CISSP PRACTICE QUESTIONS – 20210421

Effective CISSP Questions

Wi-Fi Protected Access (WPA), superseding Wired Equivalent Privacy (WEP) in 2003, WPA2 (2004), and WPA3 (2018) are security certification programs developed by the Wi-Fi Alliance to secure wireless networks. Which of the following is correct? (Wentz QOTD)
A. TKIP is used in WEP to enforce confidentiality.
B. WPA3 employs HMAC to enforce nonrepudiation.
C. WPA uses RC4 as the underlying cipher for confidentiality.
D. WPA2 uses a stream cipher in CCM mode (counter with CBC-MAC).

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. WPA uses RC4 as the underlying cipher for confidentiality.

  • RC4 is used in WEP to enforce confidentiality. However, “in August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP[14] that exploits the way the RC4 ciphers and IV are used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network.” (Wikipedia)
  • WPA3 employs HMAC to enforce authenticity; nonrepudiation is enforced by digital signature.
  • WPA uses TKIP, employing RC4 as the underlying cipher, for confidentiality.
  • WPA2 uses the AES, a block cipher, in CCM mode (counter with CBC-MAC).

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

Wi-Fi保護訪問(WPA),取代了2003年的有線等效保密(WEP),WPA2(2004)和WPA3(2018),是Wi-Fi聯盟開發的用於確保無線網絡安全的安全認證程序。 以下哪項是正確的?(Wentz QOTD)
A. TKIP在WEP中被用於強化機密性。
B. WPA3使用HMAC來實施不可否認性。
C. WPA使用RC4作為機密性的底層加密器(cipher)。
D. WPA2在CCM模式下使用流密碼(帶有CBC-MAC的計數器)。

Leave a Reply