CVA CVA Wireless & Mobile Security Assessment

Question 1

Which wireless attack involves setting up an unauthorized access point with the same SSID as the legitimate corporate network to intercept client traffic?

Accepted Answer

Evil twin attack

Answer

Deauthentication attack

Answer

WPS brute force

Answer

Karma attack

Question 2

What vulnerability in WPA2-Enterprise can be exploited if clients do not validate the RADIUS server certificate?

Accepted Answer

Evil twin with credential harvesting via fake RADIUS server

Answer

KRACK (Key Reinstallation Attack)

Answer

WPS PIN brute force

Answer

Deauthentication flooding

Question 3

During a wireless security assessment, what does the 'deauthentication attack' accomplish?

Accepted Answer

Forces connected clients to disconnect from the legitimate AP, enabling capture of WPA handshakes or forcing connections to a rogue AP

Answer

Cracks the WPA2 pre-shared key

Answer

Bypasses MAC address filtering

Answer

Exploits WPS vulnerabilities to recover the PSK

Question 4

What is the KRACK attack and which wireless security protocol does it target?

Accepted Answer

Key Reinstallation Attack targeting WPA2, exploiting nonce reuse vulnerabilities in the 4-way handshake

Answer

Key Recovery Attack targeting WEP's RC4 stream cipher

Answer

Key Rotation Attack targeting WPA3's SAE handshake

Answer

Key Cracking Attack targeting WPS PIN authentication

Question 5

Which tool is commonly used during wireless assessments to capture WPA/WPA2 handshakes for offline password cracking?

Accepted Answer

Aircrack-ng suite (airodump-ng)

Answer

Nmap

Answer

Metasploit

Answer

Burp Suite

Question 6

During a mobile application security assessment, what does 'insecure data storage' typically involve?

Accepted Answer

Storing sensitive data (credentials, PII, tokens) in unprotected locations like shared preferences, SQLite databases, or log files accessible to other apps or physical attackers

Answer

Storing large media files on the device

Answer

Using insufficient device storage capacity

Answer

Failing to implement data compression for stored files