Chapter 20
A1: | c |
A2: | b |
A3: | b, d, e |
A4: | b, d, e |
A5: | b |
A6: | b, c, e |
A7: | b, c, d |
A8: | c |
A9: | b, c, e |
A10: | a |
A11: | a |
A12: | b, c, d |
A13: | b |
A14: | b |
Q&A
1: | What four SAFE modules are used in the large-enterprise IPSec WLAN design? |
A1: | Building moduleBuilding Distribution moduleEdge Distribution moduleServer module |
2: | What two design options are available within the remote WLAN design model? |
A2: | Software-based VPN WLAN designHardware-based VPN WLAN design |
3: | Name at least three of the potential threats or problems associated with the axiom "Wireless networks are targets." |
A3: | Interference and jammingMAC authenticationDenial or degradation of serviceRogue access points802.11 is insecure |
4: | What is the recommendation with regard to network-management traffic and WLANs? |
A4: | Use VLANs on access points to isolate management traffic from user traffic. |
5: | Name two of the three extensible authentication protocols. |
A5: | Cisco Lite EAP (LEAP)EAP-Transport Layer Security (EAP-TLS)Protected EAP (PEAP) |
6: | What two mitigation technologies are used in the design of WLANs? |
A6: | Implementing a mutual authentication-based and key-distribution method using 802.1X with Wired Equivalent Privacy (WEP) ImprovementsImplementing a network layer encryption approach based on IP Security (IPSec) |
7: | 802.1X and EAP provide what three main elements in the design approach of secure WLANs? |
A7: | Mutual authentication between the wireless client and an authentication server using a RADIUS serverDynamically derived encryption keys after authenticationCentralized policy control for reauthentication and generation of encryption keys |
8: | Name three models of Cisco wireless access points or bridges. |
A8: | Cisco Aironet 350Cisco Aironet 1100Cisco Aironet 1200Cisco Aironet 1300Cisco Aironet 1400 |
9: | Name the WLAN IPSec design threats and threat mitigations. |
A9: | Address Resolution Protocol (ARP) spoofingIP spoofingMan-in-the middle attacksNetwork topology discoveryPassword attackWireless packet sniffers |
