CEH Wireless Network Hacking

Question 1

Which fundamental cryptographic weakness in WEP makes it vulnerable to key recovery attacks?

Accepted Answer

Reuse of short 24-bit Initialization Vectors leading to keystream collisions

Answer

Use of static IV values that never change

Answer

Lack of any encryption algorithm

Answer

Use of RSA public-key encryption

Question 2

During a WPA2-Personal attack, an attacker captures the four-way handshake. What is the attacker's next step to crack the passphrase?

Accepted Answer

Perform a dictionary or brute-force attack against the captured EAPOL handshake offline

Answer

Exploit a buffer overflow in the access point firmware

Answer

Send deauthentication frames continuously to the client

Answer

Inject ARP packets to generate traffic

Question 3

An attacker sets up an access point with the same SSID as a legitimate network and a stronger signal to lure victims. This attack is called a(n):

Accepted Answer

Rogue AP / Evil Twin attack

Answer

Deauthentication attack

Answer

Bluejacking attack

Answer

WPS Pixie Dust attack

Question 4

Which tool is most commonly used in CEH scenarios to capture WPA/WPA2 handshakes and crack wireless keys using wordlists?

Accepted Answer

Aircrack-ng

Answer

Wireshark

Answer

Metasploit

Answer

Nessus

Question 5

What is the primary vulnerability exploited by the WPS PIN attack (Reaver)?

Accepted Answer

The WPS PIN is split into two halves that can be brute-forced independently, reducing combinations from 10^8 to ~11,000

Answer

WPS PIN is transmitted in plaintext over the air

Answer

WPS uses MD5 hashing which has known collisions

Answer

WPS PINs are always 4 digits

Question 6

An attacker sends spoofed 802.11 management frames with reason code 7 to disconnect clients from their access point. This technique is known as:

Accepted Answer

Deauthentication (deauth) attack

Answer

ARP poisoning

Answer

Beacon flooding

Answer

PMKID attack

Question 7

Which wireless encryption standard introduced CCMP (Counter Mode with CBC-MAC Protocol) based on AES to replace the insecure TKIP?

Accepted Answer

WPA2

Answer

WEP

Answer

WPA (WPA1)

Answer

WPS