0 / 10 flipped
Term
Wireless Site Survey
Definition
A systematic assessment of the radio frequency environment in a physical area. Identifies existing access points (authorized and unauthorized/rogue), maps signal coverage, detects interference, and guides channel and AP placement. Should be repeated periodically β environments change as new devices appear, tenants move in, and physical spaces are modified. Heat maps are a key output.
Concept
What is the difference between a wireless survey tool and a spectrum analyzer? When do you need each?
Answer
Wireless survey tool (NetSpot, Ekahau, inSSIDer): shows 802.11 Wi-Fi devices only β SSIDs, BSSIDs, channels, signal strength. Best for AP inventory, channel planning, rogue AP detection, heat map generation.
Spectrum analyzer: shows ALL radio frequency activity across bands β including non-Wi-Fi sources (microwave ovens, baby monitors, cordless phones, Bluetooth). Use when standard survey tools show no problems but interference persists. The spectrum analyzer finds the invisible sources.
Spectrum analyzer: shows ALL radio frequency activity across bands β including non-Wi-Fi sources (microwave ovens, baby monitors, cordless phones, Bluetooth). Use when standard survey tools show no problems but interference persists. The spectrum analyzer finds the invisible sources.
Term
Heat Map
Definition
A visual overlay of wireless signal strength on a floor plan. Warm colors (red, yellow) = strong signal; cool colors (blue, purple) = weak signal. Security use: identifies where signal extends beyond intended boundaries β signal bleeding into parking lots or adjacent buildings creates external attack surface. Operational use: reveals dead zones and coverage gaps before deployment or after changes to the physical environment.
Concept
What are the three ownership models for mobile devices: BYOD, COPE, and CYOD?
Answer
BYOD (Bring Your Own Device): Employee owns the device. MDM manages only the corporate partition. Organization has limited control; personal data outside organizational reach. Risk: device disposal, privacy tensions.
COPE (Corporate Owned, Personally Enabled): Organization owns the device; personal use permitted. Organization can wipe entire device at any time. Full organizational control.
CYOD (Choose Your Own Device): Variant of COPE β organization owns, employee selects from approved model list. Balances preference with organizational control.
COPE (Corporate Owned, Personally Enabled): Organization owns the device; personal use permitted. Organization can wipe entire device at any time. Full organizational control.
CYOD (Choose Your Own Device): Variant of COPE β organization owns, employee selects from approved model list. Balances preference with organizational control.
Term
MDM (Mobile Device Management) β key capabilities
Definition
Centralized mobile management platform. Key capabilities:
β’ Policy enforcement β pushes security configs automatically
β’ Feature control β enable/disable camera, Bluetooth, etc. by context
β’ App management β require/block specific apps
β’ Data segmentation β corporate and personal partitions
β’ Screen lock + PIN β protects lost/stolen devices
β’ Remote wipe β erases corporate data (or whole device) from console
Both BYOD and COPE devices are managed through MDM β the level of control differs based on ownership.
β’ Policy enforcement β pushes security configs automatically
β’ Feature control β enable/disable camera, Bluetooth, etc. by context
β’ App management β require/block specific apps
β’ Data segmentation β corporate and personal partitions
β’ Screen lock + PIN β protects lost/stolen devices
β’ Remote wipe β erases corporate data (or whole device) from console
Both BYOD and COPE devices are managed through MDM β the level of control differs based on ownership.
Concept
What are the three Wi-Fi attack types and their defenses?
Answer
1. Data capture (eavesdropping): Attacker captures wireless frames in range.
Defense: Encrypt all traffic β WPA3, TLS, VPN on public networks.
2. On-path attack (rogue AP / ARP poisoning): Attacker inserts between client and network; reads/modifies traffic.
Defense: WPA3 Enterprise with certificate auth; avoid auto-connect to open networks; end-to-end TLS.
3. Denial of service (deauth / jamming): Forged deauth frames or RF interference disconnects clients.
Defense: 802.11w management frame protection (WPA3 enforces this); physical security.
