401 SEC+ Exam Guaranteed Pass: Certified
Questions & Correct Answers to Improve Academic
Performance
Which of the following is a step in deploying a WPA2-Enterprise wireless network?
A. Install a token on the authentication server
B. Install a DHCP server on the authentication server
C. Install an encryption key on the authentication server
D. Install a digital certificate on the authentication server - -correct ans- -Answer: D
Explanation:
When setting up a wireless network, you'll find two very different modes of Wi-Fi Protected
Access (WPA) security, which apply to both the WPA and WPA2 versions.
The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK)
mode. It doesn't require anything beyond the wireless router or access points (APs) and
uses a single passphrase or password for all users/devices.
The other is the Enterprise mode —which should be used by businesses and
organizations—and is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides
better security and key management, and supports other enterprise-type functionality,
such as VLANs and NAP. However, it requires an external authentication server, called a
Remote Authentication Dial In User Service (RADIUS) server to handle the 802.1X
authentication of users.
To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X,
here's the basic overall steps:
Choose, install, and configure a RADIUS server, or use a hosted service.
Create a certificate authority (CA), so you can issue and install a digital certificate onto the
RADIUS server, which may be done as a part of the RADIUS server installation and
configuration. Alternatively, you could purchase a digital certificate from a public CA, such
,as GoDaddy or Verisign, so you don't have to install the server certificate on all the clients.
If using EAP-TLS, you'd also create digital certificates for each end-user.
On the server, populate the RADIUS client database with the IP address and shared secret
for each AP.
On the server, populate user data with usernames and passwords for each end-user.
On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server
IP address and the shared secret you created for that particular AP.
A security administrator must implement a wireless security system, which will require
users to enter a 30 character ASCII password on their accounts. Additionally the system
must support 3DS wireless encryption.
Which of the following should be implemented?
A. WPA2-CCMP with 802.1X
B. WPA2-PSK
C. WPA2-CCMP
D. WPA2-Enterprise - -correct ans- -Answer: D
Explanation:
D: WPA-Enterprise is also referred to as WPA-802.1X mode, and sometimes just WPA (as
opposed to WPA-PSK), this is designed for enterprise networks and requires a RADIUS
authentication server. This requires a more complicated setup, but provides additional
security (e.g. protection against dictionary attacks on short passwords). Various kinds of
the Extensible Authentication Protocol (EAP) are used for authentication. RADIUS can be
managed centrally, and the servers that allow access to a network can verify with a RADIUS
server whether an incoming caller is authorized. Thus the RADIUS server can perform all
authentications. This will require users to use their passwords on their user accounts.
Configuring key/value pairs on a RADIUS server is associated with deploying which of the
following?
A. WPA2-Enterprise wireless network
, B. DNS secondary zones
C. Digital certificates
D. Intrusion detection system - -correct ans- -Answer: A
Explanation:
WPA2-Enterprise is designed for enterprise networks and requires a RADIUS authentication
server.
A security administrator must implement a network authentication solution which will
ensure encryption of user credentials when users enter their username and password to
authenticate to the network.
Which of the following should the administrator implement?
A. WPA2 over EAP-TTLS
B. WPA-PSK
C. WPA2 with WPS
D. WEP over EAP-PEAP - -correct ans- -Answer: D
Explanation:
D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a
wired network. WEP has vulnerabilities and isn't considered highly secure. Extensible
Authentication Protocol (EAP) provides a framework for authentication that is often used
with wireless networks. Among the five EAP types adopted by the WPA/ WPA2 standard are
EAP-TLS, EAP-PSK, EAP
MD5, as well as LEAP and PEAP.
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a
secure TLS tunnel to protect user authentication, and uses server-side public key
certificates toauthenticate the server. It then creates an encrypted TLS tunnel between the
client and the authentication server. In most configurations, the keys for this encryption are
transported using the server's public key. The ensuing exchange of authentication
Questions & Correct Answers to Improve Academic
Performance
Which of the following is a step in deploying a WPA2-Enterprise wireless network?
A. Install a token on the authentication server
B. Install a DHCP server on the authentication server
C. Install an encryption key on the authentication server
D. Install a digital certificate on the authentication server - -correct ans- -Answer: D
Explanation:
When setting up a wireless network, you'll find two very different modes of Wi-Fi Protected
Access (WPA) security, which apply to both the WPA and WPA2 versions.
The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK)
mode. It doesn't require anything beyond the wireless router or access points (APs) and
uses a single passphrase or password for all users/devices.
The other is the Enterprise mode —which should be used by businesses and
organizations—and is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides
better security and key management, and supports other enterprise-type functionality,
such as VLANs and NAP. However, it requires an external authentication server, called a
Remote Authentication Dial In User Service (RADIUS) server to handle the 802.1X
authentication of users.
To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X,
here's the basic overall steps:
Choose, install, and configure a RADIUS server, or use a hosted service.
Create a certificate authority (CA), so you can issue and install a digital certificate onto the
RADIUS server, which may be done as a part of the RADIUS server installation and
configuration. Alternatively, you could purchase a digital certificate from a public CA, such
,as GoDaddy or Verisign, so you don't have to install the server certificate on all the clients.
If using EAP-TLS, you'd also create digital certificates for each end-user.
On the server, populate the RADIUS client database with the IP address and shared secret
for each AP.
On the server, populate user data with usernames and passwords for each end-user.
On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server
IP address and the shared secret you created for that particular AP.
A security administrator must implement a wireless security system, which will require
users to enter a 30 character ASCII password on their accounts. Additionally the system
must support 3DS wireless encryption.
Which of the following should be implemented?
A. WPA2-CCMP with 802.1X
B. WPA2-PSK
C. WPA2-CCMP
D. WPA2-Enterprise - -correct ans- -Answer: D
Explanation:
D: WPA-Enterprise is also referred to as WPA-802.1X mode, and sometimes just WPA (as
opposed to WPA-PSK), this is designed for enterprise networks and requires a RADIUS
authentication server. This requires a more complicated setup, but provides additional
security (e.g. protection against dictionary attacks on short passwords). Various kinds of
the Extensible Authentication Protocol (EAP) are used for authentication. RADIUS can be
managed centrally, and the servers that allow access to a network can verify with a RADIUS
server whether an incoming caller is authorized. Thus the RADIUS server can perform all
authentications. This will require users to use their passwords on their user accounts.
Configuring key/value pairs on a RADIUS server is associated with deploying which of the
following?
A. WPA2-Enterprise wireless network
, B. DNS secondary zones
C. Digital certificates
D. Intrusion detection system - -correct ans- -Answer: A
Explanation:
WPA2-Enterprise is designed for enterprise networks and requires a RADIUS authentication
server.
A security administrator must implement a network authentication solution which will
ensure encryption of user credentials when users enter their username and password to
authenticate to the network.
Which of the following should the administrator implement?
A. WPA2 over EAP-TTLS
B. WPA-PSK
C. WPA2 with WPS
D. WEP over EAP-PEAP - -correct ans- -Answer: D
Explanation:
D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a
wired network. WEP has vulnerabilities and isn't considered highly secure. Extensible
Authentication Protocol (EAP) provides a framework for authentication that is often used
with wireless networks. Among the five EAP types adopted by the WPA/ WPA2 standard are
EAP-TLS, EAP-PSK, EAP
MD5, as well as LEAP and PEAP.
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a
secure TLS tunnel to protect user authentication, and uses server-side public key
certificates toauthenticate the server. It then creates an encrypted TLS tunnel between the
client and the authentication server. In most configurations, the keys for this encryption are
transported using the server's public key. The ensuing exchange of authentication
