ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam 220-1002 All Questions

View all questions & answers for the 220-1002 exam
Go to Exam

Exam 220-1002 topic 1 question 6 discussion

Actual exam question from CompTIA's 220-1002
Question #: 6
Topic #: 1
[All 220-1002 Questions]

A small office's wireless network was compromised recently by an attacker who brute forced a PIN to gain access. The attacker then modified the DNS settings on the router and spread malware to the entire network.
Which of the following configurations MOST likely allowed the attack to take place? (Choose two.)

  • A. Guest network
  • B. TKIP
  • C. Default login
  • D. Outdated firmware
  • E. WPS
  • F. WEP
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by 156748918635135 at Nov. 26, 2019, 5:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MelvinJohn
Highly Voted 4 years, 5 months ago
C and E -- Default login and WPS. The question says the attacker "brute forced a PIN to gain access" to the network. Using a PIN implies they used WPS to gain access to the network because WPS can be configured to require a simple 8 digit code - very vulnerable to brute forcing. The question also says "The attacker then modified the DNS settings on the router." That could only be done via admin credentials to the router. A default login could allow that access. (Many routers default to admin, admin for login and password.)
upvoted 30 times
...
Lyndi
Highly Voted 5 years, 4 months ago
WEP & Default login
upvoted 15 times
DameonRaye
3 years, 6 months ago
Okay, but why? What is your reasoning, other than that is what the question states is the answer? Justify your responses, please. The answers are partially incorrect, btw. It's WPS, not WEP. WEP utilizes a "Passcode" to gain access, not a "PIN." WPS utilizes an 8-digit PIN, which can be brute forced to gain access. Default Login is correct, as it refers to the default login of the routers administrator access.
upvoted 3 times
...
...
clmxr16
Most Recent 3 months, 1 week ago
Selected Answer: CF
they are lest secure options on this and easy to crack
upvoted 1 times
...
c22e828
1 year, 3 months ago
cant be WEP ..WEP uses encryption keys not pins
upvoted 1 times
...
anotherpirate
2 years, 6 months ago
This exact question is on Jason Dion's practice exam. C and E are correct. PigBenis copy and pasted the reason why below from Jason Dion's explanation.
upvoted 1 times
...
PigBenis
3 years, 3 months ago
Selected Answer: CE
Default Login and WPS for the win!!!
upvoted 5 times
PigBenis
3 years, 3 months ago
OBJ-2.10: Wireless networks that rely on a PIN to connect devices use the Wi-Fi Protected Setup (WPS). It is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS relies on an 8-digit PIN, but it is easily defeated using a brute force attack due to a poor design. Once connected to the network using the WPS PIN, the attacker may have logged into the router using the default administrative login credentials and then modified the router/gateway's DNS. Commonly, many network administrators forget to change the default username/password of their devices, leaving an easy vulnerability for an attacker to exploit
upvoted 2 times
...
...
ginarina
3 years, 3 months ago
Selected Answer: CE
If WPS is the only one that allows for a PIN then it HAS to be E. Also, its easier to brute force something if it was already unchanged from its default setting. Hence, C.
upvoted 1 times
...
136898is42
3 years, 3 months ago
Selected Answer: CE
C&E, WPS use a PIN.
upvoted 1 times
...
UGotThis
3 years, 5 months ago
Selected Answer: CE
t says "pin" which is used to access router by WPS - this is susceptible to brute force attacks. I also think default password would be the second answe
upvoted 1 times
...
UGotThis
3 years, 5 months ago
it says "pin" which is used to access router by WPS - this is susceptible to brute force attacks. I also think default password would be the second answer
upvoted 1 times
...
SamuelSami
3 years, 7 months ago
C and E WPS: Wi-Fi® Protected Setup (WPS) is a built-in feature of many routers that make it easier to connect Wi-Fi enabled devices to a secure wireless network. This information is provided to help connect your TV, Blu-ray Disc™ player, or other supported home video products to a wireless network using WPS WEP? Wired Equivalent Privacy (WEP) is a security protocol and encryption algorithm that secures wireless and Wi-Fi networks. It adds security and privacy to wireless local-area networks (WLANs) and helps them meet the security levels offered by wired LANs.
upvoted 2 times
...
LeadBasedPaint
3 years, 9 months ago
If you gained access using Default Login, seems to me like the PIN is unnecessary.
upvoted 1 times
DameonRaye
3 years, 6 months ago
Default login refers to the router administrator access, not the SSID access. That is how they were able to access and change the routers settings.
upvoted 2 times
...
...
l0609890
4 years ago
It should be WPS and default password WPS - It was discovered in December 2011 that WPS was designed poorly due to its 8 digit number. This meant there were only 10,000,000 possible combinations which can easily take 4 hours to brute force all possible pin (unless you have a lockout function) Default Password - Probably one of the most common problem. It is easy to find the defaults for any WAP or router.
upvoted 1 times
...
OCD
4 years ago
Hey you bunch of IDIOTS, don't forget that you need to press the WPS button PHYSICALLY to engage it.
upvoted 4 times
user54321
3 years, 10 months ago
Lol, no you don't. For anyone wondering how it's done google "pixie dust attack".
upvoted 6 times
...
TomTK
3 years, 7 months ago
No you don't, Irony here is you're calling us Idiots?!
upvoted 5 times
...
...
Ty_ty
4 years, 3 months ago
Wi-Fi Protected Setup (WPS; originally, Wi-Fi Simple Config) is a network security standard to create a secure wireless home network. ... The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key (PSK).
upvoted 1 times
...
goveaernesto
4 years, 5 months ago
WPS needs user intervention ?
upvoted 1 times
...
Dirkster
4 years, 8 months ago
The question states that access was gained via a brute forced pin. A pin is made up of numerical digits. A WEP password is numbers and letters, and is usually known as a Pass Key. So I would have said WPS?
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago