- Tutorials
- Courses
- Tracks
Cyber Quiz Day 38
Question 1
You inherit a campus Wi-Fi using WEP with shared-key auth. What’s the most realistic, immediate mitigation before a full redesign?
Increase WEP key length to 256-bit
Rotate WEP keys daily and add MAC filtering
Migrate SSIDs to WPA2/WPA3 and disable WEP radios
Keep WEP but tunnel all traffic over HTTP
Question 2
A coffee-shop hotspot is open (no password). Which protection most directly limits credential theft for users?
Hide SSID
Force HTTPS/HSTS for all logins and sensitive flows
Lower AP transmit power
Use a captive portal splash page
Question 3
During an audit you see WPA2-PSK (AES-CCMP) with weak passwords. What’s the most likely successful attack?
KRACK reinstallation by default
Offline dictionary/brute-force against the PSK (from captured handshake)
VLAN hopping
Evil-twin fails because AES is enabled
Question 4
In 802.1X/EAP, match each role correctly.
Supplicant = AP, Authenticator = RADIUS, Server = Client
Supplicant = RADIUS, Authenticator = Client, Server = AP
Supplicant = AP, Authenticator = Client, Server = Switch
Supplicant = Client, Authenticator = AP/WLC, Server = RADIUS
Question 5
Which pairing is most accurate for methods/framework?
WEP → AES-CCMP
WPA3-SAE → 4-way pre-shared handshake
WPA2-Enterprise → 802.1X + RADIUS
PEAP → open system (no auth)
Question 6
You must onboard IoT devices with no keyboard/screen to a secure WLAN. Which approach fits the goal?
WPA3 Wi-Fi Easy Connect (DPP) with device onboarding
WPA2-PSK with a 64-char random passphrase
WEP + shared key preloaded at factory
Open SSID plus captive portal
Question 7
What did KRACK primarily exploit?
AES block size
Nonce/key reinstallation in the WPA2 4-way handshake
TKIP MIC weakness
SSID broadcast beacons
Question 8
Why is LAN generally harder to eavesdrop on than Wi-Fi?
Physical access is required; frames don’t radiate into open air
Switches encrypt traffic by default
Ethernet uses WPA3 by default
Copper attenuates passwords
Question 9
Which statement best describes WPA3-SAE in practice?
Per-session password-authenticated key exchange that resists offline dictionary capture
Uses a shared PSK string identical to WPA2
Requires digital certificates on clients
Reuses WPA2’s 4-way handshake without changes
Question 10
A university wants per-user revocation and unique credentials on Wi-Fi. The most suitable configuration is:
WPA2-PSK with very long passphrase
WPA3-SAE with a shared passphrase
Open SSID + VPN recommendation
WPA2/WPA3-Enterprise with 802.1X (EAP-TLS or PEAP) and RADIUS
There are 10 questions to complete.