CCNA Wireless Chapter 6 Exam Answers

802.11e is…
QoS standard for WLANs

802.11h is…
Transmit power management
Changes transmit power to avoid creating interference for other devices

802.11i is…
Security standard

The original 802.11 standard used…
FHSS and DSSS to achieve 1 and 2 mbps

802.11 is a ___________ standard
layer 2 standard

802.11 is focussed on the delivery of…
MSDU’s between peer LLC devices

802.11 defines…
MAC and PHY sublayer characteristics

The 2 lesser used 802.11 standards are…
802.11ac – bonded channel 802.11n
802.11ad – WiGig 60ghz ISM band

LLC sublayer makes 802.11 look like…
every other L2 protocol to other high level protocols

The MAC layer ________, but the LLC layer __________
changes, stays the same

LLC is independent of…
1) topology
2) trans medium
3) MAC techniques used

LLC provides 3 basic services:
1) Unack’d connectionless
2) Ack’d conn-oriented
3) Ack’d connectionless

The 3 purposes of control frames are…
1) Information
2) Supervisory
3) Unnumbered

A 0 in the IG header bit means
individual address

A 1 in the IG header bit means
group address

A 0 in the CR header bit means
command

A 1 in the CR header bit means
response

In control frames, what does 00 signify?
Receive ready

In control frames, what does 01 signify?
Reject

In control frames, what does 10 signify?
Receiver not ready

In control frames, what does 11 signify?
Undefined

STA’s are generally not a _______
Fixed location

STA’s can be ___________ in 802.11, but not 802.3
Hidden from eachother

802.11 can handle 2 types of stations…
Mobile and portable

In 802.11 context, mobile means… and portable means….
Mobile means device accesses LAN in motion
Portable means device can move but is stationary upon accessing LAN

The PLCP… (PHY layer definition)
Maps MAC sub layer data units to a framing format

The PMD…(PHY layer definition)
Defines characteristics of tx/rx through wireless medium

The PLME…(PHY layer definition)
Manages local PHY functions with MAC management entity

4 speeds of 802.11b
1,2,5.5 and 11mbps

802.11b uses DSSS and CCK

The chipping rate of 802.11b is…
11mhz

802.11b uses the same PLCP as
The original 802.11

Total number of 802.11b channels…
14

Actual allowed number of channels for 802.11b for each country:
US: 11
ETSI: 13
JAPAN: All 14

Power levels for 802.11b…
US: 36dbm
ETSI: 20dbm

In 802.11b, channels 1.6 and 11 are referred to as..
Set 1

In 802.11b, channels 2,3,4,5,7,8,9,10 are referred to as…
Set 2

Channels 1, 6, and 11 exact frequencies are…
2412, 2439, and 2462 mhz

802.11a has how many channels
8

802.11a operates at what throughput potentially…
54mbps

Does 802.11a have any backwards compatibility?
No.

OFDM divides…
Communication channel into equally spaced frequency bands

OFDM creates ____ subcarriers each at _____ distance from eachother
52, 312.5khz

How many OFDM subcarriers are for data? and for syncing?
48, 4

OFDM is less sensitive to ________ than DSSS
Multipath interference

Four 802.11a modulation techniques…
BPSK
QPSK
16QAM
64QAM

802.11g throughput…
54mbps @ 2.4ghz

What is used for 20mbps+ connections in 802.11g?
OFDM

What is used for speeds under 20mbps in 802.11g?
CCK

What is protection mode?
B clients on a G network are protected from OFDM which causes a significant decrease in throughput of 802.11g

Max possible throughput of 802.11n?
600mbps

802.11n operates at…
2.4 and 5ghz

2 techniques for 802.11n
1) MIMO – uses maximum ratio combining
2) Channel bonding
3) Frame aggregation – multiple LLC’s put into one MAC frame

3 legacy modes of 802.11n…
1) greenfield (HT) – assumes no legacy devices
2) Legacy mode (non-HT) – 20mhz channels only, no channel bonding
3) HT mixed mode – RTS/CTS must be a/g format

