EMT Practice Test

1. Question Content...


Question List

Question1: What elements should be addressed by a WLAN security policy? (Choose 2)

Question2: Given: You are using WEP as an encryption solution. You are using VLANs for network segregation.
Why can you not establish an RSNA?

Question3: In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from
802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC's facility. ABC has always been highly security conscious, but due to budget limitations, they have not yet updated their overlay WIPS solution to 802.11n or 802.11ac.
Given ABC's deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?

Question4: Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop- based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly. When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful. Before using the WLAN protocol analyzer, Mary's laptop connected to the network without any problems.
What statement indicates why Mary cannot access the network from her laptop computer?

Question5: You must locate non-compliant 802.11 devices. Which one of the following tools will you use and why?

Question6: What TKIP feature was introduced to counter the weak integrity check algorithm used in WEP?

Question7: The following numbered items show some of the contents of each of the four frames exchanged during the
4-way handshake:
1. Encrypted GTK sent
2. Confirmation of temporal key installation
3. Anonce sent from authenticator to supplicant
4. Snonce sent from supplicant to authenticator, MIC included
Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.

Question8: In order to acquire credentials of a valid user on a public hot-spot network, what attacks may be conducted? Choose the single completely correct answer.

Question9: You work as the security administrator for your organization. In relation to the WLAN, you are viewing a dashboard that shows security threat, policy compliance and rogue threat charts. What type of system is in view?

Question10: You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:
1. SSID: Guest - VLAN 90 - Security: Open with captive portal authentication - 2 current clients
2. SSID: ABCData - VLAN 10 - Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP - 5 current clients
3. SSID: ABCVoice - VLAN 60 - Security: WPA2-Personal - 2 current clients Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.
What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?

Question11: What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)

Question12: When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?

Question13: Given: Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM.
What device functions as the 802.1X/EAP Authenticator?

Question14: As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.
When writing the 802.11 security policy, what password-related items should be addressed?

Question15: Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

Question16: An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?

Question17: Given: The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions.
What are three uses for such a tool? (Choose 3)

Question18: Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.
Before creating the WLAN security policy, what should you ensure you possess?

Question19: Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding
802.11ac data.
What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

Question20: What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?

Question21: Given: You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet.
What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)

Question22: Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).
Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

Question23: You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions. Which of the following statements is true regarding integrated WIPS solutions?

Question24: Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other users' traffic, the attacker must obtain certain information from the 4-way handshake of the other users.
In addition to knowing the Pairwise Master Key (PMK) and the supplicant's address (SA), what other three inputs must be collected with a protocol analyzer to recreate encryption keys? (Choose 3)

Question25: When implementing a WPA2-Enterprise security solution, what protocol must the selected RADIUS server support?

Question26: As a part of a large organization's security policy, how should a wireless security professional address the problem of rogue access points?

Question27: Given: The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.
What single WLAN security feature should be implemented to comply with these requirements?

Question28: Given: ABC Company secures their network with WPA2-Personal authentication and AES-CCMP encryption.
What part of the 802.11 frame is always protected from eavesdroppers by this type of security?

Question29: Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2- Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).
How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

Question30: Given: ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication.
How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

Question31: What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?

Question32: Given: Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.
While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)

Question33: Given: Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies.
Which one of the following statements is true related to this implementation?

Question34: ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.
What types of wireless attacks are protected by 802.11w? (Choose 2)

Question35: In the IEEE 802.11-2012 standard, what is the purpose of the 802.1X Uncontrolled Port?

Question36: Given: You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured.
In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?

Question37: You must support a TSN as you have older wireless equipment that will not support the required processing of AES encryption. Which one of the following technologies will you use on the network so that a TSN can be implemented that would not be required in a network compliant with 802.11-2012 non- deprecated technologies?

Question38: Given: XYZ Hospital plans to improve the security and performance of their Voice over Wi-Fi implementation and will be upgrading to 802.11n phones with 802.1X/EAP authentication. XYZ would like to support fast secure roaming for the phones and will require the ability to troubleshoot reassociations that are delayed or dropped during inter-channel roaming.
What portable solution would be recommended for XYZ to troubleshoot roaming problems?

Question39: Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization.
What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)

Question40: Given: ABC Corporation's 802.11 WLAN is comprised of a redundant WLAN controller pair (N+1) and 30 access points implemented in 2004. ABC implemented WEP encryption with IPSec VPN technology to secure their wireless communication because it was the strongest security solution available at the time it was implemented. IT management has decided to upgrade the WLAN infrastructure and implement Voice over Wi-Fi and is concerned with security because most Voice over Wi-Fi phones do not support IPSec.
As the wireless network administrator, what new security solution would be best for protecting ABC's data?

Question41: A single AP is configured with three separate WLAN profiles, as follows:
1. SSID: ABCData - BSSID: 00:11:22:00:1F:C3 - VLAN 10 - Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP - 3 current clients
2. SSID: ABCVoice - BSSID: 00:11:22:00:1F:C4 - VLAN 60 - Security: WPA2-Personal with AES-CCMP
- 2 current clients
3. SSID: Guest - BSSID: 00:11:22:00:1F:C5 - VLAN 90 - Security: Open with captive portal authentication
- 3 current clients
Three STAs are connected to ABCData. Three STAs are connected to Guest. Two STAs are connected to ABCVoice.
How many unique GTKs and PTKs are currently in place in this scenario?

Question42: ABC Company requires the ability to identify and quickly locate rogue devices. ABC has chosen an overlay WIPS solution with sensors that use dipole antennas to perform this task. Use your knowledge of location tracking techniques to answer the question.
In what ways can this 802.11-based WIPS platform determine the location of rogue laptops or APs?
(Choose 3)

Question43: What type of WLAN attack is prevented with the use of a per-MPDU TKIP sequence counter (TSC)?

