Wireless Security - Protecting Wi-Fi Networks - MCQ Questions

1. Which encryption protocol is considered the most secure for Wi-Fi networks?

A) WEP
B) WPA
C) WPA2
D) WPA3
✅ Answer: D) WPA3
Explanation: WPA3 is the latest and most secure Wi-Fi encryption protocol, offering stronger protection against brute-force attacks and better security for open networks.

2. What is the main vulnerability of WEP (Wired Equivalent Privacy)?

A) Uses short passwords
B) Weak encryption keys that can be cracked
C) Does not use encryption
D) Requires a complex setup
✅ Answer: B) Weak encryption keys that can be cracked
Explanation: WEP uses a weak RC4 encryption algorithm with a static key, making it vulnerable to IV-based attacks that allow hackers to crack the key in minutes.

3. Which attack involves an attacker setting up a rogue Wi-Fi network with a similar name to a legitimate one?

A) Evil Twin Attack
B) MAC Spoofing
C) Deauthentication Attack
D) DNS Spoofing
✅ Answer: A) Evil Twin Attack
Explanation: In an Evil Twin Attack, an attacker sets up a fake access point (AP) with the same SSID as a legitimate one, tricking users into connecting and stealing their data.

4. How does MAC address filtering enhance Wi-Fi security?

A) Encrypts Wi-Fi traffic
B) Blocks unauthorized devices by their MAC addresses
C) Prevents brute-force attacks
D) Hides the SSID from attackers
✅ Answer: B) Blocks unauthorized devices by their MAC addresses
Explanation: MAC filtering allows only specific device MAC addresses to connect. However, it is not foolproof as attackers can spoof MAC addresses.

5. What is the recommended security measure for protecting a home Wi-Fi network?

A) Disable SSID broadcasting
B) Use a strong WPA3 password
C) Use MAC address filtering
D) Enable WEP encryption
✅ Answer: B) Use a strong WPA3 password
Explanation: Using WPA3 with a long and complex passphrase is the best way to secure a home Wi-Fi network. Hiding SSID and MAC filtering are not sufficient.

6. What is the function of a deauthentication attack in Wi-Fi hacking?

A) Captures network packets
B) Forces a device to disconnect from a Wi-Fi network
C) Cracks the Wi-Fi password
D) Encrypts user data
✅ Answer: B) Forces a device to disconnect from a Wi-Fi network
Explanation: Attackers send deauthentication frames to disconnect users, often used to force reconnection to an Evil Twin AP or capture WPA2 handshake data for cracking.

7. Which tool is commonly used for Wi-Fi penetration testing?

A) Wireshark
B) Aircrack-ng
C) Burp Suite
D) Metasploit
✅ Answer: B) Aircrack-ng
Explanation: Aircrack-ng is a suite of tools used to capture packets, analyze Wi-Fi traffic, perform deauth attacks, and crack WEP/WPA2 passwords.

8. Why is disabling SSID broadcasting not a foolproof security measure?

A) Hackers can still detect the SSID using packet sniffing
B) It causes the Wi-Fi network to stop working
C) It makes the network stronger
D) It blocks all users from connecting
✅ Answer: A) Hackers can still detect the SSID using packet sniffing
Explanation: Even if SSID is hidden, Wi-Fi beacon frames can be captured by sniffing tools like Kismet or Wireshark, exposing the SSID.

9. What is the recommended minimum character length for a WPA2/WPA3 passphrase?

A) 6 characters
B) 8 characters
C) 12 characters
D) 16 characters
✅ Answer: D) 16 characters
Explanation: A 16+ character passphrase with a mix of letters, numbers, and special characters greatly reduces the risk of brute-force attacks.

10. What is a common method attackers use to crack WPA2-PSK passwords?

A) Man-in-the-Middle (MITM)
B) Brute-force attacks using captured handshake
C) SQL Injection
D) DNS Hijacking
✅ Answer: B) Brute-force attacks using captured handshake
Explanation: Attackers capture the WPA2 handshake and use dictionary or brute-force attacks with tools like hashcat to guess the password.

11. What is the best practice for securing guest Wi-Fi networks?

A) Use WEP encryption
B) Use the same SSID as the main network
C) Separate it from the main network with VLANs
D) Disable encryption
✅ Answer: C) Separate it from the main network with VLANs
Explanation: VLANs isolate guest networks from internal networks, preventing unauthorized access to sensitive devices.

12. What is Wi-Fi Protected Setup (WPS) vulnerable to?

A) SQL Injection
B) Brute-force attacks on PIN authentication
C) DNS Spoofing
D) Cross-Site Scripting (XSS)
✅ Answer: B) Brute-force attacks on PIN authentication
Explanation: WPS uses an 8-digit PIN, which can be cracked in hours using tools like Reaver, allowing attackers to retrieve the WPA2 key.

13. What type of attack can occur if a public Wi-Fi network is not encrypted?

A) Man-in-the-Middle (MITM)
B) SQL Injection
C) Ransomware
D) Cross-Site Request Forgery (CSRF)
✅ Answer: A) Man-in-the-Middle (MITM)
Explanation: Attackers can intercept and alter data traffic using MITM attacks when public Wi-Fi is unencrypted.

14. Which protocol is used for secure remote access over a Wi-Fi network?

A) FTP
B) SSH
C) Telnet
D) HTTP
✅ Answer: B) SSH
Explanation: SSH (Secure Shell) encrypts remote access sessions, unlike Telnet, which transmits data in plaintext.

15. What is the primary security concern with using public Wi-Fi?

A) High latency
B) Slow speed
C) Lack of encryption and easy MITM attacks
D) Excessive advertisements
✅ Answer: C) Lack of encryption and easy MITM attacks
Explanation: Public Wi-Fi networks often lack encryption, making them easy targets for sniffing and MITM attacks.

16. What is a common security risk of using an open Wi-Fi network?

A) Slow internet speed
B) Unauthorized access to devices and data interception
C) Higher bandwidth consumption
D) Limited device compatibility
✅ Answer: B) Unauthorized access to devices and data interception
Explanation: Open Wi-Fi networks do not use encryption, making it easy for attackers to intercept traffic, steal credentials, or inject malicious content.

17. What is the best way to prevent unauthorized access to a Wi-Fi router’s admin panel?

A) Use a complex default password
B) Disable firewall settings
C) Enable remote management
D) Use a strong custom admin password and disable remote access
✅ Answer: D) Use a strong custom admin password and disable remote access
Explanation: Changing the default admin password and disabling remote management prevent unauthorized users from accessing and configuring the router.

18. How can an attacker perform a deauthentication attack?

A) Sending forged deauthentication packets to disconnect users
B) Using SQL Injection
C) Brute-forcing a WPA2 passphrase
D) Exploiting a buffer overflow
✅ Answer: A) Sending forged deauthentication packets to disconnect users
Explanation: Attackers send fake deauthentication frames to disconnect users, often to force them to connect to a rogue access point (Evil Twin attack).

19. What is the function of a wireless intrusion detection system (WIDS)?

A) Provides a firewall for wireless networks
B) Detects and alerts about suspicious Wi-Fi activities
C) Prevents brute-force attacks on Wi-Fi passwords
D) Blocks all unauthorized users
✅ Answer: B) Detects and alerts about suspicious Wi-Fi activities
Explanation: WIDS monitors for rogue APs, unauthorized access, and attacks like deauth floods and Evil Twin attacks.

20. What is the primary purpose of a captive portal in Wi-Fi security?

A) Hides the SSID
B) Redirects users to a login page before granting access
C) Encrypts all network traffic
D) Prevents MAC address spoofing
✅ Answer: B) Redirects users to a login page before granting access
Explanation: Captive portals require users to authenticate (e.g., enter credentials, agree to terms) before accessing the internet.

21. What is the recommended setting for WPS (Wi-Fi Protected Setup) on routers?

A) Enable WPS for easy setup
B) Keep WPS enabled but change the PIN
C) Disable WPS completely
D) Change SSID frequently
✅ Answer: C) Disable WPS completely
Explanation: WPS is vulnerable to brute-force attacks, making it a major security risk. Disabling it improves Wi-Fi security.

22. Which Wi-Fi authentication method provides the highest level of security?

A) Open Authentication
B) WPA2-PSK
C) WPA3-Enterprise
D) WEP
✅ Answer: C) WPA3-Enterprise
Explanation: WPA3-Enterprise uses EAP authentication with a RADIUS server, providing strong encryption and individual user authentication.

23. What is a key advantage of using 802.1X authentication in Wi-Fi networks?

A) Allows users to connect without a password
B) Provides per-user authentication via a RADIUS server
C) Hides the network from unauthorized users
D) Increases Wi-Fi range
✅ Answer: B) Provides per-user authentication via a RADIUS server
Explanation: 802.1X uses EAP (Extensible Authentication Protocol) and a RADIUS server for individual authentication, improving security in enterprise networks.

24. Which wireless attack involves capturing encrypted packets and attempting to decrypt them offline?

A) Evil Twin Attack
B) War Driving
C) WPA2 Handshake Capture & Cracking
D) MAC Spoofing
✅ Answer: C) WPA2 Handshake Capture & Cracking
Explanation: Attackers capture the WPA2 handshake during authentication and use brute-force or dictionary attacks to crack the password.

25. How can an organization prevent rogue access points from being installed in their network?

A) Disable SSID broadcasting
B) Use a Wireless Intrusion Prevention System (WIPS)
C) Block all MAC addresses
D) Reduce signal strength
✅ Answer: B) Use a Wireless Intrusion Prevention System (WIPS)
Explanation: WIPS detects and blocks unauthorized APs to prevent employees from setting up insecure Wi-Fi networks.

26. What is the purpose of Wi-Fi geofencing?

A) Encrypts all traffic
B) Restricts Wi-Fi access based on location
C) Prevents malware attacks
D) Blocks all unauthorized MAC addresses
✅ Answer: B) Restricts Wi-Fi access based on location
Explanation: Geofencing limits Wi-Fi usage to specific physical areas, preventing unauthorized access from outside the premises.

27. Which attack exploits Wi-Fi signals that extend beyond secure locations?

A) Evil Twin Attack
B) War Driving
C) SQL Injection
D) Smishing
✅ Answer: B) War Driving
Explanation: War Driving involves scanning for open or weak Wi-Fi networks while moving through public areas.

28. What is one way to mitigate a Wi-Fi jamming attack?

A) Change Wi-Fi encryption to WEP
B) Increase signal power
C) Use frequency hopping spread spectrum (FHSS)
D) Disable SSID broadcasting
✅ Answer: C) Use frequency hopping spread spectrum (FHSS)
Explanation: FHSS switches frequencies to prevent constant jamming on a single channel.

29. What does a VPN (Virtual Private Network) do when connected to a public Wi-Fi network?

A) Prevents SSID spoofing
B) Encrypts internet traffic to prevent snooping
C) Increases Wi-Fi range
D) Bypasses MAC filtering
✅ Answer: B) Encrypts internet traffic to prevent snooping
Explanation: A VPN encrypts data, preventing MITM attacks and packet sniffing on untrusted Wi-Fi networks.

30. What is the recommended action if a Wi-Fi network is suspected to be malicious?

A) Connect and test the internet speed
B) Use the same password as a trusted network
C) Avoid connecting and report it to network administrators
D) Disable your firewall
✅ Answer: C) Avoid connecting and report it to network administrators
Explanation: Evil Twin and rogue APs are common threats. Never connect to suspicious Wi-Fi networks.

31. What is the main function of an Evil Twin attack?

A) To flood a Wi-Fi network with traffic
B) To create a fake access point that mimics a legitimate network
C) To disable encryption on the network
D) To crack WPA3 passwords
✅ Answer: B) To create a fake access point that mimics a legitimate network
Explanation: Attackers use an Evil Twin AP to trick users into connecting, allowing them to intercept data and steal credentials.

32. What is the purpose of setting up a guest Wi-Fi network separately from the main network?

A) To improve internet speed
B) To provide a different SSID
C) To isolate guest users from critical internal resources
D) To allow unlimited bandwidth usage
✅ Answer: C) To isolate guest users from critical internal resources
Explanation: A separate guest Wi-Fi network prevents unauthorized access to internal company resources and sensitive data.

33. Which type of Wi-Fi encryption is no longer recommended due to severe vulnerabilities?

A) WPA2
B) WPA3
C) WEP
D) TKIP
✅ Answer: C) WEP
Explanation: WEP (Wired Equivalent Privacy) uses weak encryption and can be cracked in minutes, making it obsolete.

34. Which tool is commonly used for detecting rogue Wi-Fi networks?

A) Kismet
B) Hydra
C) Nikto
D) Snort
✅ Answer: A) Kismet
Explanation: Kismet is a popular tool for wireless network detection, intrusion detection, and packet sniffing.

35. What is a key difference between WPA2-PSK and WPA2-Enterprise?

A) WPA2-Enterprise requires a RADIUS server for authentication
B) WPA2-PSK offers stronger encryption
C) WPA2-Enterprise does not support wireless encryption
D) WPA2-PSK is more secure for large organizations
✅ Answer: A) WPA2-Enterprise requires a RADIUS server for authentication
Explanation: WPA2-Enterprise uses 802.1X authentication via a RADIUS server, making it more secure for organizations.

36. What is a common method used to secure IoT devices on a Wi-Fi network?

A) Using a separate VLAN or network segment
B) Disabling Wi-Fi encryption
C) Allowing remote access
D) Using default login credentials
✅ Answer: A) Using a separate VLAN or network segment
Explanation: Segmenting IoT devices on a separate VLAN prevents lateral movement in case of a security breach.

37. How does a Wi-Fi honeypot work?

A) It acts as a bait network to attract and monitor attackers
B) It encrypts all wireless traffic
C) It prevents deauthentication attacks
D) It disables unauthorized access points
✅ Answer: A) It acts as a bait network to attract and monitor attackers
Explanation: Wi-Fi honeypots lure attackers into connecting, allowing security teams to analyze malicious activities.

38. Which Wi-Fi security feature prevents a device from connecting to an unauthorized access point?

A) WPA3 encryption
B) MAC filtering
C) Wireless Intrusion Prevention System (WIPS)
D) Captive portal
✅ Answer: C) Wireless Intrusion Prevention System (WIPS)
Explanation: WIPS detects and prevents connections to rogue access points and Evil Twin networks.

39. What is one way to detect a Wi-Fi Evil Twin attack?

A) Using a VPN
B) Checking for duplicate SSIDs with different MAC addresses
C) Increasing signal strength
D) Disabling network logs
✅ Answer: B) Checking for duplicate SSIDs with different MAC addresses
Explanation: An Evil Twin attack involves creating a fake AP with the same SSID but a different MAC address, which can be detected using network monitoring tools.

40. Why should you disable UPnP (Universal Plug and Play) on a Wi-Fi router?

A) It reduces internet speed
B) It prevents unauthorized devices from opening ports automatically
C) It hides the SSID
D) It prevents MAC address spoofing
✅ Answer: B) It prevents unauthorized devices from opening ports automatically
Explanation: UPnP can allow malware or attackers to open ports without user intervention, leading to security vulnerabilities.

41. What is the recommended action if a company detects an unauthorized access point on its network?

A) Change the SSID
B) Block the device using MAC filtering
C) Locate and physically remove the rogue AP
D) Restart the router
✅ Answer: C) Locate and physically remove the rogue AP
Explanation: Rogue APs pose serious security risks and should be physically identified and removed immediately.

42. How does enabling 802.11w improve Wi-Fi security?

A) Encrypts management frames to prevent deauthentication attacks
B) Increases internet speed
C) Disables SSID broadcasting
D) Allows MAC address filtering
✅ Answer: A) Encrypts management frames to prevent deauthentication attacks
Explanation: 802.11w (Management Frame Protection, MFP) prevents attackers from sending fake deauthentication frames.

43. What is the purpose of a VPN on a public Wi-Fi network?

A) To provide faster internet speeds
B) To prevent DNS spoofing
C) To encrypt all network traffic and prevent eavesdropping
D) To block advertisements
✅ Answer: C) To encrypt all network traffic and prevent eavesdropping
Explanation: VPNs encrypt traffic, preventing MITM attacks and packet sniffing on public networks.