802.11h is required by…
ETSI for 5ghz range

2 main features of 802.11h…
1) Dynamic frequency selection to avoid interference
2) Transmit control power – minimizes interference on other systems

اكمل القراءة

• twitter
• share
• plus

CCNA Wireless Chapter 7 Exam Answers

MAC layer provides 3 services, which are
1) Asynchronous data service
2) Security services
3) Media access control

With asynchronous data service…
Peer LLC’s exchange MSDU’s

With security services, there are 3 options:
Authentication, WEP or 802.11i

Every frame contains 3 things:
1) MAC header
2) Variable length frame body
3) FCS

The frame body is specific to…
1 of the 3 frame types in 802.11

How long are CRC’s?
4 bytes

The 3 802.11 frame types are:
1) Data
2) Control
3) Management

What do control frames do in 802.11?
Send CTS/RTS, ACK etc.

What do management frames do in 802.11?
Send associations and beacons

Management frames are ______________ to upper layer protocols
Not forwarded

802.11 is a CSMA/CA network, meaning it uses physical and virtual carrier sense mechanisms

Virtual carrier sense mechanisms….
Announce the use of media (NAV)

NAV stands for:
Network allocation vector

The distributed coordination function simply means the exchange of…
RTS’s and CTS’s

Both RTS’s and CTS’s contain a…
Duration field

The duration field is…
The time to tx data frame, ack frame, and inter fame spaces

Four diff. types of IFS’s:
1) SIFS: short inter frame space
2) PIFS: point coordination function inter frame space
3) DIFS: distributed coordination function inter frame space
4) EIFS: extended inter frame space

What does PCF do?
Creates contention free access to wireless network for tx devices, only available in infrastructure networks because AP is the polling master and central point of this optional method of access

The MAC layer can intentially _________ MSDU’s
reorder

When the MAC layer is reordering MSDU’s, what type of frames get priority?
unicast

The frame control field in the MAC header is how long
2 bytes

The protocol version field would be what for the current version?
00

The type bits would be set to what for each type of MAC frame
1) 00 – mgmt
2) 01- ctrl
3) 10 – data

The subtype field in the frame control field consists of…
Additional info about whatever frame type has been specified in the type section

The last half of the frame control field is…
1 byte of flags

If the destination is the distribution system, the To DS bit would be set to…
1

If the source is the distribution system, the From DS bit would be set to…
1

If a wireless distribution system is in play, the From and To DS bits are set to
1

If an ad-hoc network is in play, the From and To DS bits are set to
0

If the More flag is set to 1, what does this mean?
It means the MPDU is too large

What does 802.11 do with MPDU’s which are too large
It can fragment them like TCP does

If the retry flag is set to 1…
The frame has been transmitted before

If the power management flag is set to 1, the station is in
Power save mode

If the more data flag is set to 1….
The station is telling the receiver that the transmission is not complete and it should not enter power save mode

If the protected frame flag is set to 1…
The body is encrypted

If the order flag is set to 1…
An upper layer protocol requested strict order transmission, meaning the MAC layer will not reorder anything

The duration field has 2 functions:
1) Remaining duration
2) AID (association ID)

In the duration field, if bit 15 is 0 the field is…
The remaining duration

In the duration field, if bit 15 is 1 the field is…
The AID of the txing station

There are ___ address fields in an 802.11 frame
4

Data frames use how many address fields in an 802.11 frame?
3 or 4

Control and management frames can use as little as 1 address field in an 802.11 frame

The first 3 bytes of a MAC addr =
The OID of the vendor

The last 3 bytes of a MAC addr =
The unique ID of the MAC entity

5 types of addr’s in 802.11:
1) BSSID (ID’s boundaries)
2) Src
3) Dst (final dst)
4) Tx addr (last to tx)
5) Rx addr (next to rx)

The sequence control field has 2 subfields which are:
1) Fragment # (4 bits)
2) Frame seq # (12 bits)

