryption mechanism. True or false?
A. True
B. false
Answer: B
Question 9
WPA uses TKIP and is a subset of the 802.11 i standard. True or false?
A. True
B. false
Answer: A