44. Which authentication method is used by WPA3-Personal?

A) Pre-Shared Key (PSK)
B) Simultaneous Authentication of Equals (SAE)
C) Extensible Authentication Protocol (EAP)
D) RADIUS
✅ Answer: B) Simultaneous Authentication of Equals (SAE)
Explanation: WPA3-Personal replaces PSK with SAE, offering stronger protection against brute-force attacks.

45. What is the purpose of using a RADIUS server in enterprise Wi-Fi security?

A) To log all internet traffic
B) To authenticate users before granting network access
C) To increase internet speed
D) To prevent rogue APs
✅ Answer: B) To authenticate users before granting network access
Explanation: RADIUS servers authenticate users in WPA2/WPA3-Enterprise environments, improving security.

46. What is the primary function of a Wi-Fi kill switch in security settings?

A) To increase Wi-Fi speed
B) To disable the Wi-Fi adapter to prevent network access
C) To prevent websites from tracking users
D) To automatically change Wi-Fi passwords
✅ Answer: B) To disable the Wi-Fi adapter to prevent network access
Explanation: A Wi-Fi kill switch turns off the Wi-Fi adapter, preventing unauthorized connections and reducing attack exposure in untrusted environments.

47. How can you detect unauthorized Wi-Fi devices on a network?

A) By changing the Wi-Fi channel frequently
B) By using a network scanning tool like Nmap
C) By hiding the SSID
D) By enabling UPnP
✅ Answer: B) By using a network scanning tool like Nmap
Explanation: Nmap, Kismet, and Wireshark can detect unauthorized devices connected to a network by scanning for active IPs and MAC addresses.

48. Which of the following is NOT a recommended security measure for home Wi-Fi?

A) Changing the default router login credentials
B) Enabling remote management for convenience
C) Using WPA3 encryption
D) Disabling WPS
✅ Answer: B) Enabling remote management for convenience
Explanation: Remote management allows external access to the router’s settings, making it vulnerable to attacks. It should be disabled unless absolutely necessary.

49. What does “Wi-Fi 6” (802.11ax) improve in terms of security?

A) Introduces WPA3 as a mandatory feature
B) Increases Wi-Fi range
C) Uses MAC address filtering by default
D) Encrypts all traffic end-to-end
✅ Answer: A) Introduces WPA3 as a mandatory feature
Explanation: Wi-Fi 6 (802.11ax) mandates WPA3 encryption, enhancing security against brute-force and MITM attacks.

50. Why is it important to regularly update router firmware?

A) To improve battery life
B) To fix security vulnerabilities and patch exploits
C) To hide the SSID
D) To enable UPnP
✅ Answer: B) To fix security vulnerabilities and patch exploits
Explanation: Firmware updates fix bugs, vulnerabilities, and security flaws that attackers might exploit to gain access.

51. What does the KRACK (Key Reinstallation Attack) exploit?

A) A vulnerability in WPA2 encryption
B) Weak passwords in WPA3
C) Insecure guest networks
D) Default router credentials
✅ Answer: A) A vulnerability in WPA2 encryption
Explanation: KRACK exploits weaknesses in WPA2 key reinstallation, allowing attackers to decrypt Wi-Fi traffic and intercept data.

52. What is the primary goal of Wi-Fi fingerprinting?

A) To track and identify devices based on Wi-Fi activity
B) To improve network speed
C) To prevent brute-force attacks
D) To change MAC addresses automatically
✅ Answer: A) To track and identify devices based on Wi-Fi activity
Explanation: Wi-Fi fingerprinting is a technique used to track devices based on their unique signal characteristics and behaviors.

53. What is the purpose of an SSID cloaking feature?

A) To prevent Wi-Fi jamming
B) To hide the network name from casual discovery
C) To improve Wi-Fi performance
D) To encrypt Wi-Fi traffic
✅ Answer: B) To hide the network name from casual discovery
Explanation: SSID cloaking hides the network name, but it does not provide real security as attackers can still discover hidden SSIDs using packet sniffing.

54. Why is using a default router SSID a security risk?

A) It slows down the Wi-Fi speed
B) It reveals the router manufacturer, helping attackers exploit known vulnerabilities
C) It prevents deauthentication attacks
D) It reduces interference from other networks
✅ Answer: B) It reveals the router manufacturer, helping attackers exploit known vulnerabilities
Explanation: Attackers can identify the router brand from the default SSID and exploit manufacturer-specific vulnerabilities.

55. What is the main risk of using an outdated Wi-Fi encryption protocol?

A) Increased power consumption
B) Slow internet speeds
C) Susceptibility to cracking attacks
D) Inability to connect older devices
✅ Answer: C) Susceptibility to cracking attacks
Explanation: Outdated encryption, such as WEP and WPA, can be easily cracked, exposing the network to unauthorized access.

56. How can network segmentation improve Wi-Fi security?

A) By reducing interference between devices
B) By isolating sensitive devices from guest users
C) By increasing Wi-Fi speed
D) By hiding the SSID
✅ Answer: B) By isolating sensitive devices from guest users
Explanation: Network segmentation ensures that guest users, IoT devices, and internal systems are separated, reducing security risks.

57. What is one way to mitigate brute-force attacks against a Wi-Fi network?

A) Disabling SSID broadcasting
B) Enforcing strong, complex passwords with WPA3
C) Using WEP encryption
D) Increasing router power output
✅ Answer: B) Enforcing strong, complex passwords with WPA3
Explanation: WPA3 encryption and long, complex passwords prevent brute-force attacks by making password cracking significantly harder.

58. What is the primary risk of allowing IoT devices to connect to a main Wi-Fi network?

A) They consume too much bandwidth
B) They can be used as entry points for attacks
C) They reduce battery life of connected devices
D) They prevent other devices from connecting
✅ Answer: B) They can be used as entry points for attacks
Explanation: Many IoT devices have weak security, making them vulnerable to attacks that can compromise the main network.

59. What technique is used to prevent Wi-Fi packet sniffing?

A) Using HTTPS instead of HTTP
B) Enabling encryption like WPA3
C) Hiding the SSID
D) Changing MAC addresses frequently
✅ Answer: B) Enabling encryption like WPA3
Explanation: WPA3 encryption ensures that Wi-Fi traffic is encrypted, preventing attackers from capturing and analyzing packets.

60. What is an effective countermeasure against Wi-Fi signal jamming?

A) Reducing router power output
B) Using frequency hopping or spread spectrum techniques
C) Hiding the SSID
D) Allowing only one device to connect at a time
✅ Answer: B) Using frequency hopping or spread spectrum techniques
Explanation: FHSS (Frequency Hopping Spread Spectrum) and DSSS (Direct Sequence Spread Spectrum) help mitigate Wi-Fi jamming attacks by constantly switching frequencies.

61. What is the primary security risk of using public Wi-Fi hotspots?

A) Slow internet speed
B) Unencrypted traffic that can be intercepted
C) High data usage charges
D) Limited range
✅ Answer: B) Unencrypted traffic that can be intercepted
Explanation: Public Wi-Fi networks lack encryption, making them vulnerable to packet sniffing and MITM (Man-in-the-Middle) attacks.

62. How can users protect their data while using public Wi-Fi?

A) Use only HTTP websites
B) Connect to an unencrypted network
C) Use a VPN (Virtual Private Network)
D) Disable encryption
✅ Answer: C) Use a VPN (Virtual Private Network)
Explanation: A VPN encrypts traffic, preventing attackers from intercepting sensitive data over untrusted Wi-Fi networks.

63. Which attack allows an adversary to impersonate a legitimate Wi-Fi access point?

A) ARP Poisoning
B) Evil Twin Attack
C) DNS Spoofing
D) SQL Injection
✅ Answer: B) Evil Twin Attack
Explanation: Evil Twin attacks create fake Wi-Fi access points that mimic legitimate networks, tricking users into connecting and exposing their data.

