Given:
In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation’s wireless network. Demonstrating the vulnerabilities of using WEP,
the consultant uses a laptop running a software AP in an attempt to hijack the authorized user’s connections. XYZ’s legacy network is using 802.11n APs with
802.11b, 11g, and 11n client devices.
With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?

You perform a protocol capture using Wireshark and a compatible 802.11 adapter in Linux. When viewing the capture, you see an auth req frame and an auth rsp
frame. Then you see an assoc req frame and an assoc rsp frame. Shortly after, you see DHCP communications and then ISAKMP protocol packets. What

security solution is represented?

Given:
ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have

used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the
corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven
vulnerable in improper implementations.
As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

Given:
You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant
implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution.
In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)

Given:

The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some
other Linux distributions.
What are three uses for such a tool? (Choose 3)

Given:
In XYZ’s small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.
What statement about the WLAN security of this company is true?

Given:

During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text.
From a security perspective, why is this significant?

Given:

Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.
While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)

What software and hardware tools are used together to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network?
(Choose 2)

What WLAN client device behavior is exploited by an attacker during a hijacking attack?