Defense: Encrypt all traffic β WPA3, TLS, VPN on public networks.
2. On-path attack (rogue AP / ARP poisoning): Attacker inserts between client and network; reads/modifies traffic.
Defense: WPA3 Enterprise with certificate auth; avoid auto-connect to open networks; end-to-end TLS.
3. Denial of service (deauth / jamming): Forged deauth frames or RF interference disconnects clients.
Defense: 802.11w management frame protection (WPA3 enforces this); physical security.
Concept
What is a Wi-Fi deauthentication attack, and what makes it particularly effective?
Answer
A deauthentication attack sends forged IEEE 802.11 management frames that tell clients they have been disconnected from the access point. Clients accept and act on these frames immediately.
What makes it particularly effective: the attacker does not need to be authenticated on the network. Any device within Wi-Fi range can send these frames. Before 802.11w, management frames were not authenticated β no way to verify they came from a legitimate AP.
Defense: 802.11w (Management Frame Protection), which is mandated by WPA3, authenticates management frames so forged deauth frames are rejected.
What makes it particularly effective: the attacker does not need to be authenticated on the network. Any device within Wi-Fi range can send these frames. Before 802.11w, management frames were not authenticated β no way to verify they came from a legitimate AP.
Defense: 802.11w (Management Frame Protection), which is mandated by WPA3, authenticates management frames so forged deauth frames are rejected.
Term
Cellular Security Risks β three key concerns
Definition
1. Traffic monitoring: IMSI catchers (stingrays) impersonate cell towers, forcing devices to connect and allowing traffic interception; protocol downgrade attacks reduce encryption strength.
2. Location tracking: Cellular networks must know which cell a device is in to route communications β device location is continuously known to the carrier and can be obtained or leaked.
3. Global attack surface: A cellular-connected device is reachable from anywhere in the world β unpatched vulnerabilities are globally exposed, not just locally accessible. Keeping devices patched is critical.
2. Location tracking: Cellular networks must know which cell a device is in to route communications β device location is continuously known to the carrier and can be obtained or leaked.
3. Global attack surface: A cellular-connected device is reachable from anywhere in the world β unpatched vulnerabilities are globally exposed, not just locally accessible. Keeping devices patched is critical.
Term
Bluetooth PAN and Security Risks
Definition
Bluetooth: short-range (10β100m) wireless for Personal Area Networks β headsets, smartwatches, health monitors, car integration, external speakers.
Security model: pairing process establishes a shared key with user confirmation before first connection.
Risks:
β’ Unauthorized pairing if device accepts unknown connections
β’ Auto-connect to a spoofed familiar device (malicious device with same name)
β’ Eavesdropping after pairing
Best practices: Do not accept unknown pairing requests. Do not leave discoverable when not pairing. Disable when not in use.
Security model: pairing process establishes a shared key with user confirmation before first connection.
Risks:
β’ Unauthorized pairing if device accepts unknown connections
β’ Auto-connect to a spoofed familiar device (malicious device with same name)
β’ Eavesdropping after pairing
Best practices: Do not accept unknown pairing requests. Do not leave discoverable when not pairing. Disable when not in use.
Concept
What is the key BYOD data protection challenge around device disposal, and what control addresses it?
Answer
Challenge: When an employee sells, trades in, or loses a personally-owned BYOD device, corporate data in the MDM work profile may still be on the device. A user-initiated factory reset may not reliably wipe the MDM work profile before the device changes hands. Without organizational confirmation, the wipe may never happen.
Control: Explicit BYOD offboarding procedure β IT must trigger a confirmed remote wipe of the corporate partition via MDM before the device is disposed of. Policy must require employees to notify IT before disposal, and IT must verify successful wipe completion before releasing the device. Without the procedure, the capability (remote wipe) is never used.
Control: Explicit BYOD offboarding procedure β IT must trigger a confirmed remote wipe of the corporate partition via MDM before the device is disposed of. Policy must require employees to notify IT before disposal, and IT must verify successful wipe completion before releasing the device. Without the procedure, the capability (remote wipe) is never used.