Wireless Hacking - Breaking into Wi-Fi Networks - MCQ Questions

1. Which encryption standard is considered the weakest for Wi-Fi security?

A) WPA2-PSK
B) WPA3
C) WEP
D) AES

Answer: C) WEP
Explanation: WEP (Wired Equivalent Privacy) is highly insecure due to weak encryption mechanisms and can be cracked easily using tools like aircrack-ng. WPA2 and WPA3 are much stronger alternatives.

2. Which attack is used to capture a WPA/WPA2 handshake?

A) Evil Twin Attack
B) Deauthentication Attack
C) Rogue Access Point Attack
D) MAC Spoofing

Answer: B) Deauthentication Attack
Explanation: A deauthentication attack forces a client to disconnect from the network, causing it to reconnect. During this process, a hacker can capture the 4-way handshake, which is then used for offline password cracking.

3. What tool is commonly used for cracking WPA/WPA2 passwords from captured handshakes?

A) Hydra
B) John the Ripper
C) Aircrack-ng
D) Wireshark

Answer: C) Aircrack-ng
Explanation: Aircrack-ng is a popular tool used to crack WPA/WPA2 handshakes using dictionary or brute-force attacks.

4. Which Wi-Fi attack involves creating a fake access point to trick users into connecting?

A) Rogue AP Attack
B) Deauthentication Attack
C) WPS Pixie Dust Attack
D) KRACK Attack

Answer: A) Rogue AP Attack
Explanation: A Rogue AP (Evil Twin) attack involves setting up a fake Wi-Fi network that mimics a legitimate one to steal credentials or conduct MITM attacks.

5. What is the default encryption method used in WPA3?

A) TKIP
B) AES-128
C) GCMP-256
D) RC4

Answer: C) GCMP-256
Explanation: WPA3 uses GCMP-256 (Galois/Counter Mode Protocol with 256-bit encryption), making it significantly more secure than WPA2.

6. What type of authentication attack exploits vulnerabilities in the WPS protocol?

A) Man-in-the-Middle Attack
B) KRACK Attack
C) Pixie Dust Attack
D) Deauthentication Attack

Answer: C) Pixie Dust Attack
Explanation: The Pixie Dust attack exploits a weakness in WPS (Wi-Fi Protected Setup) to brute-force PIN authentication, allowing an attacker to retrieve the network key.

7. What command in Aircrack-ng is used to put a Wi-Fi adapter into monitor mode?

A) airmon-ng start wlan0
B) airodump-ng wlan0
C) ifconfig wlan0 down
D) aircrack-ng -c wlan0

Answer: A) airmon-ng start wlan0
Explanation: The airmon-ng start wlan0 command enables monitor mode, which allows the adapter to capture packets without connecting to a network.

8. Which type of attack forces clients to connect to a rogue AP by deauthenticating them from a legitimate network?

A) Karma Attack
B) MITM Attack
C) KRACK Attack
D) SSL Strip

Answer: A) Karma Attack
Explanation: The Karma Attack exploits client devices that automatically reconnect to known networks, allowing attackers to impersonate trusted networks.

9. Which tool is specifically designed for automating Evil Twin attacks?

A) Wireshark
B) Wifiphisher
C) Netcat
D) Airbase-ng

Answer: B) Wifiphisher
Explanation: Wifiphisher automates Evil Twin attacks by creating fake Wi-Fi networks and capturing login credentials.

10. What is the primary goal of a KRACK attack?

A) To brute-force WPA2 passwords
B) To exploit vulnerabilities in the 4-way handshake
C) To bypass MAC address filtering
D) To jam Wi-Fi signals

Answer: B) To exploit vulnerabilities in the 4-way handshake
Explanation: The KRACK (Key Reinstallation Attack) forces key reinstallation in WPA2, allowing an attacker to decrypt transmitted data.

11. What is a common tool used for Wi-Fi packet sniffing?

A) Ettercap
B) Kismet
C) John the Ripper
D) Nikto

Answer: B) Kismet
Explanation: Kismet is widely used for wireless network discovery, sniffing, and monitoring.

12. What type of attack involves sending a large number of authentication requests to an AP?

A) Replay Attack
B) Authentication Flood Attack
C) Rogue AP Attack
D) DoS Attack

Answer: B) Authentication Flood Attack
Explanation: This attack overwhelms the AP, causing denial-of-service (DoS) by sending excessive authentication requests.

13. What tool is used to manipulate packets in a Wi-Fi network?

A) Scapy
B) Sqlmap
C) Nmap
D) Netcat

Answer: A) Scapy
Explanation: Scapy is a Python-based tool used to manipulate, forge, and analyze network packets.

14. What does MAC address spoofing help an attacker do?

A) Change their IP address
B) Bypass MAC filtering
C) Crack WPA2 passwords
D) Modify packet headers

Answer: B) Bypass MAC filtering
Explanation: MAC address spoofing allows an attacker to bypass network security measures that rely on MAC filtering.

15. Which of the following can be used to jam Wi-Fi signals?

A) Airgeddon
B) MDK3
C) SQLmap
D) Aircrack-ng

Answer: B) MDK3
Explanation: MDK3 is a Wi-Fi testing tool used for jamming and disrupting wireless networks.

16. Which of the following is NOT a Wi-Fi hacking tool?

A) Aircrack-ng
B) Reaver
C) Snort
D) Wifiphisher

Answer: C) Snort
Explanation: Snort is an Intrusion Detection System (IDS), not a Wi-Fi hacking tool.

17. What type of Wi-Fi encryption is most secure?

A) WEP
B) WPA2
C) WPA3
D) TKIP

Answer: C) WPA3
Explanation: WPA3 provides enhanced security features, such as forward secrecy and better encryption.

18. What is the purpose of a War Driving attack?

A) Brute-forcing passwords
B) Capturing packets
C) Mapping open Wi-Fi networks
D) Exploiting KRACK vulnerabilities

Answer: C) Mapping open Wi-Fi networks
Explanation: War driving involves scanning for Wi-Fi networks while moving through different locations.

19. What is the primary purpose of an Evil Twin attack?

A) To jam a Wi-Fi network
B) To capture user credentials
C) To brute-force WPA2 passwords
D) To block network traffic

Answer: B) To capture user credentials
Explanation: Evil Twin attacks trick users into connecting to a rogue AP, allowing attackers to steal login credentials and other sensitive data.

20. What attack involves flooding an access point (AP) with fake deauthentication frames?

A) ARP Poisoning
B) Deauthentication Flood
C) MAC Spoofing
D) KRACK Attack

Answer: B) Deauthentication Flood
Explanation: In a Deauthentication Flood attack, the attacker sends a large number of deauth packets, forcing legitimate users to disconnect repeatedly.

21. Which wireless attack is used to downgrade encryption from WPA2 to WEP?

A) Downgrade Attack
B) WPA Downgrade Attack
C) Chop-Chop Attack
D) SSL Strip

Answer: B) WPA Downgrade Attack
Explanation: A WPA Downgrade Attack forces a client to connect using WEP, making the network easier to crack.

22. Which tool can exploit weak WPS implementations to obtain a Wi-Fi password?

A) Reaver
B) John the Ripper
C) Nmap
D) BeEF

Answer: A) Reaver
Explanation: Reaver is a tool that brute-forces WPS PINs to recover WPA/WPA2 passwords.

23. What is a common way to bypass MAC address filtering?

A) Changing IP address
B) Using VPN
C) MAC Address Spoofing
D) Port Scanning

Answer: C) MAC Address Spoofing
Explanation: MAC Address Spoofing allows an attacker to mimic an authorized device and bypass security controls.

24. What is the main function of Wifite?

A) Packet sniffing
B) Automated Wi-Fi penetration testing
C) DNS spoofing
D) Firewall evasion

Answer: B) Automated Wi-Fi penetration testing
Explanation: Wifite automates the process of Wi-Fi network attacks, including WEP/WPA cracking and WPS attacks.

25. What attack exploits weaknesses in WPA-TKIP encryption?

A) Chop-Chop Attack
B) Fragmentation Attack
C) Beck-Tews Attack
D) War Driving

Answer: C) Beck-Tews Attack
Explanation: The Beck-Tews attack exploits weaknesses in WPA-TKIP encryption, allowing an attacker to decrypt data packets.

26. What does a Hidden SSID prevent?

A) WPA2 brute-force attacks
B) Displaying the network name in public scans
C) WPA2 handshake captures
D) Evil Twin attacks

Answer: B) Displaying the network name in public scans
Explanation: A Hidden SSID stops the network from broadcasting its name, but does not prevent determined attackers from discovering it.

27. What type of antenna is most effective for long-range Wi-Fi attacks?

A) Dipole Antenna
B) Yagi Antenna
C) Omnidirectional Antenna
D) Patch Antenna

Answer: B) Yagi Antenna
Explanation: Yagi Antennas focus signals in a specific direction, increasing range for Wi-Fi sniffing and attacks.

28. What is the maximum theoretical range of a standard 2.4 GHz Wi-Fi signal?

A) 30 meters
B) 50 meters
C) 100 meters
D) 300 meters

Answer: D) 300 meters
Explanation: 2.4 GHz Wi-Fi signals can travel up to 300 meters in ideal conditions with no interference.

29. What is a common countermeasure against Evil Twin attacks?

A) Changing the SSID daily
B) Using MAC filtering
C) Enabling WPA3 and certificate-based authentication
D) Using a VPN

Answer: C) Enabling WPA3 and certificate-based authentication
Explanation: WPA3 with certificate-based authentication prevents devices from connecting to rogue APs.

30. What tool is useful for analyzing Wi-Fi signal strength?

A) Airgeddon
B) LinSSID
C) Netcat
D) Sqlmap

Answer: B) LinSSID
Explanation: LinSSID is a graphical tool for Wi-Fi network scanning and signal strength analysis.

31. Which layer of the OSI model does Wi-Fi encryption operate on?

A) Layer 1 (Physical)
B) Layer 2 (Data Link)
C) Layer 3 (Network)
D) Layer 4 (Transport)

Answer: B) Layer 2 (Data Link)
Explanation: Wi-Fi encryption (WEP, WPA, WPA2) occurs at the Data Link Layer (Layer 2).

32. What does an attacker need to execute a WPA3 Dragonfly Attack?

A) Handshake capture
B) Rainbow tables
C) Password spraying
D) Bluetooth exploit

Answer: A) Handshake capture
Explanation: The Dragonfly Attack exploits weaknesses in WPA3’s Simultaneous Authentication of Equals (SAE).

33. What is the key weakness in WEP encryption?

A) Key Reuse
B) Weak hash functions
C) Small key size
D) Lack of authentication

Answer: A) Key Reuse
Explanation: WEP uses the same IV (Initialization Vector) multiple times, making it vulnerable to replay attacks.

34. Which attack targets Wi-Fi clients rather than the AP?

A) Deauthentication Attack
B) Evil Twin Attack
C) Karma Attack
D) DNS Spoofing

Answer: C) Karma Attack
Explanation: The Karma Attack tricks client devices into connecting to a rogue AP.

35. What tool can help in detecting rogue access points?

A) Airbase-ng
B) NetStumbler
C) Wifiphisher
D) Metasploit

Answer: B) NetStumbler
Explanation: NetStumbler scans for rogue access points and monitors Wi-Fi signals.

36. What does an attacker gain by capturing an EAPOL handshake?

A) User credentials
B) The network SSID
C) The hashed password for offline cracking
D) The Wi-Fi encryption key

Answer: C) The hashed password for offline cracking
Explanation: Capturing an EAPOL handshake allows attackers to brute-force WPA/WPA2 passwords offline.

37. What is a recommended security practice to protect against WPA attacks?

A) Disabling SSID broadcast
B) Enabling WEP
C) Using complex passwords and WPA3
D) Lowering transmission power

Answer: C) Using complex passwords and WPA3
Explanation: WPA3 and strong passphrases significantly reduce the risk of Wi-Fi cracking attacks.

38. What is the purpose of a “captive portal” in public Wi-Fi networks?

A) To encrypt all user traffic
B) To require authentication before granting internet access
C) To prevent Man-in-the-Middle (MITM) attacks
D) To hide the SSID

Answer: B) To require authentication before granting internet access
Explanation: A captive portal forces users to log in or accept terms before using a public Wi-Fi network. Attackers sometimes create fake captive portals to steal credentials.

39. Which type of attack involves exploiting default router credentials to gain access to Wi-Fi settings?

A) Evil Twin Attack
B) Default Credential Attack
C) ARP Spoofing Attack
D) DNS Poisoning

Answer: B) Default Credential Attack
Explanation: Many routers ship with default admin credentials (e.g., “admin/admin”), making them easy targets if users don’t change them.

40. What does an attacker achieve through a “Wi-Fi Pineapple”?

A) Network traffic interception
B) WPA handshake cracking
C) RF signal jamming
D) Bypassing MAC filtering

Answer: A) Network traffic interception
Explanation: The Wi-Fi Pineapple is a hardware tool used for automating MITM attacks and capturing Wi-Fi traffic.

41. What does “wardriving” involve?

A) Brute-forcing Wi-Fi passwords
B) Mapping wireless networks while driving
C) Spoofing MAC addresses
D) Sniffing packet headers

Answer: B) Mapping wireless networks while driving
Explanation: Wardriving involves scanning for Wi-Fi networks while moving in a vehicle to map open hotspots.

42. Which encryption method is used in WPA3 for forward secrecy?

A) RC4
B) TKIP
C) AES-CCMP
D) Simultaneous Authentication of Equals (SAE)

Answer: D) Simultaneous Authentication of Equals (SAE)
Explanation: WPA3 uses SAE for better protection against password brute-force attacks.

43. What type of attack exploits vulnerabilities in the WPA3 protocol?

A) KRACK Attack
B) Dragonblood Attack
C) Chop-Chop Attack
D) WPS Pixie Dust Attack

Answer: B) Dragonblood Attack
Explanation: Dragonblood is a known vulnerability in WPA3’s SAE handshake, making it susceptible to password guessing.

44. What is an SSID cloaking technique used for?

A) Encrypting network traffic
B) Hiding a Wi-Fi network from being discovered
C) Enabling WPA3 security
D) Detecting rogue access points

Answer: B) Hiding a Wi-Fi network from being discovered
Explanation: SSID cloaking prevents a Wi-Fi network from appearing in normal scans, but attackers can still find hidden SSIDs using packet capture tools.

45. Which attack technique modifies the BSSID of a Wi-Fi network to trick users into connecting?

A) DNS Spoofing
B) MAC Address Spoofing
C) SSID Injection
D) WPA Downgrade Attack

Answer: C) SSID Injection
Explanation: SSID Injection involves modifying the BSSID (Basic Service Set Identifier) of an access point to impersonate another network.

46. What is the key function of airodump-ng in Wi-Fi penetration testing?

A) Cracking WPA/WPA2 passwords
B) Capturing packets and monitoring Wi-Fi networks
C) Injecting deauthentication packets
D) Jamming Wi-Fi signals

Answer: B) Capturing packets and monitoring Wi-Fi networks
Explanation: Airodump-ng is used for capturing Wi-Fi packets and analyzing networks before launching further attacks.

47. What is a “honey pot” in wireless security?

A) A fake access point designed to trap attackers
B) A deauthentication tool
C) A firewall rule to block attackers
D) A WPS cracking tool

Answer: A) A fake access point designed to trap attackers
Explanation: A honey pot is a security measure where a fake Wi-Fi network is set up to monitor and trap attackers.

48. What technique is used to prevent replay attacks in Wi-Fi security?

A) AES encryption
B) Nonces and sequence numbers
C) MAC address filtering
D) Captive portals

Answer: B) Nonces and sequence numbers
Explanation: Wi-Fi security protocols use nonces and sequence numbers to ensure that data packets are not reused or replayed.

49. What does the tool “Eaphammer” exploit?

A) WPA2 Enterprise authentication
B) WEP encryption flaws
C) MAC address filtering
D) War driving vulnerabilities

Answer: A) WPA2 Enterprise authentication
Explanation: Eaphammer is used to perform evil twin attacks on WPA2 Enterprise networks, allowing credential theft.

50. Which band provides better range but slower speeds in Wi-Fi?

A) 2.4 GHz
B) 5 GHz
C) 6 GHz
D) 60 GHz

Answer: A) 2.4 GHz
Explanation: 2.4 GHz Wi-Fi has a longer range but slower speeds compared to 5 GHz and 6 GHz.

51. What is a “man-in-the-middle” attack in Wi-Fi security?

A) Jamming Wi-Fi signals
B) Intercepting and modifying network traffic
C) Bypassing MAC filtering
D) Cloning an SSID

Answer: B) Intercepting and modifying network traffic
Explanation: MITM attacks involve intercepting and altering communication between a user and an access point.

52. What does “Beacon Frame Spoofing” do?

A) Forces users to disconnect from a Wi-Fi network
B) Broadcasts fake SSIDs to confuse users
C) Captures WPA handshakes
D) Bypasses WPS protection

Answer: B) Broadcasts fake SSIDs to confuse users
Explanation: Beacon Frame Spoofing is used to advertise fake Wi-Fi networks, leading users to connect to rogue APs.

53. What Wi-Fi attack targets PMKID (Pairwise Master Key Identifier) to obtain WPA2 passwords?

A) WPA Downgrade Attack
B) PMKID Attack
C) Rogue AP Attack
D) Chop-Chop Attack

Answer: B) PMKID Attack
Explanation: The PMKID attack allows hackers to crack WPA2 passwords without capturing the handshake.

54. What is the best way to prevent unauthorized access to a Wi-Fi network?

A) Using WPA3 with strong passwords
B) Disabling SSID broadcast
C) Reducing signal range
D) Hiding MAC addresses

Answer: A) Using WPA3 with strong passwords
Explanation: WPA3 with strong passphrases provides the most effective protection against unauthorized access.

55. Which attack takes advantage of the fact that devices automatically reconnect to previously connected networks?

A) Rogue AP Attack
B) Deauthentication Attack
C) SSID Spoofing Attack
D) WPS Pixie Dust Attack

Answer: C) SSID Spoofing Attack
Explanation: SSID Spoofing tricks devices into connecting to a fake access point by broadcasting an SSID identical to a legitimate one.

56. What does the term “Wi-Fi jamming” refer to?

A) Cracking Wi-Fi passwords
B) Flooding the frequency with interference to disrupt signals
C) Hiding a Wi-Fi network from attackers
D) Capturing authentication handshakes

Answer: B) Flooding the frequency with interference to disrupt signals
Explanation: Wi-Fi jamming involves overloading Wi-Fi frequencies to prevent legitimate communication.

57. What does “Evil Portal” refer to in Wi-Fi hacking?

A) A rogue DNS server
B) A malicious captive portal used for credential theft
C) A tool for WEP cracking
D) An encryption technique

Answer: B) A malicious captive portal used for credential theft
Explanation: Evil Portals mimic real login pages to steal credentials from unsuspecting users.

58. What is a primary limitation of a dictionary attack on WPA/WPA2 passwords?

A) It only works on open networks
B) It requires a live connection to the access point
C) It depends on the quality of the wordlist used
D) It is effective only on WEP networks

Answer: C) It depends on the quality of the wordlist used
Explanation: Dictionary attacks rely on precompiled wordlists; if the password is complex and unique, the attack will fail.

59. Which protocol does Wi-Fi use for authentication in Enterprise networks?

A) WPA3-SAE
B) EAP (Extensible Authentication Protocol)
C) WEP-PSK
D) MAC Filtering

Answer: B) EAP (Extensible Authentication Protocol)
Explanation: Enterprise networks use EAP for authentication, often with RADIUS servers for additional security.

60. What is the role of a RADIUS server in Wi-Fi security?

A) Acts as a DHCP server
B) Provides centralized authentication for WPA2-Enterprise networks
C) Encrypts all network traffic
D) Blocks unauthorized MAC addresses

Answer: B) Provides centralized authentication for WPA2-Enterprise networks
Explanation: RADIUS servers are used in WPA2-Enterprise setups to authenticate users securely.

61. What does an attacker achieve by launching a fragmentation attack on a Wi-Fi network?

A) Cracks WEP encryption faster
B) Decrypts WPA2 packets
C) Spoofs MAC addresses
D) Forces a downgrade to WEP

Answer: A) Cracks WEP encryption faster
Explanation: Fragmentation attacks break WEP encryption by exploiting weaknesses in its packet fragmentation process.

62. What is the primary function of “Airgeddon” in Wi-Fi hacking?

A) Cracking WPA2 passwords
B) Automating Evil Twin attacks
C) Spoofing MAC addresses
D) Performing Wi-Fi jamming

Answer: B) Automating Evil Twin attacks
Explanation: Airgeddon is a powerful tool used for setting up Evil Twin attacks and phishing Wi-Fi credentials.

63. Which type of antenna is best for long-range Wi-Fi reconnaissance?

A) Omnidirectional antenna
B) Yagi antenna
C) Dipole antenna
D) Rubber duck antenna

Answer: B) Yagi antenna
Explanation: Yagi antennas provide long-range directional Wi-Fi scanning and attack capabilities.

64. What is the key advantage of using WPA3 over WPA2?

A) Stronger encryption and protection against brute-force attacks
B) Backward compatibility with WEP
C) Faster network speed
D) No need for passwords

Answer: A) Stronger encryption and protection against brute-force attacks
Explanation: WPA3 introduces stronger encryption and the Simultaneous Authentication of Equals (SAE) protocol.

65. What tool can be used to detect rogue Wi-Fi access points?

A) Aircrack-ng
B) Wireshark
C) Kismet
D) Netcat

Answer: C) Kismet
Explanation: Kismet is a powerful Wi-Fi scanner that helps detect rogue access points and unauthorized devices.

66. What is a practical way to prevent Wi-Fi deauthentication attacks?

A) Use a VPN
B) Enable 802.11w Protected Management Frames (PMF)
C) Hide the SSID
D) Lower the transmit power

Answer: B) Enable 802.11w Protected Management Frames (PMF)
Explanation: 802.11w (PMF) helps mitigate deauthentication attacks by encrypting management frames.

67. Which type of attack attempts to force a user to connect to an attacker-controlled network?

A) Evil Twin Attack
B) Man-in-the-Middle Attack
C) WPA Downgrade Attack
D) ARP Spoofing Attack

Answer: A) Evil Twin Attack
Explanation: An Evil Twin Attack mimics a trusted network to trick users into connecting.

68. What tool is commonly used for performing “Wi-Fi heatmaps” to visualize network coverage?

A) NetSpot
B) Metasploit
C) Reaver
D) Wireshark

Answer: A) NetSpot
Explanation: NetSpot helps map Wi-Fi coverage by creating heatmaps of signal strength.

69. What is the purpose of a “Wi-Fi Deauth Detector”?

A) To detect and alert users about deauthentication attacks
B) To block unauthorized SSIDs
C) To improve Wi-Fi signal strength
D) To prevent MAC spoofing

Answer: A) To detect and alert users about deauthentication attacks
Explanation: Wi-Fi Deauth Detectors monitor network traffic for suspicious deauthentication packets.

70. What is a “Pineapple Mark V” primarily used for?

A) Cracking WPA3 passwords
B) Conducting Wi-Fi penetration testing and MITM attacks
C) Encrypting wireless communications
D) Preventing Evil Twin attacks

Answer: B) Conducting Wi-Fi penetration testing and MITM attacks
Explanation: The Wi-Fi Pineapple Mark V is a powerful penetration testing device used for MITM attacks.

71. What is the primary goal of a KRACK attack on WPA2 networks?

A) To force a device to connect to a rogue AP
B) To bypass MAC filtering
C) To exploit key reinstallation vulnerabilities
D) To capture WPA2 handshake for offline cracking

Answer: C) To exploit key reinstallation vulnerabilities
Explanation: The KRACK (Key Reinstallation Attack) targets a flaw in the WPA2 4-way handshake, allowing attackers to decrypt traffic.

72. What is the function of “airbase-ng” in Wi-Fi penetration testing?

A) Cracking WPA passwords
B) Capturing network packets
C) Creating fake access points
D) Sniffing unencrypted data

Answer: C) Creating fake access points
Explanation: Airbase-ng is used to create rogue access points for Evil Twin and other Wi-Fi attacks.

73. What is the primary weakness of WPS (Wi-Fi Protected Setup)?

A) Uses weak encryption
B) Vulnerable to brute-force attacks
C) Allows hidden SSIDs to be discovered
D) Only works on 2.4 GHz networks

Answer: B) Vulnerable to brute-force attacks
Explanation: WPS can be brute-forced using tools like Reaver, making it an easy target for attackers.

74. What type of attack uses a large number of association requests to crash a Wi-Fi access point?

A) Beacon Flood Attack
B) Authentication DoS Attack
C) Deauthentication Attack
D) Rogue AP Attack

Answer: B) Authentication DoS Attack
Explanation: Authentication DoS Attacks flood an access point with fake association requests, causing service disruption.

75. What tool can be used to generate strong Wi-Fi passwords resistant to brute-force attacks?

A) Wireshark
B) Crunch
C) NetStumbler
D) Ettercap

Answer: B) Crunch
Explanation: Crunch is a tool that generates custom wordlists, helping users create strong passwords.

76. What is an effective way to protect against brute-force attacks on WPA2 networks?

A) Disabling WPS
B) Enabling MAC filtering
C) Lowering transmit power
D) Using static IP addresses

Answer: A) Disabling WPS
Explanation: WPS is a major vulnerability in WPA2 security and should be disabled to prevent brute-force attacks.

77. What attack allows an attacker to sniff traffic on an open Wi-Fi network?

A) MAC Spoofing
B) Packet Injection
C) Passive Sniffing
D) KRACK Attack

Answer: C) Passive Sniffing
Explanation: Passive sniffing involves listening to unencrypted traffic on an open Wi-Fi network using tools like Wireshark.

78. What is a practical way to secure a Wi-Fi network against deauthentication attacks?

A) Enabling WPA2
B) Enabling 802.11w (PMF)
C) Hiding the SSID
D) Using MAC address filtering

Answer: B) Enabling 802.11w (PMF)
Explanation: 802.11w (Protected Management Frames) protects networks from deauthentication attacks.

79. What is the purpose of the “Reaver” tool in Wi-Fi hacking?

A) Cracking WPA2 passwords via brute-force
B) Exploiting WPS vulnerabilities
C) Performing MITM attacks
D) Capturing WPA handshakes

Answer: B) Exploiting WPS vulnerabilities
Explanation: Reaver is a popular tool used to brute-force WPS PINs and retrieve WPA/WPA2 passwords.

80. Which attack exploits weak initialization vectors in WEP encryption?

A) WPA Downgrade Attack
B) Chop-Chop Attack
C) RC4 Attack
D) Injection Attack

Answer: B) Chop-Chop Attack
Explanation: The Chop-Chop Attack exploits weak initialization vectors in WEP to decrypt packets without knowing the key.

81. What is a good practice to prevent Rogue AP attacks?

A) Disable SSID broadcasting
B) Use MAC filtering
C) Implement WPA3 with enterprise authentication
D) Hide the Wi-Fi password

Answer: C) Implement WPA3 with enterprise authentication
Explanation: WPA3 Enterprise authentication ensures that only authorized devices connect, preventing Rogue AP attacks.

82. What tool can be used for monitoring and detecting Wi-Fi anomalies?

A) Ettercap
B) Kismet
C) Hydra
D) Maltego

Answer: B) Kismet
Explanation: Kismet is a wireless network detector and intrusion detection system.

83. What feature in modern routers helps prevent ARP spoofing attacks?

A) Static IP assignment
B) Dynamic MAC filtering
C) ARP Inspection
D) DNSSEC

Answer: C) ARP Inspection
Explanation: Dynamic ARP Inspection (DAI) helps prevent ARP spoofing attacks by validating ARP packets.

84. What type of Wi-Fi attack can be prevented by using client isolation?

A) Evil Twin Attack
B) Rogue AP Attack
C) ARP Spoofing
D) SSID Spoofing

Answer: C) ARP Spoofing
Explanation: Client isolation prevents devices on the same network from directly communicating, stopping ARP spoofing.

85. What is the maximum theoretical speed of Wi-Fi 6 (802.11ax)?

A) 600 Mbps
B) 1 Gbps
C) 9.6 Gbps
D) 20 Gbps

Answer: C) 9.6 Gbps
Explanation: Wi-Fi 6 (802.11ax) supports speeds up to 9.6 Gbps under ideal conditions.

86. What attack exploits vulnerabilities in WPA Enterprise networks by tricking users into connecting to a fake RADIUS server?

A) EAP Phishing Attack
B) SSL Stripping Attack
C) WPA Downgrade Attack
D) DNS Tunneling

Answer: A) EAP Phishing Attack
Explanation: EAP Phishing attacks trick users into entering credentials on a fake RADIUS authentication page.

87. What is the main advantage of using WPA3 over WPA2?

A) It eliminates the need for passphrases
B) It uses Simultaneous Authentication of Equals (SAE) for better security
C) It is compatible with WEP encryption
D) It supports only 5 GHz networks

Answer: B) It uses Simultaneous Authentication of Equals (SAE) for better security
Explanation: SAE in WPA3 provides stronger encryption and protection against offline dictionary attacks.

88. What feature of Wi-Fi 6 helps improve security in public networks?

A) MAC Address Randomization
B) WEP Encryption
C) Open SSID Broadcasting
D) Lower Frequency Bands

Answer: A) MAC Address Randomization
Explanation: Wi-Fi 6 uses MAC address randomization to prevent device tracking in public networks.

89. What tool is used to automate Wi-Fi attacks and credential harvesting?

A) Evilginx
B) Aircrack-ng
C) Burp Suite
D) Sqlmap

Answer: A) Evilginx
Explanation: Evilginx is used for phishing attacks and credential harvesting by imitating login portals.

90. What type of attack floods an access point with association requests?

A) Authentication DoS Attack
B) Deauthentication Attack
C) Rogue AP Attack
D) Beacon Flood Attack

Answer: D) Beacon Flood Attack
Explanation: Beacon Flood Attacks spam an access point with fake SSIDs, causing disruption.

91. What is the primary purpose of using the tool “mdk3” in Wi-Fi attacks?

A) Decrypting WPA2 passwords
B) Conducting deauthentication and beacon flood attacks
C) Capturing WPA2 handshakes
D) Performing Evil Twin attacks

Answer: B) Conducting deauthentication and beacon flood attacks
Explanation: MDK3 is a tool used for jamming Wi-Fi networks, sending deauthentication frames, and beacon flooding attacks to disrupt communication.

92. Which attack involves injecting forged packets into a Wi-Fi network?

A) Packet Injection Attack
B) Evil Twin Attack
C) MAC Filtering Bypass
D) WPA Downgrade Attack

Answer: A) Packet Injection Attack
Explanation: Packet injection allows an attacker to send crafted packets into a Wi-Fi network, often used in WEP/WPA attacks.

93. What does “OUI” stand for in MAC addresses?

A) Organization Unique Identifier
B) Open Universal Identifier
C) Operating Unit Index
D) Organizational User Identity

Answer: A) Organization Unique Identifier
Explanation: The OUI (Organizationally Unique Identifier) is the first part of a MAC address that identifies the manufacturer of a network device.

94. Which attack leverages a forced downgrade of encryption from WPA3 to WPA2?

A) Dragonblood Attack
B) KRACK Attack
C) PMKID Attack
D) Deauthentication Attack

Answer: A) Dragonblood Attack
Explanation: The Dragonblood attack targets WPA3 networks by forcing a downgrade to WPA2, making them vulnerable to known WPA2 attacks.

95. Which type of wireless authentication requires certificates rather than a shared key?

A) WPA2-PSK
B) WEP
C) WPA2-Enterprise
D) WPA3-Personal

Answer: C) WPA2-Enterprise
Explanation: WPA2-Enterprise uses EAP (Extensible Authentication Protocol) with RADIUS servers for certificate-based authentication instead of shared passwords.

96. What technique prevents a wireless client from connecting to a specific access point?

A) MAC Address Filtering
B) SSID Hiding
C) ARP Poisoning
D) Deauthentication Attack

Answer: A) MAC Address Filtering
Explanation: MAC Address Filtering restricts which devices can connect to an access point based on their MAC addresses.

97. Which encryption algorithm does WPA3 use to improve security over WPA2?

A) TKIP
B) AES-CCMP
C) GCMP-256
D) WEP-RC4

Answer: C) GCMP-256
Explanation: WPA3 uses GCMP-256 (Galois/Counter Mode Protocol) for enhanced security over AES-CCMP in WPA2.

98. What method helps detect unauthorized Wi-Fi networks broadcasting in an area?

A) Passive Network Scanning
B) Packet Injection
C) ARP Spoofing
D) WPA Handshake Capturing

Answer: A) Passive Network Scanning
Explanation: Passive network scanning (using tools like Kismet) monitors Wi-Fi activity to detect rogue access points.

99. Which type of attack targets the “Management Frames” in Wi-Fi communication?

A) MITM Attack
B) Deauthentication Attack
C) Packet Sniffing
D) Rogue AP Attack

Answer: B) Deauthentication Attack
Explanation: Deauthentication attacks exploit unprotected management frames to force clients off a Wi-Fi network.

100. What is the primary purpose of the “Wi-Fi Pineapple” in penetration testing?

A) Cracking WPA3 passwords
B) Conducting MITM and Evil Twin attacks
C) Preventing Wi-Fi spoofing
D) Bypassing WPA2 encryption

Answer: B) Conducting MITM and Evil Twin attacks
Explanation: Wi-Fi Pineapple is a powerful tool used for Man-in-the-Middle (MITM) attacks and Evil Twin setups in Wi-Fi penetration testing.

101. What attack involves inserting a fake DNS server into a Wi-Fi network?

A) DNS Spoofing Attack
B) Beacon Flood Attack
C) WPS Pixie Dust Attack
D) PMKID Attack

Answer: A) DNS Spoofing Attack
Explanation: DNS spoofing attacks redirect users to malicious websites by altering DNS responses in a network.

102. Which tool can generate custom wordlists for Wi-Fi password cracking?

A) Hydra
B) Crunch
C) NetStumbler
D) Ettercap

Answer: B) Crunch
Explanation: Crunch generates custom wordlists to use in dictionary and brute-force attacks on Wi-Fi passwords.

103. What technique prevents an attacker from tracking a device using its MAC address?

A) MAC Address Randomization
B) Enabling WPS
C) Lowering Transmission Power
D) SSID Cloaking

Answer: A) MAC Address Randomization
Explanation: MAC Address Randomization generates temporary MAC addresses to prevent tracking in public networks.

104. What is the primary function of 802.11w?

A) Preventing WEP cracking
B) Encrypting management frames
C) Enhancing Wi-Fi speed
D) Blocking rogue access points

Answer: B) Encrypting management frames
Explanation: 802.11w protects management frames, preventing deauthentication and disassociation attacks.

105. Which tool is commonly used for performing Evil Twin attacks?

A) Wifiphisher
B) Nmap
C) John the Ripper
D) Sqlmap

Answer: A) Wifiphisher
Explanation: Wifiphisher automates the process of creating rogue Wi-Fi networks to steal credentials.

106. What is the primary advantage of using an external wireless adapter for penetration testing?

A) Stronger signal strength
B) Ability to enter monitor mode
C) Faster internet speeds
D) Access to hidden SSIDs

Answer: B) Ability to enter monitor mode
Explanation: Many internal Wi-Fi adapters do not support monitor mode, making external adapters essential for Wi-Fi hacking.

107. What type of attack exploits weaknesses in WPA3’s transition mode?

A) Downgrade Attack
B) Deauthentication Attack
C) DNS Hijacking
D) ARP Poisoning

Answer: A) Downgrade Attack
Explanation: WPA3 transition mode allows older WPA2 devices to connect, making them susceptible to downgrade attacks.

108. What frequency bands are used in Wi-Fi 6E?

A) 2.4 GHz and 5 GHz
B) 5 GHz and 6 GHz
C) 2.4 GHz, 5 GHz, and 6 GHz
D) 4 GHz and 8 GHz

Answer: C) 2.4 GHz, 5 GHz, and 6 GHz
Explanation: Wi-Fi 6E extends support to the 6 GHz band, providing higher speeds and less interference.

109. What is a “Beacon Frame Flood” attack used for?

A) To overwhelm nearby Wi-Fi clients with fake SSIDs
B) To force devices to disconnect
C) To inject malicious packets
D) To spoof DNS records

Answer: A) To overwhelm nearby Wi-Fi clients with fake SSIDs
Explanation: Beacon frame flood attacks spam access points with fake SSIDs, making networks unstable.

110. What is the maximum speed of Wi-Fi 7?

A) 5 Gbps
B) 9.6 Gbps
C) 30 Gbps
D) 46 Gbps

Answer: D) 46 Gbps
Explanation: Wi-Fi 7 (802.11be) offers speeds up to 46 Gbps, with improved latency and efficiency.

111. What is the key vulnerability that allows an attacker to perform a WPS Pixie Dust attack?

A) Weak initialization vectors
B) Static WPS PINs
C) MAC address filtering bypass
D) Rogue access points

Answer: B) Static WPS PINs
Explanation: WPS Pixie Dust attacks exploit routers with static WPS PINs, allowing brute-force retrieval of WPA2 passwords.

112. What is a practical method to prevent Evil Twin attacks?

A) Using a VPN on public networks
B) Changing the SSID frequently
C) Disabling MAC filtering
D) Lowering the router’s transmit power

Answer: A) Using a VPN on public networks
Explanation: A VPN encrypts traffic, preventing an Evil Twin attacker from intercepting sensitive data.

113. What is the purpose of “airmon-ng” in Wi-Fi penetration testing?

A) Sniffing unencrypted packets
B) Placing the wireless card into monitor mode
C) Performing brute-force attacks
D) Injecting deauthentication frames

Answer: B) Placing the wireless card into monitor mode
Explanation: airmon-ng is used to enable monitor mode, allowing a Wi-Fi adapter to capture network traffic.

114. What kind of attack manipulates signal strength to lure devices into connecting to a fake network?

A) SSID Spoofing
B) Signal Amplification Attack
C) Deauthentication Attack
D) MITM Attack

Answer: B) Signal Amplification Attack
Explanation: Attackers use high-gain antennas or signal boosters to increase the range of rogue APs, attracting more victims.

115. Which attack takes advantage of automatic Wi-Fi reconnection settings in devices?

A) Karma Attack
B) MAC Spoofing
C) ARP Poisoning
D) WPA Handshake Capturing

Answer: A) Karma Attack
Explanation: A Karma Attack tricks devices into connecting to a rogue AP by exploiting auto-reconnect behavior.

116. What tool is commonly used for performing WPA handshake cracking?

A) Hashcat
B) Nikto
C) Hydra
D) Sqlmap

Answer: A) Hashcat
Explanation: Hashcat is a powerful GPU-based password cracking tool used to break WPA/WPA2 handshakes.

117. What does an attacker gain by capturing an EAPOL handshake?

A) The plaintext Wi-Fi password
B) The ability to bypass MAC filtering
C) A hash that can be cracked offline
D) Access to encrypted user data

Answer: C) A hash that can be cracked offline
Explanation: EAPOL handshakes contain a hashed Wi-Fi password, which can be cracked using brute-force or dictionary attacks.

118. What is the primary advantage of using WPA3 over WPA2?

A) No password is required
B) It eliminates handshake vulnerabilities
C) It prevents Evil Twin attacks
D) It is compatible with WEP encryption

Answer: B) It eliminates handshake vulnerabilities
Explanation: WPA3 uses Simultaneous Authentication of Equals (SAE) to remove traditional WPA2 handshake weaknesses.

119. What does an attacker need to perform a PMKID attack?

A) A brute-force attack on WEP
B) A captured PMKID hash
C) A deauthentication script
D) A forged beacon frame

Answer: B) A captured PMKID hash
Explanation: A PMKID attack captures a PMKID hash, which can be cracked offline to retrieve the WPA2 password.

120. What tool is designed for conducting targeted deauthentication attacks?

A) MDK3
B) Reaver
C) Kismet
D) Nikto

Answer: A) MDK3
Explanation: MDK3 is a Wi-Fi penetration testing tool used to send deauthentication packets to disrupt network connections.

121. Which frequency band has the least interference but shorter range?

A) 2.4 GHz
B) 5 GHz
C) 6 GHz
D) 1 GHz

Answer: C) 6 GHz
Explanation: 6 GHz Wi-Fi offers less interference but has shorter range compared to 2.4 GHz.

122. What is the main security benefit of WPA3’s “Forward Secrecy”?

A) Prevents password reuse
B) Encrypts data even if the password is compromised later
C) Blocks unauthorized SSIDs
D) Uses a static encryption key

Answer: B) Encrypts data even if the password is compromised later
Explanation: Forward Secrecy in WPA3 ensures that even if an encryption key is compromised, past traffic remains secure.

123. What tool is commonly used to analyze Wi-Fi traffic in real time?

A) Wireshark
B) Metasploit
C) Hydra
D) Nikto

Answer: A) Wireshark
Explanation: Wireshark captures and analyzes Wi-Fi packets, making it a powerful tool for network monitoring and debugging.

124. What is a “Zero Day” vulnerability in Wi-Fi security?

A) A vulnerability in WPA3
B) A previously unknown security flaw
C) A hardware-based attack
D) A tool for cracking WEP

Answer: B) A previously unknown security flaw
Explanation: A Zero Day vulnerability is a newly discovered security flaw that has not been patched.

125. What is the purpose of a “WIDS” (Wireless Intrusion Detection System)?

A) Encrypting Wi-Fi traffic
B) Detecting unauthorized wireless activities
C) Cracking WPA2 passwords
D) Performing ARP spoofing

Answer: B) Detecting unauthorized wireless activities
Explanation: WIDS (Wireless Intrusion Detection Systems) monitor Wi-Fi networks for suspicious activity and potential attacks.

126. Which tool can automate WPA/WPA2 brute-force attacks?

A) Airgeddon
B) NetStumbler
C) Wireshark
D) Sqlmap

Answer: A) Airgeddon
Explanation: Airgeddon automates WPA/WPA2 cracking, making penetration testing more efficient.

127. What technique prevents devices from connecting to malicious Wi-Fi networks?

A) Disabling auto-connect to open Wi-Fi
B) Using WEP encryption
C) Lowering transmit power
D) Spoofing MAC addresses

Answer: A) Disabling auto-connect to open Wi-Fi
Explanation: Disabling auto-connect prevents devices from automatically joining malicious networks.

128. What protocol improves authentication security in WPA3?

A) EAP-MD5
B) Simultaneous Authentication of Equals (SAE)
C) WEP-PSK
D) TKIP

Answer: B) Simultaneous Authentication of Equals (SAE)
Explanation: SAE replaces the WPA2 handshake, improving password security in WPA3.

129. What is the key feature of Wi-Fi 7?

A) Uses WEP encryption
B) Offers speeds up to 46 Gbps
C) Only supports 2.4 GHz networks
D) Eliminates SSID broadcasting

Answer: B) Offers speeds up to 46 Gbps
Explanation: Wi-Fi 7 (802.11be) improves speeds and efficiency, supporting up to 46 Gbps.

130. What is a recommended way to secure a Wi-Fi network at home?

A) Use WPA3 and strong passwords
B) Disable all encryption
C) Use MAC filtering only
D) Set up multiple SSIDs

Answer: A) Use WPA3 and strong passwords
Explanation: WPA3 and complex passwords provide strong Wi-Fi security against most attacks.

131. What is the key security improvement in WPA3 compared to WPA2?

A) The removal of the 4-way handshake
B) The introduction of Simultaneous Authentication of Equals (SAE)
C) The ability to use static WEP keys
D) The requirement to use WPS for authentication

Answer: B) The introduction of Simultaneous Authentication of Equals (SAE)
Explanation: WPA3 introduces SAE (Simultaneous Authentication of Equals) to replace the WPA2 4-way handshake, enhancing security against brute-force attacks.

132. Which attack targets WPA2 Enterprise authentication by tricking users into providing credentials?

A) WPA Downgrade Attack
B) Evil Twin Attack
C) EAP Phishing Attack
D) ARP Spoofing Attack

Answer: C) EAP Phishing Attack
Explanation: EAP Phishing attacks impersonate a WPA2 Enterprise authentication server to steal credentials.

133. What is the purpose of the “EvilAP” attack?

A) To force clients to disconnect from an access point
B) To create a fake access point that mimics a real one
C) To exploit WPS vulnerabilities
D) To inject malicious packets into encrypted traffic

Answer: B) To create a fake access point that mimics a real one
Explanation: EvilAP (Evil Access Point) attacks trick users into connecting to a malicious AP, allowing MITM (Man-in-the-Middle) attacks.

134. What is a “Beacon Frame Injection” attack used for?

A) To flood a Wi-Fi network with fake SSIDs
B) To brute-force WEP passwords
C) To perform MAC address spoofing
D) To establish a rogue access point

Answer: A) To flood a Wi-Fi network with fake SSIDs
Explanation: Beacon Frame Injection is a technique that floods an area with fake Wi-Fi network SSIDs, causing network confusion.

135. What encryption standard is considered the most secure for Wi-Fi networks today?

A) WEP
B) WPA2-PSK
C) WPA3 with GCMP-256
D) TKIP

Answer: C) WPA3 with GCMP-256
Explanation: WPA3 with GCMP-256 encryption provides stronger security than WPA2 and is resistant to brute-force attacks.

136. What type of attack is used to exploit weak passphrases in WPA2 networks?

A) Dictionary Attack
B) Evil Twin Attack
C) ARP Poisoning Attack
D) SSL Stripping Attack

Answer: A) Dictionary Attack
Explanation: Dictionary attacks attempt to guess weak WPA2 passwords by using precompiled lists of common passphrases.

137. What tool can generate Wi-Fi heatmaps to visualize signal strength?

A) NetSpot
B) Wireshark
C) Reaver
D) Wifiphisher

Answer: A) NetSpot
Explanation: NetSpot is a tool that helps map Wi-Fi coverage and detect weak signal areas.

138. What is a “Warshipping” attack in Wi-Fi hacking?

A) Using drones to scan for open Wi-Fi networks
B) Shipping a Wi-Fi hacking device to a target location
C) Sniffing Wi-Fi traffic from a war-driving car
D) Deploying malware through Wi-Fi routers

Answer: B) Shipping a Wi-Fi hacking device to a target location
Explanation: Warshipping involves sending a hidden Wi-Fi attack device through the mail to remotely attack nearby networks.

139. What type of attack does an attacker perform when forcing a client to connect to an Evil Twin network?

A) MAC Cloning Attack
B) Deauthentication Attack
C) ARP Spoofing Attack
D) DNS Poisoning Attack

Answer: B) Deauthentication Attack
Explanation: Deauthentication attacks force users to disconnect from their trusted network, making them reconnect to an Evil Twin AP.

140. What is an “RF Jamming” attack?

A) A method to increase the strength of a Wi-Fi signal
B) The act of sending noise on Wi-Fi frequencies to disrupt communication
C) A way to bypass WPA3 encryption
D) Encrypting traffic on an open Wi-Fi network

Answer: B) The act of sending noise on Wi-Fi frequencies to disrupt communication
Explanation: RF Jamming floods radio frequencies with interference, disrupting Wi-Fi communication.

141. What does “Wi-Fi Phishing” usually involve?

A) Capturing WPA2 handshakes
B) Creating fake login pages on rogue APs
C) Using brute-force attacks to crack passwords
D) Sniffing unencrypted traffic

Answer: B) Creating fake login pages on rogue APs
Explanation: Wi-Fi phishing involves setting up fake login portals to steal user credentials.

142. What does “SSID Cloaking” do?

A) Encrypts Wi-Fi traffic
B) Hides the network name from being broadcast
C) Prevents MAC spoofing
D) Improves signal range

Answer: B) Hides the network name from being broadcast
Explanation: SSID Cloaking prevents the Wi-Fi network name from being visible, but attackers can still detect it using packet sniffing.

143. What is a recommended way to protect against MITM attacks on public Wi-Fi?

A) Only use WEP-encrypted networks
B) Use a VPN to encrypt traffic
C) Disable Wi-Fi when not in use
D) Change SSID frequently

Answer: B) Use a VPN to encrypt traffic
Explanation: VPNs encrypt your data, making it unreadable even if intercepted in a MITM attack.

144. What is a “HoneySSID” in Wi-Fi security?

A) A deceptive SSID designed to attract attackers
B) A random SSID broadcasted by a legitimate AP
C) A new form of WPA3 encryption
D) A public Wi-Fi network with strong security

Answer: A) A deceptive SSID designed to attract attackers
Explanation: HoneySSID is a trap SSID that detects and logs attackers trying to exploit Wi-Fi vulnerabilities.

145. What is a common countermeasure against Rogue Access Points?

A) Implementing a Wireless Intrusion Detection System (WIDS)
B) Using WEP encryption
C) Allowing all MAC addresses
D) Disabling WPA3

Answer: A) Implementing a Wireless Intrusion Detection System (WIDS)
Explanation: WIDS detects unauthorized APs, helping network administrators identify and prevent rogue access points.

146. What is the primary function of “hostapd”?

A) Running a software-based access point
B) Cracking WPA2 passwords
C) Sniffing encrypted traffic
D) Bypassing MAC filtering

Answer: A) Running a software-based access point
Explanation: Hostapd is used to set up a software-based access point for testing and attack simulations.

147. Which attack exploits weak Wi-Fi passwords by generating offline hash collisions?

A) Rainbow Table Attack
B) WPS Pixie Dust Attack
C) Beacon Flood Attack
D) PMKID Attack

Answer: A) Rainbow Table Attack
Explanation: Rainbow Table Attacks use precomputed hash values to crack weak Wi-Fi passwords.

148. What is a practical way to detect Evil Twin access points?

A) Checking for duplicate SSIDs with different MAC addresses
B) Using a VPN
C) Changing the Wi-Fi password frequently
D) Lowering the Wi-Fi signal strength

Answer: A) Checking for duplicate SSIDs with different MAC addresses
Explanation: Evil Twin attacks involve creating fake SSIDs; detecting multiple networks with the same SSID but different MAC addresses can reveal them.

149. What is a major downside of using MAC address filtering for Wi-Fi security?

A) It does not work on WPA3 networks
B) MAC addresses can be easily spoofed
C) It slows down Wi-Fi speeds
D) It only works on 5 GHz networks

Answer: B) MAC addresses can be easily spoofed
Explanation: MAC address filtering can be bypassed by an attacker using MAC spoofing to impersonate an authorized device.

150. What is the main function of the “airodump-ng” tool in wireless security testing?

A) Injecting malicious packets
B) Cracking WPA2 passwords
C) Capturing Wi-Fi packets and monitoring networks
D) Blocking unauthorized access points

Answer: C) Capturing Wi-Fi packets and monitoring networks
Explanation: Airodump-ng is used to capture packets, analyze Wi-Fi networks, and identify security weaknesses.

151. What protocol is used for authentication in WPA2-Enterprise networks?

A) WPA-PSK
B) EAP (Extensible Authentication Protocol)
C) TKIP
D) WPS

Answer: B) EAP (Extensible Authentication Protocol)
Explanation: WPA2-Enterprise uses EAP for authentication, often with RADIUS servers for added security.

152. What is the function of “hcxpcaptool” in Wi-Fi hacking?

A) Extracting PMKID hashes from packet captures
B) Decrypting WPA3 handshakes
C) Injecting rogue SSIDs into beacon frames
D) Performing deauthentication attacks

Answer: A) Extracting PMKID hashes from packet captures
Explanation: hcxpcaptool is used to extract PMKID hashes, which can be cracked offline to reveal Wi-Fi passwords.

153. What is a key limitation of performing a brute-force attack on WPA2 passwords?

A) The need for a captured handshake
B) The attack only works on 5 GHz networks
C) It can only be done from within the network
D) It requires access to the router’s admin panel

Answer: A) The need for a captured handshake
Explanation: To perform a brute-force attack on WPA2, an attacker must capture a valid handshake using tools like airodump-ng.

154. What does “Wi-Fi Protected Access 3 (WPA3)” use instead of the traditional 4-way handshake?

A) Simultaneous Authentication of Equals (SAE)
B) TKIP encryption
C) WPS PIN-based authentication
D) Static encryption keys

Answer: A) Simultaneous Authentication of Equals (SAE)
Explanation: WPA3 uses SAE, which improves security by preventing offline password brute-force attacks.

155. Which tool is often used to conduct a deauthentication attack on a Wi-Fi network?

A) aireplay-ng
B) netcat
C) sqlmap
D) nmap

Answer: A) aireplay-ng
Explanation: aireplay-ng is a part of the Aircrack-ng suite and is used to send deauthentication packets.

156. Which attack can extract credentials from users by spoofing a legitimate Wi-Fi network?

A) Evil Twin Attack
B) Beacon Flood Attack
C) ARP Poisoning Attack
D) PMKID Attack

Answer: A) Evil Twin Attack
Explanation: Evil Twin attacks involve creating a fake access point to steal user credentials.

157. What security feature in WPA3 helps protect against dictionary attacks?

A) SAE (Simultaneous Authentication of Equals)
B) WEP encryption
C) MAC Address Filtering
D) Static Passkeys

Answer: A) SAE (Simultaneous Authentication of Equals)
Explanation: SAE in WPA3 makes it difficult for attackers to brute-force passwords offline.

158. What is the purpose of a “Wi-Fi honeypot”?

A) A security measure used to detect unauthorized users
B) A method for brute-forcing Wi-Fi passwords
C) A way to block unauthorized SSIDs
D) A tool for sniffing encrypted network traffic

Answer: A) A security measure used to detect unauthorized users
Explanation: A Wi-Fi honeypot is a trap network used to detect and analyze attacker behavior.

159. What frequency does Wi-Fi 6E operate on?

A) 2.4 GHz only
B) 5 GHz only
C) 6 GHz only
D) 2.4 GHz, 5 GHz, and 6 GHz

Answer: D) 2.4 GHz, 5 GHz, and 6 GHz
Explanation: Wi-Fi 6E expands into the 6 GHz spectrum, in addition to supporting 2.4 GHz and 5 GHz.

160. What type of attack is commonly used to force clients off a Wi-Fi network?

A) Deauthentication Attack
B) WPA3 Handshake Interruption
C) MAC Filtering Bypass
D) SSID Spoofing Attack

Answer: A) Deauthentication Attack
Explanation: Deauthentication attacks send fake disconnection packets to force devices off a Wi-Fi network.

161. What encryption method is most secure for modern Wi-Fi networks?

A) WEP
B) WPA2-PSK
C) WPA3-GCMP-256
D) TKIP

Answer: C) WPA3-GCMP-256
Explanation: WPA3-GCMP-256 encryption provides stronger security and is resistant to brute-force attacks.

162. What is the key vulnerability of WPA2 that was exploited by the KRACK attack?

A) Key reinstallation flaw in the 4-way handshake
B) Weak password hashing
C) Lack of MAC address validation
D) No encryption in management frames

Answer: A) Key reinstallation flaw in the 4-way handshake
Explanation: KRACK (Key Reinstallation Attack) exploited a flaw in WPA2’s handshake process, allowing attackers to decrypt Wi-Fi traffic.

163. Which tool can help analyze and identify rogue access points?

A) Kismet
B) Nmap
C) Sqlmap
D) John the Ripper

Answer: A) Kismet
Explanation: Kismet is a Wi-Fi packet sniffer used for detecting rogue APs and monitoring networks.

164. What is an effective countermeasure against deauthentication attacks?

A) Enabling 802.11w Protected Management Frames (PMF)
B) Using MAC address filtering
C) Disabling the SSID broadcast
D) Increasing Wi-Fi signal power

Answer: A) Enabling 802.11w Protected Management Frames (PMF)
Explanation: 802.11w (PMF) encrypts management frames, preventing deauthentication attacks.

165. What is the purpose of a Wi-Fi “deauthentication flood” attack?

A) To force clients to reconnect and capture WPA handshakes
B) To steal MAC addresses
C) To crack WEP passwords
D) To perform signal amplification

Answer: A) To force clients to reconnect and capture WPA handshakes
Explanation: Deauthentication flood attacks repeatedly disconnect users, forcing them to reconnect and making it easier to capture WPA handshakes.

166. What feature in WPA3 ensures that past network sessions remain secure even if the password is compromised later?

A) Forward Secrecy
B) Static Key Exchange
C) AES-CCMP
D) MAC Address Filtering

Answer: A) Forward Secrecy
Explanation: Forward Secrecy in WPA3 prevents attackers from decrypting past traffic even if they later obtain the network password.

167. What type of attack sends an overwhelming number of authentication requests to an access point?

A) Authentication Flood Attack
B) Evil Twin Attack
C) MAC Spoofing Attack
D) DNS Poisoning Attack

Answer: A) Authentication Flood Attack
Explanation: Authentication flood attacks overwhelm an access point by sending a massive number of authentication requests, causing denial of service.

168. What is a key difference between WPA2 and WPA3 encryption?

A) WPA3 uses GCMP-256 encryption, while WPA2 uses AES-CCMP
B) WPA2 requires WPS, while WPA3 does not
C) WPA3 does not use encryption, while WPA2 does
D) WPA2 supports MAC filtering, while WPA3 does not

Answer: A) WPA3 uses GCMP-256 encryption, while WPA2 uses AES-CCMP
Explanation: WPA3 improves encryption security by using GCMP-256, which is stronger than the AES-CCMP used in WPA2.

169. Which tool can automate Wi-Fi reconnaissance and security auditing?

A) Wifite
B) Metasploit
C) Sqlmap
D) Netcat

Answer: A) Wifite
Explanation: Wifite is a tool that automates Wi-Fi network attacks, including WPA/WPA2 cracking and deauthentication.

170. What is an effective way to prevent unauthorized devices from connecting to a Wi-Fi network?

A) Using WPA3 with strong passphrases
B) Lowering the router’s power output
C) Disabling DHCP
D) Changing the SSID every day

Answer: A) Using WPA3 with strong passphrases
Explanation: WPA3 with strong passwords is the best way to prevent unauthorized devices from connecting.

171. What is the primary function of the “hcxdumptool” utility?

A) Capturing PMKID hashes for WPA2 cracking
B) Detecting open Wi-Fi networks
C) Generating fake deauthentication frames
D) Sniffing HTTP traffic

Answer: A) Capturing PMKID hashes for WPA2 cracking
Explanation: hcxdumptool captures PMKID hashes, which can be cracked offline to recover WPA2 passwords.

172. Which attack allows an attacker to intercept and modify Wi-Fi packets in real-time?

A) Man-in-the-Middle (MITM) Attack
B) Rogue AP Attack
C) DNS Spoofing Attack
D) PMKID Attack

Answer: A) Man-in-the-Middle (MITM) Attack
Explanation: MITM attacks allow an attacker to intercept, modify, or redirect Wi-Fi traffic in real-time.

173. What does an attacker gain by performing a “Beacon Flood Attack”?

A) It floods the airwaves with fake SSIDs, causing confusion
B) It captures WPA2 handshakes
C) It forces devices to disconnect from the network
D) It disables WPS on the target router

Answer: A) It floods the airwaves with fake SSIDs, causing confusion
Explanation: Beacon Flood Attacks send fake beacon frames advertising non-existent SSIDs, making it hard for users to find real networks.

174. What security feature in modern Wi-Fi routers helps protect against Evil Twin attacks?

A) Protected Management Frames (PMF)
B) Static WEP encryption
C) Hiding the SSID
D) Disabling DHCP

Answer: A) Protected Management Frames (PMF)
Explanation: PMF (802.11w) encrypts management frames, preventing Evil Twin deauthentication attacks.

175. What is the main vulnerability that allowed the “KRACK” attack on WPA2?

A) A flaw in the 4-way handshake allowing key reinstallation
B) Weak password hashing
C) MAC address filtering bypass
D) Unpatched firmware vulnerabilities

Answer: A) A flaw in the 4-way handshake allowing key reinstallation
Explanation: The KRACK attack exploited a flaw in WPA2’s 4-way handshake, allowing attackers to decrypt traffic.

176. Which command is used to place a Wi-Fi adapter into monitor mode in Kali Linux?

A) airmon-ng start wlan0
B) airodump-ng wlan0
C) aircrack-ng wlan0
D) netdiscover wlan0

Answer: A) airmon-ng start wlan0
Explanation: airmon-ng start wlan0 enables monitor mode, allowing the adapter to capture Wi-Fi packets.