64. What is Wi-Fi deauthentication used for in hacking?

A) Prevents devices from connecting to an access point
B) Encrypts Wi-Fi traffic
C) Hides SSIDs from attackers
D) Improves Wi-Fi performance
✅ Answer: A) Prevents devices from connecting to an access point
Explanation: Attackers send deauthentication packets to disconnect users, often as part of a WPA2 handshake capture attack.

65. What is an effective way to prevent Wi-Fi brute-force attacks?

A) Use a short and simple password
B) Change Wi-Fi encryption to WEP
C) Implement WPA3 with a long and complex passphrase
D) Allow open authentication
✅ Answer: C) Implement WPA3 with a long and complex passphrase
Explanation: WPA3 encryption with a strong passphrase significantly reduces the risk of brute-force attacks.

66. What is the purpose of implementing RADIUS authentication in enterprise Wi-Fi networks?

A) To provide per-user authentication and access control
B) To block all unauthorized devices
C) To increase internet speed
D) To hide the SSID
✅ Answer: A) To provide per-user authentication and access control
Explanation: RADIUS (Remote Authentication Dial-In User Service) allows centralized authentication for enterprise Wi-Fi security.

67. What is a common method to detect rogue access points?

A) Changing the SSID frequently
B) Using a Wireless Intrusion Detection System (WIDS)
C) Disabling WPA3 encryption
D) Enabling MAC address filtering
✅ Answer: B) Using a Wireless Intrusion Detection System (WIDS)
Explanation: WIDS scans the airwaves for unauthorized APs, alerting network administrators about rogue devices.

68. How can companies prevent Wi-Fi sniffing on their networks?

A) Disabling encryption
B) Using WEP encryption
C) Enforcing WPA3 encryption and TLS-based communication
D) Allowing open Wi-Fi access
✅ Answer: C) Enforcing WPA3 encryption and TLS-based communication
Explanation: WPA3 encrypts Wi-Fi traffic, and TLS secures web traffic, preventing packet sniffing.

69. Why is using HTTPS important on Wi-Fi networks?

A) It encrypts web traffic, preventing MITM attacks
B) It speeds up internet connections
C) It disables MAC address spoofing
D) It prevents Wi-Fi jamming
✅ Answer: A) It encrypts web traffic, preventing MITM attacks
Explanation: HTTPS encrypts web traffic, preventing attackers from intercepting sensitive data even on compromised Wi-Fi networks.

70. How can you prevent an attacker from accessing your router settings?

A) Enable remote management
B) Use a strong admin password and disable remote access
C) Allow guest users to modify router settings
D) Use default login credentials
✅ Answer: B) Use a strong admin password and disable remote access
Explanation: A strong router admin password and disabling remote access prevent unauthorized access to router settings.

71. Which Wi-Fi security feature encrypts management frames to prevent deauthentication attacks?

A) SSID cloaking
B) MAC address filtering
C) 802.11w (Management Frame Protection)
D) WEP encryption
✅ Answer: C) 802.11w (Management Frame Protection)
Explanation: 802.11w encrypts management frames, preventing deauthentication and disassociation attacks.

72. What is the function of a captive portal on a Wi-Fi network?

A) Requires users to authenticate before accessing the network
B) Increases bandwidth allocation
C) Disables MAC filtering
D) Provides encryption for all traffic
✅ Answer: A) Requires users to authenticate before accessing the network
Explanation: Captive portals require users to log in, improving security and controlling network access.

73. What is the main risk of using default SSIDs on a Wi-Fi network?

A) It makes the network easily identifiable for attackers
B) It speeds up network connections
C) It prevents brute-force attacks
D) It disables remote access
✅ Answer: A) It makes the network easily identifiable for attackers
Explanation: Default SSIDs reveal the router manufacturer, allowing attackers to exploit known vulnerabilities.

74. What is the main benefit of using MAC address randomization?

A) Prevents tracking of devices by Wi-Fi networks
B) Increases Wi-Fi speed
C) Reduces interference
D) Blocks deauthentication attacks
✅ Answer: A) Prevents tracking of devices by Wi-Fi networks
Explanation: MAC randomization prevents tracking by constantly changing a device’s MAC address.

75. Which attack exploits the reinstallation of encryption keys in WPA2?

A) DNS Spoofing
B) KRACK Attack
C) SQL Injection
D) Evil Twin Attack
✅ Answer: B) KRACK Attack
Explanation: KRACK (Key Reinstallation Attack) exploits WPA2 vulnerabilities to decrypt traffic.

76. Why should UPnP (Universal Plug and Play) be disabled on a Wi-Fi router?

A) It allows automatic port forwarding, which can be exploited
B) It speeds up network traffic
C) It encrypts all Wi-Fi communications
D) It increases Wi-Fi range
✅ Answer: A) It allows automatic port forwarding, which can be exploited
Explanation: UPnP can be abused by malware to open ports, exposing devices to attacks.

77. What is the recommended action when detecting a suspicious Wi-Fi network?

A) Connect and test its speed
B) Avoid connecting and report it
C) Change SSID settings
D) Disable WPA3
✅ Answer: B) Avoid connecting and report it
Explanation: Suspicious Wi-Fi networks could be Evil Twin or rogue APs, so they should be avoided and reported.

78. What is the primary function of Wi-Fi Protected Management Frames (PMF)?

A) To hide the SSID from attackers
B) To encrypt management frames and prevent deauthentication attacks
C) To increase the Wi-Fi signal strength
D) To prevent DNS spoofing
✅ Answer: B) To encrypt management frames and prevent deauthentication attacks
Explanation: Wi-Fi Protected Management Frames (PMF), introduced in 802.11w, encrypt management frames, preventing attacks like deauthentication and disassociation.

79. How can an attacker exploit weak Wi-Fi encryption?

A) By using packet sniffing tools like Wireshark
B) By disabling their own Wi-Fi adapter
C) By increasing their own signal strength
D) By changing the SSID frequently
✅ Answer: A) By using packet sniffing tools like Wireshark
Explanation: Attackers can use Wireshark or Aircrack-ng to capture and analyze unencrypted packets, potentially decrypting weak Wi-Fi encryption.

80. What is a good practice for preventing unauthorized devices from connecting to a Wi-Fi network?

A) Using MAC address filtering along with WPA3 encryption
B) Changing SSID frequently
C) Disabling the firewall
D) Enabling WEP encryption
✅ Answer: A) Using MAC address filtering along with WPA3 encryption
Explanation: WPA3 encryption provides strong security, while MAC filtering adds an extra layer by allowing only approved devices to connect.

81. What is a limitation of using MAC address filtering as a Wi-Fi security measure?

A) It prevents all brute-force attacks
B) MAC addresses can be easily spoofed
C) It blocks all unauthorized connections
D) It increases Wi-Fi speed
✅ Answer: B) MAC addresses can be easily spoofed
Explanation: Attackers can use MAC spoofing tools to impersonate an authorized device and bypass MAC filtering restrictions.

82. How does Wi-Fi Direct differ from traditional Wi-Fi networks?

A) It connects devices without requiring a central access point
B) It requires WPA2 encryption
C) It only supports WEP encryption
D) It requires a physical cable connection
✅ Answer: A) It connects devices without requiring a central access point
Explanation: Wi-Fi Direct allows devices to communicate peer-to-peer (P2P) without needing a traditional Wi-Fi router or access point.

83. What is an effective way to detect unauthorized access points in an organization?

A) Using a wireless intrusion prevention system (WIPS)
B) Hiding the SSID
C) Reducing Wi-Fi signal strength
D) Changing the router’s default password
✅ Answer: A) Using a wireless intrusion prevention system (WIPS)
Explanation: WIPS detects and prevents rogue access points, ensuring only authorized APs are operational.

84. What role does Wi-Fi frequency play in security?

A) Lower frequencies provide stronger encryption
B) Some frequencies are more resistant to interference and attacks
C) Higher frequencies prevent deauthentication attacks
D) Frequency does not affect security
✅ Answer: B) Some frequencies are more resistant to interference and attacks
Explanation: 5 GHz and 6 GHz bands are less congested than 2.4 GHz, reducing interference and risk of attacks like Wi-Fi jamming.