The max frame body size for unencrypted frames is…
2304 bytes

The max frame body size for encrypted frames is…
2346 bytes

اكمل القراءة

• twitter
• share
• plus

CCNA Wireless Chapter 9 Exam Answers

In a wireless model, frames generally go from a lightweight AP to a WLC

A WLC is…
A WiLAN controller

Active scanning is…
When a client sends probes out

Passive scanning is..
When a client waits for beacons

What comes first, the auth request or the assoc request frame when a client attempts to connect to an AP?
The auth request comes first

Briefly count off the steps for wireless association to an AP
1) Client sends probe
2) AP sends probe response
3) Client sends auth request
4) AP sends auth response
5) Success message sent
6) Association request sent by client
7) Association response sent by AP
8) Client uses RSSI and SNR to determine what speed to send at

Management frames are sent at the …
Lowest possible rate

Data headers are sent at the…
Lowest possible rate

Actual data is sent at the…
Highest possible rate

If a wireless client is sending to a host on a different subnet and has never done so before, it will need to perform the ___ operation to find the ____ address of the __________ gateway
ARP, MAC, default

In an ARP frame sent from a client, the source address is the…the destination address is the…and the receiving address is the…
Host sending ARP
Broadcast because its an ARP broadcast
AP

What interframe space do ACK frames use?
SIFS – short interframe space

The LWAPP adds a ____________ _____________ frames travelling from the AP to the WLC
6 byte header

Who translates 802.11 frames into 802.3 frames in a centralized wireless setup?
The wireless LAN controller

The two main types of WLAN implementation methods are:
1) Distributed (autonomous AP’s)
2) Centralized (LAP + WLC)

WLC’s are responsible for… (5 things)
1) Security policies
2) Intrusion prevention
3) RF management
4) QoS
5) Mobility

LAP’s handle real-time MAC layer services while WLC’s handle non-real-time MAC layer services

Non real time MAC layer services handled by the WLC include:
1) Authentication
2) Association and reassociation (aka mobility)
3) Frame translation and bridging

Public networks broadcast their SSID in a beacon
But private networks wait for probe-requests

In a distributed setup, the address fields are setup as follows in the 802.11 frame:
Field 1: AP = receiving address
Field 2: Source address
Field 3: Destination address
Field 4: Unused

The Ethertype of LWAPP is…
0xBBBB

LWAPP can operate at ______ or ______
Layer 2 or layer 3

If LWAPP is operating at L2, do AP’s need IP’s?
No.

If LWAPP is operating at L3, do AP’s need IP’s?
Yes.

The trunking protocol is called…
802.1q

The trunking protocol adds a ____________ to 802.3 frames
4 byte header

The header added by 802.1q contains what 2 things
1) TPID
2) TCI

The TCI contains…
User priority, 1 bit canonical format, 12 bit VLAN ID

What are the reserved VLAN ID’s?
1 = default
1002 = FDDI
1003 = TR
1004 = FDDINET
1005 = TRNET

اكمل القراءة

• twitter
• share
• plus

CCNA Wireless Chapter 10 and 11 Exam Answers

The CUWN has 5 elements, which are…
1) Client devices
2) Mobility platform
3) Network unification
4) Network management
5) Unified advanced services

Cisco compatible extensions devices have:
1) Wireless mobility
2) QoS
3) NW management
4) Enhanced security

NW unification is…
A migration path into routing/switching platforms via WLC’s

The WLAN management interface for Cisco is called ..
WCS: Wireless control system

The control plane is…
AES-CCM encrypted

The data plane is..
Not encrypted

In a LWAPP header, a data message is C code _ and a control message is C code _
0, 1

Layer 3 LWAPP data traffic uses ports…
UDP src:1024 dst:12222

Layer 3 LWAPP control traffic uses ports…
UDP src:1024 dst:12223

4 stages of AP association to a WLC:
1) Discovery phase
2) Join phase
3) Authorization phase
4) Configuration phase