177. What is a “Caffe Latte” attack?

A) Cracking WEP passwords from client-side traffic
B) A method to hijack WPA2 handshakes
C) A way to brute-force WPA3 passphrases
D) An attack that injects fake deauthentication frames

Answer: A) Cracking WEP passwords from client-side traffic
Explanation: The Caffe Latte attack allows attackers to crack WEP keys using traffic from a single client, without needing an access point.

178. What is the main purpose of the “Pineapple Wi-Fi” device in penetration testing?

A) Conducting MITM attacks and credential harvesting
B) Cracking WPA3 passwords
C) Injecting malicious firmware into routers
D) Detecting deauthentication attacks

Answer: A) Conducting MITM attacks and credential harvesting
Explanation: The Wi-Fi Pineapple is a hardware tool used for Man-in-the-Middle (MITM) attacks, credential harvesting, and network reconnaissance.

179. What does an attacker gain by capturing an EAPOL handshake?

A) The ability to brute-force WPA/WPA2 passwords offline
B) Instant access to the Wi-Fi network
C) Control over connected clients
D) A full dump of all encrypted network traffic

Answer: A) The ability to brute-force WPA/WPA2 passwords offline
Explanation: Capturing an EAPOL handshake allows an attacker to perform offline brute-force attacks to crack the password.

180. What is the purpose of “evilginx” in Wi-Fi security testing?

A) Capturing login credentials through phishing pages
B) Spoofing MAC addresses to bypass filters
C) Capturing WPA2 handshakes
D) Injecting malware into wireless packets

Answer: A) Capturing login credentials through phishing pages
Explanation: Evilginx is a phishing toolkit used to capture login credentials via fake login portals.

181. What is the primary goal of a “WPS PIN Brute-Force Attack”?

A) To capture WPA2 handshakes
B) To bypass MAC filtering
C) To obtain the Wi-Fi password by brute-forcing the WPS PIN
D) To force clients to disconnect from the network

Answer: C) To obtain the Wi-Fi password by brute-forcing the WPS PIN
Explanation: WPS PIN brute-force attacks exploit routers with WPS enabled, allowing an attacker to recover the WPA2 password.

182. Which Wi-Fi attack can be prevented by disabling auto-connect to open networks?

A) Evil Twin Attack
B) WPA3 Handshake Attack
C) MAC Spoofing Attack
D) ARP Poisoning Attack

Answer: A) Evil Twin Attack
Explanation: Evil Twin attacks trick devices into connecting to a rogue access point. Disabling auto-connect helps prevent this.

183. Which attack exploits weaknesses in WEP’s encryption by analyzing the Initialization Vector (IV)?

A) Chop-Chop Attack
B) Dictionary Attack
C) MAC Spoofing Attack
D) SSL Stripping Attack

Answer: A) Chop-Chop Attack
Explanation: The Chop-Chop Attack breaks WEP encryption by manipulating the Initialization Vector (IV).

184. What is an effective way to prevent “KRACK” attacks?

A) Upgrading to WPA3
B) Using MAC filtering
C) Hiding the SSID
D) Lowering Wi-Fi signal strength

Answer: A) Upgrading to WPA3
Explanation: The KRACK attack exploited a flaw in WPA2’s handshake. Upgrading to WPA3 eliminates this vulnerability.

185. What is a practical method to detect rogue access points in a Wi-Fi network?

A) Using a Wireless Intrusion Detection System (WIDS)
B) Changing Wi-Fi passwords daily
C) Disabling DHCP
D) Using MAC filtering

Answer: A) Using a Wireless Intrusion Detection System (WIDS)
Explanation: A WIDS monitors Wi-Fi networks for unauthorized access points.

186. What tool is used to inject packets into a Wi-Fi network for security testing?

A) aireplay-ng
B) Metasploit
C) John the Ripper
D) Hashcat

Answer: A) aireplay-ng
Explanation: aireplay-ng is used for packet injection attacks, such as deauthentication attacks and replay attacks.

187. What is a “Pineapple Attack” in Wi-Fi security?

A) A method to steal credentials using a rogue AP
B) A way to increase Wi-Fi signal strength
C) A technique for brute-forcing WPA3 passwords
D) A method for bypassing MAC filtering

Answer: A) A method to steal credentials using a rogue AP
Explanation: The Wi-Fi Pineapple is a device used to conduct Evil Twin attacks and steal credentials.

188. What attack involves sending excessive probe requests to an access point?

A) Probe Request Flood Attack
B) MITM Attack
C) WPA Downgrade Attack
D) PMKID Attack

Answer: A) Probe Request Flood Attack
Explanation: A Probe Request Flood Attack overwhelms the access point with excessive requests, leading to performance degradation.

189. Which Wi-Fi feature should be disabled to prevent unauthorized automatic connections?

A) WPS
B) MAC Filtering
C) AES Encryption
D) WPA2-Enterprise

Answer: A) WPS
Explanation: WPS (Wi-Fi Protected Setup) is vulnerable to brute-force attacks and should be disabled for security.

190. What is an effective way to prevent deauthentication attacks?

A) Enabling Protected Management Frames (PMF)
B) Disabling SSID broadcast
C) Using MAC filtering
D) Changing the Wi-Fi channel frequently

Answer: A) Enabling Protected Management Frames (PMF)
Explanation: PMF (802.11w) encrypts management frames, preventing deauthentication attacks.

191. What is the primary purpose of a “War Driving” attack?

A) To map Wi-Fi networks while moving
B) To inject malicious packets into a network
C) To perform a brute-force attack on WPA2
D) To jam wireless signals

Answer: A) To map Wi-Fi networks while moving
Explanation: War Driving is the practice of scanning for Wi-Fi networks while traveling.

192. What tool is commonly used to crack WPA/WPA2 passwords using dictionary attacks?

A) Hashcat
B) Hydra
C) Ettercap
D) Nikto

Answer: A) Hashcat
Explanation: Hashcat is a powerful GPU-based password cracking tool, commonly used for Wi-Fi password attacks.

193. What feature of WPA3 prevents dictionary attacks?

A) Simultaneous Authentication of Equals (SAE)
B) AES-TKIP encryption
C) MAC Address Filtering
D) WEP-PSK

Answer: A) Simultaneous Authentication of Equals (SAE)
Explanation: SAE in WPA3 makes it resistant to offline dictionary attacks.

194. What is the primary function of “hcxdumptool” in Wi-Fi penetration testing?

A) Capturing PMKID hashes for offline cracking
B) Sniffing HTTPS traffic
C) Bypassing MAC address filtering
D) Cracking SSL certificates

Answer: A) Capturing PMKID hashes for offline cracking
Explanation: hcxdumptool captures PMKID hashes, allowing offline WPA2 password cracking.

195. What is an effective countermeasure against Evil Twin attacks?

A) Using certificate-based authentication
B) Hiding the SSID
C) Changing MAC addresses frequently
D) Using WEP encryption

Answer: A) Using certificate-based authentication
Explanation: Certificate-based authentication ensures devices only connect to trusted networks, preventing Evil Twin attacks.

196. What frequency band does Wi-Fi 6E introduce for less interference?

A) 6 GHz
B) 5 GHz
C) 2.4 GHz
D) 10 GHz

Answer: A) 6 GHz
Explanation: Wi-Fi 6E introduces the 6 GHz frequency band, reducing network congestion and interference.

197. What type of attack involves manipulating beacon frames?

A) Beacon Flood Attack
B) WPA Downgrade Attack
C) ARP Poisoning Attack
D) Deauthentication Attack

Answer: A) Beacon Flood Attack
Explanation: Beacon Flood Attacks involve sending excessive beacon frames, overwhelming a network.

198. What is a best practice for securing public Wi-Fi connections?

A) Using a VPN
B) Disabling encryption
C) Using static IP addresses
D) Lowering the signal strength

Answer: A) Using a VPN
Explanation: A VPN encrypts traffic, making public Wi-Fi usage safer from eavesdroppers.

199. What is the maximum theoretical speed of Wi-Fi 7?

A) 46 Gbps
B) 9.6 Gbps
C) 20 Gbps
D) 100 Gbps

Answer: A) 46 Gbps
Explanation: Wi-Fi 7 supports speeds up to 46 Gbps, improving bandwidth and efficiency.

200. What type of Wi-Fi attack involves modifying DNS responses?

A) DNS Spoofing Attack
B) MAC Spoofing Attack
C) WPA Downgrade Attack
D) Deauthentication Attack

Answer: A) DNS Spoofing Attack
Explanation: DNS spoofing redirects users to malicious websites by altering DNS responses.

Wireless Hacking – Breaking into Wi-Fi Networks – MCQ Questions