» Authentication and Encryption

By | September 24, 2012

Here you will find answers to Authentication and Encryption Questions

Question 1

What are three primary components that describe TKIP? (Choose three)

A. Broadcast Key Rotation
B. Dynamic WEP
C. Message Integrity Check
D. Per-Packet Key Hashing
E. Symmetric Key Cipher
F. WPA2 Enterprise Mode


Answer: A C D


TKIP offers three advantages over WEP:

* Per packet keying: Each packet is generated using a unique key so it is much more difficult to get from repetitive data back to the key.
* Message integrity check: (MIC – If the message integrity check does not pass, the message is seen as a forgery. If two forgeries are detected in one second, the radio assumes it is under attack. It deletes its session key, disassociates itself, then forces re-association)
* Broadcast key rotation: Broadcast key is required in 802.1X environments but it is vulnerable to same attacks as static WEP key. By using broadcast key rotation, key is delivered to client encrypted with client’s dynamic key.

Based on Per packet keying & Message integrity check, every packet has a unique encryption key and each packet is digitally signed to validate the source of the sender before decrypting it to make sure the packet is valid and that it’s coming from a trusted source and not being spoofed

Per Packeting Keying



Integrity Check


Question 2

What is the impact of configuring a single SSID to simultaneously support both TKIP and AES encryption?

A. The overhead associated with supporting both encryption methods will significantly degrade client throughput.
B. Some wireless client drivers might not handle complex SSID settings and may be unable to associate to the WLAN.
C. This is an unsupported configuration and the Cisco Wireless Control System will continuously generate alarms until the configuration is corrected.
D. This is a common configuration for migrating from WPA to WPA2. There is no problem associated with using this configuration.


Answer: D


Please login or register to see this part

Question 3

What is the Default Local Database size for authenticating local users?

A. 512 entries
B. 1024 entries
C. 2048 entries
D. 4096 entries
E. 8192 entries


Answer: A

Question 4

Which statement best represents the authorization aspect of AAA?

A. Authorization takes place after a successful authentication and provides the Cisco WLC the information needed to allow client access to network resources.
B. Authorization is the validation of successful DHCP address delivery to the wireless client.
C. Authorization must be successfully completed in order to proceed with the authentication phase.
D. Successful authorization will provide encryption keys that will be used to secure the wireless communications between client and AP.


Answer: A


AAA is an architectural framework for configuring a set of three independent security functions in a consistent manner. AAA provides a modular way of performing the following services:

* Authentication: Provides the method of identifying users, including login and password dialog, challenge and response, messaging support, and, depending on the security protocol you select, encryption.
* Authorization: Provides the method for remote access control, including one-time authorization or authorization for each service, per-user account list and profile, user group support, and support of IP, IPX, ARA, and Telnet.
* Accounting: Provides the method for collecting and sending security server information used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands (such as PPP), number of packets, and number of bytes.

(Reference: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html)

Question 5

Which Extensible Authentication Protocol types are supported by the Cisco Unified Wireless Network?

B. LEAP and EAP-FAST only
D. Any EAP supported by the RADIUS authentication server


Answer: D

Question 6

The 4-way handshake is used to establish which key during the WPA authentication process?

A. Pairwise Master Key
B. Pairwise Multiple Key
C. Pairwise Session Key
D. Pairwise Transient Key
E. Pairwise Transverse Key

Answer: D


Please login or register to see this part

Question 7

Which four parameters need to be configured for local EAP-FAST on the controller? (Choose four)

A. Authority ID
B. Authority ID Information
C. Client Key
E. Server Key
F. TTL for PAC
G. Monitor Key
H. NTP Source


Answer: A B E F


EAP-FAST is designed to speed re-authentication when a station roams from one AP to another. Here are the parameters that can be configured:

* Server Key (in hexadecimal): The key (in hexadecimal characters) used to encrypt and decrypt PACs.
* Time to Live for the PAC: Enter the number of days for the PAC to remain viable. The valid range is 1 to 1000 days, and the default setting is 10 days.
* Authority ID (in hexadecimal): Enter the authority identifier of the local EAP-FAST server in hexadecimal characters. It is possible to enter up to 32 hexadecimal characters,  but an even number of characters must be entered. This will identify the controller as the emitter of the PAC.
* Authority ID Information: Enter the authority identifier of the local EAP-FAST server in text format.
* Anonymous Provision: Enable this setting to allow anonymous provisioning. This feature allows PACs to be sent automatically to clients that do not have one during PAC provisioning. If this feature is disabled, PACS must be manually provisioned. Disable this feature when using EAP-FAST with certificates. The default setting is enabled.

Question 8

When using the enterprise-based authentication method for WPA2, a bidirectional handshake exchange occurs between the client and the authenticator. Which five statements are results of that exchange using controller based network? (Choose five)

A. a bidirectional exchange of a nonce used for key generation
B. binding of a Pairwise Master Key at the client and the controller
C. creation of the Pairwise Transient Key
D. distribution of the Group Transient Key
E. distribution of the Pairwise Master key for caching at the access point
F. proof that each side is alive


Answer: A B C D F

Question 9

What are four features of WPA? (Choose four)

A. a larger initialization vector, increased to 48 bits
B. a message integrity check protocol to prevent forgeries
C. authenticated key management using 802.1X
D. support for a key caching mechanism
E. unicast and broadcast key management
F. requires AES-CCMP


Answer: A B C E

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.