85. How does a Denial-of-Service (DoS) attack affect a Wi-Fi network?

A) It disables encryption
B) It floods the network with traffic, causing connectivity issues
C) It allows unauthorized users to access the network
D) It improves Wi-Fi performance
✅ Answer: B) It floods the network with traffic, causing connectivity issues
Explanation: Wi-Fi DoS attacks send massive amounts of traffic or deauthentication frames, disconnecting users and overwhelming the network.

86. What is an advantage of using 5 GHz Wi-Fi over 2.4 GHz?

A) It provides stronger encryption
B) It has higher data transfer speeds and less interference
C) It increases the range of the signal
D) It prevents all types of cyberattacks
✅ Answer: B) It has higher data transfer speeds and less interference
Explanation: 5 GHz Wi-Fi offers faster speeds and experiences less interference, making it ideal for secure, high-performance networks.

87. Which of the following is a recommended security measure for protecting IoT devices on a Wi-Fi network?

A) Keeping them on a separate network or VLAN
B) Allowing guest access to them
C) Disabling encryption to improve performance
D) Using default credentials for convenience
✅ Answer: A) Keeping them on a separate network or VLAN
Explanation: IoT devices often have weak security, so isolating them on a separate VLAN or network segment protects critical infrastructure.

88. Why is using a default Wi-Fi router password a security risk?

A) It reduces network speed
B) Attackers can easily find default passwords online
C) It prevents users from connecting
D) It disables encryption
✅ Answer: B) Attackers can easily find default passwords online
Explanation: Default admin passwords are widely known and shared online, making them easy targets for unauthorized access.

89. How does enabling “client isolation” improve Wi-Fi security?

A) It prevents connected devices from communicating with each other
B) It increases the speed of the network
C) It makes the SSID invisible to all users
D) It blocks unauthorized users from connecting
✅ Answer: A) It prevents connected devices from communicating with each other
Explanation: Client isolation prevents peer-to-peer communication, reducing risks of attacks like ARP spoofing or malware propagation within the network.

90. What is a Wi-Fi Pineapple used for in security testing?

A) Simulating and detecting Man-in-the-Middle attacks
B) Increasing Wi-Fi speed
C) Strengthening network encryption
D) Preventing MAC address spoofing
✅ Answer: A) Simulating and detecting Man-in-the-Middle attacks
Explanation: A Wi-Fi Pineapple is a tool used in penetration testing to conduct MITM attacks, detect vulnerabilities, and simulate rogue AP scenarios.

91. What is the primary goal of a Wi-Fi “Man-in-the-Middle” (MITM) attack?

A) To increase network bandwidth
B) To intercept and manipulate communication between two parties
C) To improve Wi-Fi encryption
D) To boost Wi-Fi range
✅ Answer: B) To intercept and manipulate communication between two parties
Explanation: MITM attacks occur when an attacker places themselves between a victim and the legitimate network, allowing them to intercept, modify, or steal data.

92. What is the function of Wi-Fi Protected Setup (WPS)?

A) It speeds up Wi-Fi connections
B) It allows users to connect devices easily using a PIN or button press
C) It encrypts Wi-Fi traffic end-to-end
D) It disables unauthorized access
✅ Answer: B) It allows users to connect devices easily using a PIN or button press
Explanation: WPS simplifies Wi-Fi setup, but its PIN method is vulnerable to brute-force attacks, making it insecure.

93. How can an attacker bypass Wi-Fi MAC filtering?

A) By using a VPN
B) By spoofing a trusted MAC address
C) By changing the Wi-Fi channel
D) By disabling DHCP
✅ Answer: B) By spoofing a trusted MAC address
Explanation: MAC address filtering is weak security, as attackers can use tools like MacChanger to impersonate allowed devices.

94. What security risk is associated with Wi-Fi auto-connect features?

A) It prevents users from switching networks
B) It allows devices to automatically connect to malicious networks
C) It reduces battery life
D) It increases Wi-Fi speed
✅ Answer: B) It allows devices to automatically connect to malicious networks
Explanation: Auto-connect settings can make devices connect to rogue APs or Evil Twin networks, exposing users to attacks.

95. What is the best way to protect against Wi-Fi eavesdropping?

A) Using strong encryption like WPA3 and a VPN
B) Enabling SSID broadcasting
C) Using WEP encryption
D) Disabling firewall settings
✅ Answer: A) Using strong encryption like WPA3 and a VPN
Explanation: WPA3 encrypts Wi-Fi traffic, and a VPN adds another layer of encryption for secure communication.

96. How does Wi-Fi geolocation tracking work?

A) By tracking the SSID name
B) By analyzing signal strength from multiple Wi-Fi access points
C) By encrypting the Wi-Fi network
D) By using VPNs
✅ Answer: B) By analyzing signal strength from multiple Wi-Fi access points
Explanation: Wi-Fi geolocation estimates a device’s location based on nearby Wi-Fi networks and signal strength.

97. Which of the following is a risk of allowing public guest Wi-Fi with no authentication?

A) Attackers can intercept unencrypted traffic
B) It prevents legitimate users from accessing the network
C) It improves security by limiting network access
D) It speeds up internet connections
✅ Answer: A) Attackers can intercept unencrypted traffic
Explanation: Open guest networks expose users to MITM attacks, as their traffic is unencrypted.

98. What is the recommended action if a Wi-Fi network requires WEP encryption?

A) Upgrade to WPA3 or WPA2 encryption
B) Increase the SSID signal strength
C) Disable all encryption
D) Change the SSID name
✅ Answer: A) Upgrade to WPA3 or WPA2 encryption
Explanation: WEP is obsolete and vulnerable, so it should be replaced with WPA2 or WPA3 to enhance security.

99. How can companies prevent employees from connecting to unauthorized Wi-Fi networks?

A) Using Group Policy to disable Wi-Fi connections
B) Enforcing a VPN connection
C) Requiring WPA3 for all networks
D) Hiding SSIDs
✅ Answer: A) Using Group Policy to disable Wi-Fi connections
Explanation: Companies can use Group Policy or Mobile Device Management (MDM) tools to prevent employees from connecting to unauthorized networks.

100. What is the impact of Wi-Fi interference on security?

A) It makes Wi-Fi networks unhackable
B) It can cause connection instability and packet loss, making encryption less effective
C) It improves network speed
D) It increases the range of the access point
✅ Answer: B) It can cause connection instability and packet loss, making encryption less effective
Explanation: Wi-Fi interference can cause packet loss and connection drops, making networks more susceptible to MITM attacks.

101. How does Wi-Fi cloaking affect security?

A) It prevents all cyberattacks
B) It hides the SSID but does not prevent attackers from detecting the network
C) It increases internet speed
D) It prevents unauthorized access
✅ Answer: B) It hides the SSID but does not prevent attackers from detecting the network
Explanation: SSID cloaking does not fully secure a Wi-Fi network, as attackers can still detect hidden networks using sniffing tools.

102. Why is disabling remote management on a Wi-Fi router recommended?

A) It prevents brute-force attacks on the router’s admin panel
B) It increases Wi-Fi speed
C) It reduces internet usage
D) It prevents devices from connecting
✅ Answer: A) It prevents brute-force attacks on the router’s admin panel
Explanation: Remote management allows attackers to attempt brute-force attacks, so it should be disabled unless necessary.

103. What is a benefit of using network segmentation in Wi-Fi security?

A) It isolates guest devices from internal systems
B) It prevents deauthentication attacks
C) It improves Wi-Fi signal strength
D) It disables brute-force attacks
✅ Answer: A) It isolates guest devices from internal systems
Explanation: Network segmentation ensures guest users cannot access sensitive internal resources, reducing security risks.

104. What is the main weakness of WPA2 when compared to WPA3?

A) WPA2 is vulnerable to offline password cracking attacks
B) WPA2 encrypts data more effectively than WPA3
C) WPA2 prevents MAC spoofing
D) WPA2 has stronger encryption algorithms
✅ Answer: A) WPA2 is vulnerable to offline password cracking attacks
Explanation: WPA2-PSK is vulnerable to offline dictionary attacks, while WPA3 uses Simultaneous Authentication of Equals (SAE) to mitigate this risk.

105. Why should IoT devices be placed on a separate Wi-Fi network?

A) To prevent them from accessing critical business systems
B) To improve Wi-Fi speed
C) To increase their battery life
D) To reduce internet costs
✅ Answer: A) To prevent them from accessing critical business systems
Explanation: Many IoT devices have weak security, so isolating them prevents attackers from using them to compromise sensitive systems.

106. What is the primary function of a wireless intrusion prevention system (WIPS)?

A) It provides antivirus protection for Wi-Fi networks
B) It prevents unauthorized access points from connecting to the network
C) It hides the Wi-Fi SSID
D) It blocks all Wi-Fi traffic
✅ Answer: B) It prevents unauthorized access points from connecting to the network
Explanation: WIPS detects and blocks rogue access points, preventing unauthorized devices from infiltrating the network.

107. Why is it important to disable legacy Wi-Fi protocols (e.g., 802.11b) on modern networks?

A) They slow down overall network performance and have weaker security
B) They increase Wi-Fi speed
C) They allow for better encryption
D) They provide stronger authentication
✅ Answer: A) They slow down overall network performance and have weaker security
Explanation: Older protocols like 802.11b/g lack strong encryption and can introduce vulnerabilities to modern networks.

108. What is the primary risk of using an open Wi-Fi network?

A) High bandwidth consumption
B) Man-in-the-Middle (MITM) attacks and data interception
C) Limited device compatibility
D) Reduced network speed
✅ Answer: B) Man-in-the-Middle (MITM) attacks and data interception
Explanation: Open networks lack encryption, allowing attackers to intercept data and perform MITM attacks.

109. How can businesses secure their Wi-Fi networks against rogue access points?

A) Use a wireless intrusion prevention system (WIPS)
B) Disable MAC filtering
C) Reduce internet speed
D) Increase Wi-Fi signal strength
✅ Answer: A) Use a wireless intrusion prevention system (WIPS)
Explanation: WIPS detects and alerts administrators to unauthorized access points on the network.

110. What is a common attack that targets captive portals on public Wi-Fi networks?

A) DNS Spoofing
B) SQL Injection
C) Session Hijacking
D) Evil Twin Attack
✅ Answer: D) Evil Twin Attack
Explanation: Attackers create fake captive portals (Evil Twin attack) to steal credentials from unsuspecting users.

111. Why should users avoid connecting to free public Wi-Fi without a VPN?

A) It may be slower than a private network
B) It allows attackers to intercept unencrypted data
C) It prevents websites from loading
D) It disables network encryption
✅ Answer: B) It allows attackers to intercept unencrypted data
Explanation: Public Wi-Fi networks lack encryption, making them susceptible to MITM and sniffing attacks.

112. How can an attacker conduct a “Wi-Fi phishing” attack?

A) By sending phishing emails to users
B) By setting up a fake Wi-Fi hotspot that mimics a real network
C) By brute-forcing router passwords
D) By changing the Wi-Fi channel
✅ Answer: B) By setting up a fake Wi-Fi hotspot that mimics a real network
Explanation: Wi-Fi phishing involves creating a fake access point to trick users into entering their credentials.

113. What security measure helps protect against packet sniffing on a Wi-Fi network?

A) Using WEP encryption
B) Enabling WPA3 encryption
C) Increasing signal strength
D) Disabling MAC filtering
✅ Answer: B) Enabling WPA3 encryption
Explanation: WPA3 encrypts data at the frame level, making it more difficult for attackers to capture and decrypt traffic.

114. Why is WPA3 more secure than WPA2?

A) It disables encryption
B) It prevents brute-force attacks by using Simultaneous Authentication of Equals (SAE)
C) It has weaker security controls
D) It allows easy password recovery
✅ Answer: B) It prevents brute-force attacks by using Simultaneous Authentication of Equals (SAE)
Explanation: WPA3 introduces SAE, which provides stronger authentication and protection against offline attacks.

115. How can organizations prevent employees from using personal hotspots to bypass security controls?

A) Use a Mobile Device Management (MDM) solution to disable tethering
B) Change the SSID frequently
C) Enable WEP encryption
D) Use only 2.4 GHz networks
✅ Answer: A) Use a Mobile Device Management (MDM) solution to disable tethering
Explanation: MDM solutions can block personal hotspot usage, ensuring employees follow security policies.

116. What is the purpose of “Wi-Fi geofencing”?

A) To encrypt Wi-Fi data
B) To restrict access to a Wi-Fi network based on location
C) To increase bandwidth
D) To prevent MAC spoofing
✅ Answer: B) To restrict access to a Wi-Fi network based on location
Explanation: Wi-Fi geofencing ensures devices can only connect within a defined physical area, preventing unauthorized access.

117. What attack manipulates DNS responses to redirect Wi-Fi users to malicious websites?

A) MAC Spoofing
B) Evil Twin Attack
C) DNS Spoofing
D) Deauthentication Attack
✅ Answer: C) DNS Spoofing
Explanation: DNS Spoofing redirects victims to malicious websites by altering DNS responses, often on compromised Wi-Fi networks.

118. What feature of WPA3 protects users even if their Wi-Fi password is weak?

A) Opportunistic Wireless Encryption
B) Simultaneous Authentication of Equals (SAE)
C) WPS (Wi-Fi Protected Setup)
D) MAC Filtering
✅ Answer: B) Simultaneous Authentication of Equals (SAE)
Explanation: SAE provides better protection against password-guessing attacks, even when weak passwords are used.

119. Why is using default router credentials a major security risk?

A) Default credentials can be found online and used by attackers to gain control of the router
B) They increase Wi-Fi speed
C) They prevent malware infections
D) They allow users to connect more easily
✅ Answer: A) Default credentials can be found online and used by attackers to gain control of the router
Explanation: Hackers can easily find default login credentials online, making routers vulnerable if passwords are not changed.

120. How can Wi-Fi network segmentation enhance security?

A) It isolates different types of devices to prevent lateral movement in case of a breach
B) It increases internet speed
C) It hides the SSID
D) It prevents signal interference
✅ Answer: A) It isolates different types of devices to prevent lateral movement in case of a breach
Explanation: Segmenting Wi-Fi networks into different VLANs prevents attackers from accessing critical systems if a device is compromised.

121. What is the main purpose of enabling 802.11w on a Wi-Fi network?

A) To hide SSID broadcasts
B) To encrypt management frames and prevent deauthentication attacks
C) To allow multiple SSIDs on the same network
D) To disable MAC address filtering
✅ Answer: B) To encrypt management frames and prevent deauthentication attacks
Explanation: 802.11w (Protected Management Frames, PMF) prevents attackers from spoofing deauthentication and disassociation frames, improving Wi-Fi security.

122. What is the primary function of a Wi-Fi honeypot?

A) To track and study cybercriminal behavior
B) To increase Wi-Fi signal strength
C) To encrypt wireless traffic
D) To prevent MAC spoofing
✅ Answer: A) To track and study cybercriminal behavior
Explanation: A Wi-Fi honeypot is a fake access point used to attract and monitor attackers, helping security researchers study threats.

123. What security risk does Wi-Fi deauthentication introduce?

A) Allows an attacker to force users off a network
B) Increases network latency
C) Reduces battery life on devices
D) Disables WPA3 encryption
✅ Answer: A) Allows an attacker to force users off a network
Explanation: Deauthentication attacks are used in Evil Twin and WPA handshake capture attacks, forcing users to reconnect to a malicious AP.

124. How can attackers exploit weak SSID naming conventions?

A) By identifying default router names to find vulnerabilities
B) By preventing devices from connecting
C) By increasing signal interference
D) By blocking legitimate connections
✅ Answer: A) By identifying default router names to find vulnerabilities
Explanation: Attackers can recognize default SSIDs, such as those used by ISPs, to target specific routers with known exploits.