Question44: ABC Company has deployed a Single Channel Architecture (SCA) solution to help overcome some of the common problems with client roaming. In such a network, all APs are configured with the same channel and BSSID. PEAPv0/EAP-MSCHAPv2 is the only supported authentication mechanism.
As the Voice over Wi-Fi (STA-1) client moves throughout this network, what events are occurring?

Question45: Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.
In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

Question46: When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?

Question47: You have been recently hired as the wireless network administrator for an organization spread across seven locations. They have deployed more than 100 APs, but they have not been managed in either an automated or manual process for more than 18 months. Given this length of time, what is one of the first things you should evaluate from a security perspective?

Question48: Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.
What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?

Question49: Given: ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS-CHAPv2 and AES- CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hot- spot include:
Cannot access corporate network resources

Network permissions are limited to Internet access

All stations must be authenticated

What security controls would you suggest? (Choose the single best answer.)

Question50: Given: A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):
1) 802.11 Probe Req and 802.11 Probe Rsp
2) 802.11 Auth and then another 802.11 Auth
3) 802.11 Assoc Req and 802.11 Assoc Rsp
4) EAPOL-KEY
5) EAPOL-KEY
6) EAPOL-KEY
7) EAPOL-KEY
What security mechanism is being used on the WLAN?

Question51: In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

Question52: You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer-grade wireless routers. The wireless routers will connect to a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.
To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?

Question53: What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in an
802.11 WLAN?

Question54: Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)

Question55: Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console.
What kind of system should be installed to provide the required compliance reporting and forensics features?

Question56: For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?

Question57: Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

Question58: What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?

Question59: You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)

Question60: What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

Question61: When used as part of a WLAN authentication solution, what is the role of LDAP?

Question62: What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

Question63: What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server?
(Choose 3)

Question64: When monitoring APs within a LAN using a Wireless Network Management System (WNMS), what secure protocol may be used by the WNMS to issue configuration changes to APs?

Question65: While performing a manual scan of your environment using a spectrum analyzer on a laptop computer, you notice a signal in the real time FFT view. The signal is characterized by having peak power centered on channel 11 with an approximate width of 20 MHz at its peak. The signal widens to approximately 40 MHz after it has weakened by about 30 dB.
What kind of signal is displayed in the spectrum analyzer?

Question66: Joe's new laptop is experiencing difficulty connecting to ABC Company's 802.11 WLAN using 802.1X/EAP PEAPv0. The company's wireless network administrator assured Joe that his laptop was authorized in the WIPS management console for connectivity to ABC's network before it was given to him. The WIPS termination policy includes alarms for rogue stations, roque APs, DoS attacks and unauthorized roaming.
What is a likely reason that Joe cannot connect to the network?

Question67: Given: XYZ Company has recently installed an 802.11ac WLAN. The company needs the ability to control access to network services, such as file shares, intranet web servers, and Internet access based on an employee's job responsibilities.
What WLAN security solution meets this requirement?

Question68: What security vulnerabilities may result from a lack of staging, change management, and installation procedures for WLAN infrastructure equipment? (Choose 2)

Question69: Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs. Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:
SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher suite
The consultant's computer can successfully authenticate and browse the Internet when using the Blue SSID. The same computer cannot authenticate when using the Red SSID.
What is a possible cause of the problem?

Question70: Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company's employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.
What security implementation will allow the network administrator to achieve this goal?

Question71: Given: During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text.
From a security perspective, why is this significant?

Question72: Which one of the following describes the correct hierarchy of 802.1X authentication key derivation?

Question73: Given: A network security auditor is preparing to perform a comprehensive assessment of an 802.11ac network's security.
What task should be performed at the beginning of the audit to maximize the auditor's ability to expose network vulnerabilities?

Question74: Given: You have implemented strong authentication and encryption mechanisms for your enterprise
802.11 WLAN using 802.1X/EAP with AES-CCMP.
For users connecting within the headquarters office, what other security solution will provide continuous monitoring of both clients and APs with 802.11-specific tracking?

Question75: Given: In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.
What statement about the WLAN security of this company is true?

Question76: After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?

Question77: What is a primary criteria for a network to qualify as a Robust Security Network (RSN)?

Question78: What WLAN client device behavior is exploited by an attacker during a hijacking attack?

Question79: You perform a protocol capture using Wireshark and a compatible 802.11 adapter in Linux. When viewing the capture, you see an auth req frame and an auth rsp frame. Then you see an assoc req frame and an assoc rsp frame. Shortly after, you see DHCP communications and then ISAKMP protocol packets. What security solution is represented?

Question80: Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

Question81: Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server.
Where must the X.509 server certificate and private key be installed in this network?

Question82: Given: AAA is an architectural framework used to provide three separate security components in a network. Listed below are three phrases that each describe one aspect of the AAA framework.
Option-1 - This AAA function is performed first and validates user identify prior to determining the network resources to which they will be granted access.
Option-2 - This function is used for monitoring and auditing purposes and includes the collection of data that identifies what a user has done while connected.
Option-3 - This function is used to designate permissions to a particular user.
What answer correctly pairs the AAA component with the descriptions provided above?

Question83: Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

Question84: Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.
What security best practices should be followed in this deployment scenario?

Question85: Given: You are using a Wireless Aggregator utility to combine multiple packet captures. One capture exists for each of channels 1, 6 and 11. What kind of troubleshooting are you likely performing with such a tool?

Question86: What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

Question87: You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4-way handshake.
Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)

Question88: What preventative measures are performed by a WIPS against intrusions?

Question89: What software and hardware tools are used together to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network? (Choose 2)