Chapter 79 · Quiz

Wireless Security Settings — Quiz

10-question assessment covering WPA2 PSK vulnerabilities, SAE/WPA3, GCMP, forward secrecy, wireless security modes, AAA, RADIUS, 802.1X, and EAP.

Question 1 of 6
An attacker passively monitors a WPA2-Personal wireless network near a coffee shop. A customer connects to the Wi-Fi. The attacker captures the connection exchange and drives away. Later, the attacker successfully recovers the Wi-Fi passphrase using a GPU-accelerated cracking tool. Which specific property of WPA2 PSK made this attack possible?
Question 2 of 6
A security engineer explains to management why WPA3-Personal is significantly more secure than WPA2-Personal for the company's wireless network. Which TWO properties of WPA3 SAE most directly eliminate the attack that the WPA2 four-way handshake enables? (Select the best single answer that captures both.)
Question 3 of 6
A medium-sized accounting firm needs wireless authentication that provides individual user accountability, allows IT to revoke a terminated employee's access immediately without disrupting any other user, and generates per-user session logs for compliance auditing. Which wireless security mode meets these requirements?
Question 4 of 6
After a successful wireless authentication, a RADIUS server determines that the authenticated user should be placed on VLAN 40 (guest access) rather than VLAN 10 (internal) and should have a maximum session duration of 8 hours. Which component of the AAA framework does this RADIUS response represent?
Question 5 of 6
In an 802.1X wireless authentication deployment, the access point receives the user's EAP credentials and forwards them to the RADIUS server. The RADIUS server returns an Access-Accept message. The access point then opens the port and grants network access. Which 802.1X role does the access point fulfill, and what is the defining characteristic of that role?
Question 6 of 6
A university IT team is deploying 802.1X wireless authentication for 30,000 students using personal devices. They cannot issue and manage client certificates at this scale. They need a solution where only the RADIUS server requires a certificate and students authenticate with their existing university username and password, with the credential exchange protected by a TLS tunnel. Which EAP method should they deploy?

Matching

Match each wireless security scenario to the term it best represents.

1. All users on the home wireless network share a single 256-bit passphrase. Unlike WPA2, the connection handshake derives session keys independently on each side using Diffie-Hellman — no hash of the passphrase is transmitted across the wireless medium, eliminating offline brute-force attacks.
2. WPA3 uses this single algorithm to provide both AES-based data encryption for confidentiality and GMAC-based message integrity checking — replacing the separate CCMP algorithm used in WPA2.
3. In an 802.1X deployment, this is the role filled by the wireless access point — it blocks network access until authentication succeeds, relays EAP credential messages between the client and the authentication server, and opens the logical port upon receiving an Access-Accept response.
4. The centralized AAA server that receives forwarded authentication requests from access points, validates credentials against Active Directory, and returns Access-Accept or Access-Reject responses — optionally including authorization attributes such as VLAN assignment and session time limits.
A. GCMP
B. WPA3-Personal
C. Authenticator
D. RADIUS