CVA CVA Wireless & Mobile Security Assessment

Question 1

Which wireless attack involves setting up an unauthorized access point with the same SSID as the legitimate corporate network to intercept client traffic?

Accepted Answer

Evil twin attack

Answer

An evil twin attack creates a rogue access point mimicking the legitimate network SSID, causing clients to connect to the attacker's AP and exposing their traffic to interception.

Question 2

What vulnerability in WPA2-Enterprise can be exploited if clients do not validate the RADIUS server certificate?

Accepted Answer

Evil twin with credential harvesting via fake RADIUS server

Answer

If WPA2-Enterprise clients don't validate the RADIUS server certificate, an evil twin with a rogue RADIUS server can capture MSCHAPv2 credentials for offline cracking.

Question 3

During a wireless security assessment, what does the 'deauthentication attack' accomplish?

Accepted Answer

Forces connected clients to disconnect from the legitimate AP, enabling capture of WPA handshakes or forcing connections to a rogue AP

Answer

Deauthentication attacks send spoofed 802.11 deauthentication frames to force client disconnection, triggering reconnection handshakes that can be captured for offline password cracking.

Question 4

What is the KRACK attack and which wireless security protocol does it target?

Accepted Answer

Key Reinstallation Attack targeting WPA2, exploiting nonce reuse vulnerabilities in the 4-way handshake

Answer

KRACK (Key Reinstallation Attack) exploits WPA2's 4-way handshake by manipulating retransmissions to reinstall already-used keys, enabling nonce reuse and traffic decryption.

Question 5

Which tool is commonly used during wireless assessments to capture WPA/WPA2 handshakes for offline password cracking?

Accepted Answer

Aircrack-ng suite (airodump-ng)

Answer

The Aircrack-ng suite, specifically airodump-ng, captures wireless traffic and WPA/WPA2 handshakes, which can then be subjected to dictionary or brute-force attacks using aircrack-ng.

(CVA) Certified Vulnerability Assessor Practice Test

(CVA) Certified Vulnerability Assessor Practice Test

CVA CVA Wireless & Mobile Security Assessment