What LWAPP mode is attempted first?
L2

Cisco prefers L3 discovery process over L2

The management IP of a WLC is handed out via…
Option 43 in a DHCP handout

For an AP to authenticate to a WLC, a _______________ is needed
x.509 certificate

What 2 types of x.509 certificates are there?
1) MIC: manufacturer installed cert
2) SSC: self-signed cert

If authentication is successsful, a _____________ is sent from the WLC to the LAP
Join response

اكمل القراءة

• twitter
• share
• plus

CCNA Wireless Chapter 12, 13 and 14 Exam Answers

Mobility is not synonymous with hot spot connectivity , rather it means a client can move between APs while keeping its IP address

The two types of client mobility are…
1) L2 mobility – client roams AP’s in same subnet
2) L3 mobility – client roams to AP in different subnet

What is a mobility group?
A group of WLC’s which share information with eachother

What is the maximum amount of WLC’s allowed in a mobility group?
24

What are the four requirements when creating mobility groups?
1) IP connectivity between WLC’s
2) Same workgroup name
3) Same virtual interface IP (ex. 1.1.1.1 in labs)
4) The MAC and IP of every other device in the group

What is a mobility domain?
The scope of communication between WLC’s in a WLAN

Mobility groups can be used to isolate roaming between different VLAN’s

Can clients roam between mobility domains?
No

What 4 things are required when a client is roaming between controllers?
1) Same mobility domain
2) Same revision of code
3) All AP’s need to have same SSID’s available
4) Again, virtual interface IP has to be the same

What is a simple way to describe intra-controller roaming?
New AP, same WLC

In intra-controller roaming, when is the client entry made in the database?
After the first AP association

What exactly is PKC?
Proactive key caching, it creates faster roaming times for 802.11i clients

What is a simple way to describe inter-controller roaming?
A client roams between two different WLC’s

What is the basic 4 step process of a client performing inter-controller roaming?
1) The client roams from WLC1 to WLC2
2) WLC2 makes a mobility announcement in order to find the WLC that has the client’s MAC (which is WLC1)
3) WLC1 responds to this announcement, handshakes and ack’s
4) This process moves the client DB entry to WLC2

How is L3 roaming accomplished?
Through a process called EoIP (ethernet over IP).
It is a tunnel created between controllers.
Original controller called “anchor”, the new controller is called the “foreign”

What are the two types of L3 roaming?
1) Symmetric
2) Asymmetric

The 3 primary components of WLC configuration are:
1) WLAN – the SSID and its corresponding parameters
2) Interface – virt. conn. to IP stack
3) Port – phys. connection to wired LAN

Two types of interface on a WLC are:
1) Static
2) Dynamic

Out of the two types of interfaces on a WLC, which one is created by the WLC and which one is created by an administrator?
Static: WLC
Dynamic: Administrator

Describe the management interface:
For in-band management
Used to communicate with other NW devs.
Also used by LAP in discovery phase

Describe the AP manager interface:
This is how the WLC communicates with LAP’s

Describe the virtual interface:
Used by WLC to terminate VPN’s from LAP’s, for DHCP relay connections, mobility management etc

What is special about the virtual interface?
It should not have a routable IP

Describe the service port:
For out-of-band management

What is special about the service port?
No trunking support

Describe the role of dynamic interfaces:
They link SSID’s to VLAN’s

What is the maximum amount of dynamic interfaces allowed on a WLC?
512

What 4 roles can an AP fulfill?
1) AP
2) Repeater
3) WG bridge
4) Scanner

3 things required for converting an autonomous AP to an LWAPP LAP are:
1) Upgrade tool
2) IPSU tool
3) LAP IOS image

What version does the LAP IOS image have to be?
12.3 (7) JA or above

What does the text file contain which is used to upgrade the IOS for LAP purposes?
1) IP of AP
2) Username/PW for telnet auth
3) Enable mode PW

