Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?

A.
HTTPS

B.
WEP

C.
WPA

D.
WPA 2

Explanation:
WEP offers no end-to-end TLS encryption.
The WEP process consists of a series of steps as follows:
The wireless client sends an authentication request.
The Access Point (AP) sends an authentication response containing clear-text (uh-oh!) challenge text.
The client takes the challenge text received and encrypts it using a static WEP key. The client sends the encrypted authentication packet to the AP. The AP
encrypts the challenge text using its own static WEP key and compares the result to the authentication packet sent by the client. If the results match, the AP begins
the association process for the wireless client.
The big issue with WEP is the fact that it is very susceptible to a Man in the Middle attack. The attacker captures the clear-text challenge and then the
authentication packet reply. The attacker then reverses the RC4 encryption in order to derive the static WEP key. Yikes! As you might guess, the designers
attempted to strengthen WEP using the approach of key lengths. The native Windows client supported a 104-bit key as opposed to the initial 40-bit key. The
fundamental weaknesses in the WEP process still remained however.
Incorrect Answers:
A: HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP
application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects
against eavesdropping and man-in-the-middle attacks.
Therefore, this answer is incorrect.
C: WPA (WiFi Protected Access) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different
manufacturer’s wireless equipment. WPA is a much improved encryption standard that delivers a level of security beyond anything that WEP can offer. It bridges
the gap between WEP and 802.11i (WPA2) networks. WPA uses Temporal Key Integrity Protocol (TKIP), which is designed to allow WEP to be upgraded through
corrective measures that address the existing security problems. WPA is able to achieve over 500 trillion possible key combinations and re-keying of global
encryption keys is required. The encryption key is changed after every frame using TKIP. This allows key changes to occur on a frame by frame basis and to be
automatically synchronized between the access point and the wireless client. The TKIP encryption algorithm is stronger than the one used by WEP. WPA is
compatible with many older access points and network cards. WPA uses TKIP to provide TLS encryption. Therefore, this answer is incorrect.
D: WPA2 is the latest implementation of WPA and provides stronger data protection and network access control. It provides WiFi users with a higher level of
assurance that only authorized users can access their wireless networks. WPA2 is based on the IEEE 802.11i standard and provides government grade security.
802.11i describes the encrypted transmission of data between systems of 802.11a and 802.11b wireless LANs. It defines new encryption key protocols including
the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
WPA2 uses TKIP or AES to provide TLS encryption. Therefore, this answer is incorrect.

http://blog.ine.com/2010/10/16/wlan-security-wep/
http://searchsoftwarequality.techtarget.com/definition/HTTPS http://www.onlinecomputertips.com/networking/wep_wpa.html