125. What is the benefit of using Wi-Fi Protected Access 3 (WPA3) over WPA2?

A) WPA3 provides forward secrecy, protecting past sessions even if credentials are compromised
B) WPA3 is faster
C) WPA3 allows open networks to use WEP encryption
D) WPA3 supports weaker passwords
✅ Answer: A) WPA3 provides forward secrecy, protecting past sessions even if credentials are compromised
Explanation: WPA3 introduces Forward Secrecy, ensuring that previous encrypted sessions remain secure even if a password is compromised later.

126. What is a common attack that targets Wi-Fi networks using a compromised DNS server?

A) DNS Poisoning
B) Deauthentication Attack
C) Signal Jamming
D) MAC Cloning
✅ Answer: A) DNS Poisoning
Explanation: DNS poisoning (or DNS spoofing) allows attackers to redirect users to malicious websites by tampering with DNS responses.

127. How does a “Wi-Fi jamming attack” affect a network?

A) It floods the network with interference, making devices unable to connect
B) It steals Wi-Fi passwords
C) It prevents packet encryption
D) It disables firewalls
✅ Answer: A) It floods the network with interference, making devices unable to connect
Explanation: Wi-Fi jamming floods radio frequencies, disrupting wireless communication and causing denial-of-service (DoS) conditions.

128. Why is disabling WPS (Wi-Fi Protected Setup) recommended?

A) WPS is vulnerable to brute-force attacks that can expose Wi-Fi credentials
B) WPS increases Wi-Fi range
C) WPS makes encryption stronger
D) WPS hides SSID names
✅ Answer: A) WPS is vulnerable to brute-force attacks that can expose Wi-Fi credentials
Explanation: Attackers can brute-force WPS PINs to retrieve WPA2 passphrases, making networks vulnerable to compromise.

129. How can attackers bypass Captive Portals on public Wi-Fi?

A) By using MAC address spoofing
B) By increasing signal strength
C) By using weak passwords
D) By enabling WPA3 encryption
✅ Answer: A) By using MAC address spoofing
Explanation: Some Captive Portals authenticate users based on MAC addresses, allowing attackers to spoof authorized devices.

130. What is an effective mitigation strategy for Evil Twin attacks?

A) Always verifying SSIDs before connecting and using a VPN
B) Using public Wi-Fi without authentication
C) Disabling encryption on open networks
D) Allowing guest access to sensitive data
✅ Answer: A) Always verifying SSIDs before connecting and using a VPN
Explanation: Evil Twin APs trick users into connecting, so verifying SSID legitimacy and encrypting traffic with a VPN helps prevent data interception.

131. What is the primary function of a Wi-Fi “whitelist”?

A) It allows only approved devices to connect
B) It hides the SSID from attackers
C) It prevents DNS spoofing
D) It increases bandwidth
✅ Answer: A) It allows only approved devices to connect
Explanation: A Wi-Fi whitelist restricts access to only authorized MAC addresses, but it can be bypassed using MAC spoofing.

132. What is the role of Transport Layer Security (TLS) in wireless security?

A) Encrypting web traffic to prevent eavesdropping
B) Increasing Wi-Fi range
C) Disabling unauthorized devices
D) Hiding SSIDs
✅ Answer: A) Encrypting web traffic to prevent eavesdropping
Explanation: TLS encrypts HTTPS web traffic, ensuring secure communication even on untrusted Wi-Fi networks.

133. How does Wi-Fi channel hopping improve security?

A) It makes it harder for attackers to track and target a network
B) It increases signal strength
C) It prevents brute-force attacks
D) It disables MAC address filtering
✅ Answer: A) It makes it harder for attackers to track and target a network
Explanation: Changing Wi-Fi channels dynamically can reduce the risk of signal interference and tracking by attackers.

134. Why should a VPN be used on public Wi-Fi?

A) It encrypts all internet traffic to prevent data interception
B) It increases Wi-Fi speed
C) It disables network encryption
D) It allows guest access to enterprise systems
✅ Answer: A) It encrypts all internet traffic to prevent data interception
Explanation: A VPN creates an encrypted tunnel, preventing MITM attacks and eavesdropping on public networks.

135. What attack leverages vulnerabilities in Bluetooth and Wi-Fi to hijack nearby devices?

A) BlueBorne Attack
B) SQL Injection
C) DNS Spoofing
D) MAC Filtering
✅ Answer: A) BlueBorne Attack
Explanation: BlueBorne attacks exploit Bluetooth and Wi-Fi vulnerabilities to remotely compromise devices without user interaction.

136. How does disabling SSID broadcasting improve security?

A) It prevents casual users from seeing the network
B) It encrypts Wi-Fi traffic
C) It prevents all hacking attempts
D) It speeds up internet connections
✅ Answer: A) It prevents casual users from seeing the network
Explanation: Disabling SSID broadcasting hides the network name, but attackers can still detect hidden networks using sniffing tools.

137. What is the primary purpose of Wi-Fi disassociation attacks?

A) To force a target device to disconnect from a network
B) To increase signal strength
C) To prevent MAC address spoofing
D) To improve encryption strength
✅ Answer: A) To force a target device to disconnect from a network
Explanation: In a Wi-Fi disassociation attack, attackers send malicious disassociation frames to disconnect devices from a Wi-Fi network.

138. What is a recommended security practice when setting up a Wi-Fi access point in a corporate environment?

A) Using WPA3-Enterprise with RADIUS authentication
B) Allowing open authentication
C) Using WEP for backward compatibility
D) Disabling encryption to improve speed
✅ Answer: A) Using WPA3-Enterprise with RADIUS authentication
Explanation: WPA3-Enterprise with RADIUS authentication ensures strong encryption and user authentication, reducing unauthorized access risks.

139. What type of attack occurs when an attacker captures and replays authentication packets to gain access to a Wi-Fi network?

A) Replay Attack
B) Brute-Force Attack
C) SQL Injection
D) DNS Spoofing
✅ Answer: A) Replay Attack
Explanation: In a Replay Attack, an attacker captures authentication packets and retransmits them to bypass authentication mechanisms.

140. What is the main advantage of using a separate VLAN for guest Wi-Fi networks?

A) It isolates guest traffic from the internal network
B) It increases Wi-Fi speed
C) It hides the SSID from attackers
D) It allows guests to access internal systems
✅ Answer: A) It isolates guest traffic from the internal network
Explanation: VLAN segmentation ensures that guest users cannot access internal resources, reducing security risks.

141. What is the main weakness of TKIP encryption in WPA2?

A) It is vulnerable to packet injection and replay attacks
B) It provides stronger security than AES
C) It supports only MAC address filtering
D) It hides SSIDs from attackers
✅ Answer: A) It is vulnerable to packet injection and replay attacks
Explanation: TKIP (Temporal Key Integrity Protocol) is less secure than AES, as it is vulnerable to replay attacks and packet injection.

142. How can Wi-Fi users detect an Evil Twin attack?

A) By checking for duplicate SSIDs with different MAC addresses
B) By increasing router signal strength
C) By using WEP encryption
D) By disabling MAC filtering
✅ Answer: A) By checking for duplicate SSIDs with different MAC addresses
Explanation: An Evil Twin attack involves creating a fake AP with the same SSID, so users can identify it by comparing MAC addresses.

143. What is the best practice for protecting against brute-force attacks on a Wi-Fi network?

A) Using a strong WPA3 passphrase
B) Using an open Wi-Fi network
C) Disabling all encryption
D) Allowing unlimited authentication attempts
✅ Answer: A) Using a strong WPA3 passphrase
Explanation: WPA3 uses Simultaneous Authentication of Equals (SAE), which protects against brute-force attacks and ensures strong authentication.

144. What is a Wi-Fi packet sniffing attack?

A) Capturing and analyzing network traffic to gather sensitive data
B) Increasing the Wi-Fi signal range
C) Blocking MAC addresses
D) Disabling WPS
✅ Answer: A) Capturing and analyzing network traffic to gather sensitive data
Explanation: Packet sniffing tools like Wireshark allow attackers to intercept and analyze Wi-Fi traffic, potentially stealing sensitive information.

145. What is the purpose of a Wi-Fi firewall?

A) To filter and block unauthorized incoming and outgoing traffic
B) To increase Wi-Fi speed
C) To disable encryption
D) To prevent signal interference
✅ Answer: A) To filter and block unauthorized incoming and outgoing traffic
Explanation: Wi-Fi firewalls protect against unauthorized access by filtering traffic and enforcing security policies.