What IP is used for TFTP servers pushing out autonomous AP IOS images?
It must be on the 10.0.0.0 /24 NW

اكمل القراءة

• twitter
• share
• plus

CCNA Wireless Chapter 15 and 16 Exam Answers

The Cisco mobility express solution can be… (2 things)
1) Standalone
2) Controller based

The Cisco mobility express solution is part of the…
SBCS: Cisco smart business communication system

The SBCS contains what 4 things
1) Cisco UC (unified communications) 500 series
2) Cisco unified IP phones
3) Cisco monitor director
4) Cisco mobility solution

How many clients can the Cisco UC 500 support?
48

The Cisco mobility solution consists of what 2 things
1) 526 Wi. Express controller
2) 521 Wi. Express AP

What are the 526 and 521 managed by
The Cisco config assistant

How many controllers and how many AP’s can be used in the cisco mobility solution?
2 controllers, 6 AP’s each = 12

The 521 AP has ________ antennas
internal

Can the 521 AP associate with any other controllers?
no.

Does the cisco mobility express solution support enterprise level LWAPP?
No, it is a reduced feature version

When doing the CLI setup, the normal selection for the 526 is…
Run primary image

Connection to the controller GUI is made via what protocol
HTTPS

When using the CCA, you must create a…
Community (group name for network)

What version of CCA is required to migrate standalone 521 AP’s to LW AP’s?
1.5 or later

The CCA discovers WLC’s via what two things
1) IP discovery
2) CDP

What is the Windows WiLAN config tool called?
WZC: Windows wireless zero configuration utility

What happens if profiles have already been configured on the WZC?
It tries to connect to those networks automatically

WZC clients use _________ scanning
Active

Upon boot, WZC reports any networks being ________
Broadcast

What is active null scanning?
Probe requests that are sent with blank SSID fields

What happens if the WZC cannot establish any connections to infrastructure networks?
It tries ad-hoc networks

What happens if no ad-hoc networks are available for the WZC client to connect to?
It becomes an ad-hoc node and sends out beacons

WLAN profile on a MAC are handled by
AIRPORT/AIRPORT EXTREME

What is the chain of clicks to configure a profile on AIRPORT
Open apple > System prefs > NW > Airport

In Linux that command line tool for joining WiLAN’s is called
iwconfig

The graphical version of Linux’s WiLAN config utility is called
NetworkManager

What is CAM?
Constant awake mode, prevents NIC’s from going into any kind of power saving mode

What is the ADU?
The aironet desktop utility, used for configuration of WiLAN profiles

What is the ACAU?
Aironet client admin. utlity – for pushing out ADU to multiple clients

What is the SSU?
Cisco site survey tool, a minimal site survey program

What is the ASTU?
Aironet system tray utility

What 3 advantages does ADU have over WZC?
1) Channel determination
2) Auth. / sec. config determination
3) RSSI/SNR determination

3 main profiles in ADU are
1) Unsecure
2) 802.1x
3) WPA/WPA2/CCKM

How long are 802.1x WEP keys?
40-104 bits

Imported ADU profile have what extension?
.prf

The 4 connection quality colours in the SSU are..
Green, yellow, orange, red

What is connection quality quantified by by default?
dBm

What is the SSC?
Cisco secure services client, provides L2 802.1x user/device authentication

How are SSCAU profiles saved?
As XML files

اكمل القراءة

• twitter
• share
• plus

CCNA Wireless Chapter 17 Exam Answers

The 4 main threats to wireless NW’s are:
1) Ad-hoc NW formation
2) Rogue AP’s
3) Client missassociations
4) Directed wireless network attacks

What exactly is client missassociation?
An SSID profile is saved and active scanning is in operation, resulting in a client connecting to a network without knowing

What are 4 examples of directed wireless network attacks?
1) DoS
2) Recon probes
3) Authent. penetration
4) MITM attacks

How are directed wireless network attacks most often mitigated?
By authenticating and encrypting management frames.

What is this process of mitigation called exactly?
MFP: management frame protection

Management frames are usually sent unauthenticated and unencrypted

What does MFP do to management frames?
It digitally signs them

The two MFP modes are:
1) Infrastructure
2) Client

In infrastructure MFP,
A hash is generated for every management frame and placed before the FCS

Client MFP is only available with…
CCX 5+ “Cisco compatible extensions”

What does Client MFP/CCX do to management frames
It uses 802.11i to encrypt mgmt frames between the client and the AP

What does Client MFP/CCX defend most effectively against?
MITM and DoS attacks

In Client MFP/CCX, a key is generated for each AP

Why can’t mobile devices associate with MFP LAN’s?
They don’t have the processing power required for the extra encryption/authentication techniques

2 older security methods are:
1) SSID —> wrong SSID? no association
2) MAC authentication

What is open authentication?
It means no authentication key is required

What is the 4 step process to open authentication?
1) Probe
2) Probe response
3) Auth
4) Auth response

In WEP authentication, a ____ key is used to encrypt traffic
WEP key

In WEP, the header is not encrypted is not encrypted, but the the data is is

What encryption type does WEP use?
RC4

What are the 3 different sizes for WEP keys?
40 bits
104 bits
128 bits

In WEP, every key is combined with an….
Initialization vector

What is the basic process of WEP association?
1) Auth request
2) Challenge text packet
3) Challenge text encrypted by supplicant
4) If AP able to decrypt properly supplicant has the right key

EAP is defined under which two RFC’s?
2284, and 3748

EAP usually works alongside..
802.1x or RADIUS

The 4 EAP message types are
1) Request — to supplicant
2) Response — from supplicant
3) Success
4) Failure

What is Cisco LEAP?
A proprietary username/PW based auth. system between a client and a RADIUS server

What is Cisco LEAP’s weakness?
Susceptible to eavesdropping

EAP-TLS is defined under…
RFC 2716

EAP-TLS uses… _________ for authentication
Digital certificates

EAP-TLS uses…__________ to secure communications between client and RADIUS server
PKI

In EAP-TLS, the ________ and __________ authenticate to eachother
client and server

What is TLS based on?
SSL 3.0

What did EAP-TTLS add to EAP-TLS?
Tunneling

PEAP is very similar to..
EAP-TLS

What are the 3 authentication options for PEAP?
1) EAP-MSCHAP V.2
2) EAP-GTC
3) EAP-OTP

What is fast-reconnect?
Roaming b/t AP’s made seamless b/c TLS session ID’s are cached by WLC

The 3 roles of the 802.1x framework are…
1) Supplicant
2) Authenticator
3) Authentication server

It can be said that the authenticator controls __________ access to the network
Physical

If a Cisco ACS is being used as the Authentication server, more _____________ methods of authentication are available
Diverse

802.1x: After the client sends a probe request to the AP, the AP will respond with a…
AP probe response which contains sec params.

What happens after the AP sends its probe response?
The client is associated but traffic is blocked until 802.1x auth is complete

The 802.1x authentication challenge is encrypted by
EAP

How does the client response to this challenge?
With a credential response

What does authenticator do with the credential response?
Converts it to a RADIUS access request and sends it to the AS

What does the AS do upon receiving the RADIUS access request?
It responds with a challenge that specifies what credentials are required of the supplicant

What happens if the client responds with the correct credentials?
The AS transmits a success message and encryption key

WPA2 is aka
802.11i

What is a PMK?
Pairwise master key,
It is created on a RADIUS server when a client authenticates

Where is the PMK sent?
From the AS to the authenticator

What is PMK used for?
To encrypt the exchange of the temporal session key

What is the PMK derived from that results in the authenticator and supplicant having the same one?
It is derived from client information

PMK’s are used to make PTK’s and GTK’s.

PTK’s and GTK’s are made in a
4 way handshake process

WPA2-PSK is aka
personal mode

WPA2-PSK is encrypted with…
A 256 bit PMK

اكمل القراءة

• twitter
• share
• plus