146. How does WPA3 protect against offline password cracking attacks?

A) By using Simultaneous Authentication of Equals (SAE) instead of PSK
B) By increasing router signal strength
C) By allowing weaker passwords
D) By hiding SSIDs
✅ Answer: A) By using Simultaneous Authentication of Equals (SAE) instead of PSK
Explanation: SAE in WPA3 prevents offline dictionary attacks, making it much harder for attackers to brute-force Wi-Fi passwords.

147. What is the benefit of enabling MAC address randomization on devices?

A) It prevents device tracking across different Wi-Fi networks
B) It increases Wi-Fi speed
C) It blocks malware infections
D) It disables WPA3 encryption
✅ Answer: A) It prevents device tracking across different Wi-Fi networks
Explanation: MAC randomization changes a device’s MAC address periodically, preventing tracking by public Wi-Fi networks and advertisers.

148. How can an attacker exploit weak WPA2-PSK passwords?

A) By capturing the WPA2 handshake and performing offline brute-force attacks
B) By sending deauthentication packets
C) By using DNS spoofing
D) By disabling SSID broadcasts
✅ Answer: A) By capturing the WPA2 handshake and performing offline brute-force attacks
Explanation: Attackers capture the WPA2 handshake and use brute-force or dictionary attacks to crack weak passwords.

149. What is the purpose of disabling DHCP on a Wi-Fi network?

A) To prevent unauthorized devices from automatically receiving an IP address
B) To increase internet speed
C) To improve Wi-Fi encryption
D) To allow unlimited connections
✅ Answer: A) To prevent unauthorized devices from automatically receiving an IP address
Explanation: Disabling DHCP requires manual IP assignment, making it harder for unauthorized devices to connect.

150. Why is using a VPN recommended when connected to public Wi-Fi?

A) It encrypts all internet traffic, preventing eavesdropping
B) It increases Wi-Fi range
C) It allows unlimited bandwidth usage
D) It blocks Wi-Fi signal interference
✅ Answer: A) It encrypts all internet traffic, preventing eavesdropping
Explanation: A VPN encrypts data traffic, preventing attackers from intercepting or modifying user activity on unsecured public Wi-Fi networks.

151. What is the primary purpose of 802.1X authentication in wireless security?

A) To provide centralized authentication using RADIUS
B) To increase Wi-Fi signal strength
C) To encrypt management frames
D) To prevent MAC address spoofing
✅ Answer: A) To provide centralized authentication using RADIUS
Explanation: 802.1X authentication is commonly used in WPA2/WPA3-Enterprise networks to enforce authentication via a RADIUS server.

152. How does Opportunistic Wireless Encryption (OWE) improve security on open Wi-Fi networks?

A) It encrypts traffic even without a password
B) It hides the SSID from attackers
C) It prevents network congestion
D) It blocks unauthorized devices
✅ Answer: A) It encrypts traffic even without a password
Explanation: OWE (Opportunistic Wireless Encryption) provides encryption for open Wi-Fi networks, preventing passive eavesdropping.

153. What is a key reason why default router passwords should be changed immediately?

A) Default credentials are publicly available and easily exploited
B) They increase internet speed
C) They prevent deauthentication attacks
D) They disable unauthorized Wi-Fi connections
✅ Answer: A) Default credentials are publicly available and easily exploited
Explanation: Attackers often use default passwords to access router admin panels, making changing them a critical security measure.

154. What is the main function of a Wi-Fi range extender?

A) It boosts Wi-Fi signals but does not improve security
B) It encrypts Wi-Fi traffic
C) It prevents brute-force attacks
D) It blocks unauthorized access
✅ Answer: A) It boosts Wi-Fi signals but does not improve security
Explanation: Wi-Fi range extenders amplify signals, but they do not enhance security and may introduce additional attack vectors if not properly configured.

155. How can an attacker perform a Rogue DHCP attack on a Wi-Fi network?

A) By setting up a malicious DHCP server to assign incorrect IP configurations
B) By using a brute-force attack on the router
C) By increasing the Wi-Fi signal range
D) By blocking legitimate MAC addresses
✅ Answer: A) By setting up a malicious DHCP server to assign incorrect IP configurations
Explanation: A Rogue DHCP attack redirects users to malicious gateways, enabling MITM (Man-in-the-Middle) attacks.

156. Why should businesses disable SSID broadcasting for internal networks?

A) To prevent casual discovery of the network
B) To encrypt all traffic
C) To increase Wi-Fi speed
D) To prevent signal interference
✅ Answer: A) To prevent casual discovery of the network
Explanation: Disabling SSID broadcasting hides the network from casual users, though it does not stop skilled attackers from detecting it.

157. What is a Wi-Fi beacon frame?

A) A management frame that advertises the presence of an access point
B) An encrypted data frame
C) A security feature in WPA3
D) A frame used for deauthentication attacks
✅ Answer: A) A management frame that advertises the presence of an access point
Explanation: Beacon frames are sent periodically by an access point (AP) to announce its SSID and capabilities.

158. What attack exploits weak Wi-Fi handshakes to gain network access?

A) WPA2 Handshake Capture & Cracking
B) DNS Spoofing
C) MAC Flooding
D) SQL Injection
✅ Answer: A) WPA2 Handshake Capture & Cracking
Explanation: Attackers capture WPA2 handshakes and use brute-force or dictionary attacks to crack the Wi-Fi password.

159. How does a DNS Sinkhole protect Wi-Fi users?

A) It redirects malicious requests to a safe location
B) It encrypts all Wi-Fi traffic
C) It disables all non-HTTPS traffic
D) It increases the Wi-Fi signal range
✅ Answer: A) It redirects malicious requests to a safe location
Explanation: DNS Sinkholes help block access to known malicious domains by redirecting DNS queries to a safe address.

160. What is the purpose of Dynamic Frequency Selection (DFS) in Wi-Fi?

A) To avoid interference with radar signals in 5 GHz bands
B) To encrypt Wi-Fi packets
C) To disable SSID broadcasting
D) To prevent deauthentication attacks
✅ Answer: A) To avoid interference with radar signals in 5 GHz bands
Explanation: DFS ensures Wi-Fi devices avoid radar frequencies, reducing interference and maintaining compliance with regulations.

161. What is the benefit of using Private Address Mode on mobile devices?

A) It prevents Wi-Fi tracking by randomizing MAC addresses
B) It increases battery life
C) It disables network encryption
D) It speeds up internet connections
✅ Answer: A) It prevents Wi-Fi tracking by randomizing MAC addresses
Explanation: Private Address Mode helps protect user privacy by randomizing MAC addresses when connecting to different networks.

162. What is the primary risk of using a shared WPA2-PSK password in businesses?

A) Employees leaving the company can still access the network
B) It prevents network congestion
C) It increases Wi-Fi signal strength
D) It blocks unauthorized connections
✅ Answer: A) Employees leaving the company can still access the network
Explanation: Shared WPA2-PSK passwords do not provide individual user authentication, making them a security risk in enterprise environments.

163. What is the role of a Wi-Fi sandbox in security testing?

A) To isolate and analyze suspicious Wi-Fi behavior
B) To increase encryption strength
C) To block all unknown devices
D) To speed up Wi-Fi connections
✅ Answer: A) To isolate and analyze suspicious Wi-Fi behavior
Explanation: Wi-Fi sandboxes allow security teams to test and analyze Wi-Fi threats in a controlled environment.

164. How does IEEE 802.11ac differ from 802.11n in security?

A) It requires WPA3 encryption by default
B) It offers better resistance to interference but does not improve encryption
C) It blocks MAC spoofing
D) It disables WPS
✅ Answer: B) It offers better resistance to interference but does not improve encryption
Explanation: 802.11ac improves Wi-Fi performance but does not inherently improve encryption; security still depends on WPA3 or WPA2.

165. What security measure helps protect against Side-Channel Attacks on Wi-Fi networks?

A) Using WPA3 with strong encryption
B) Disabling SSID broadcasting
C) Increasing Wi-Fi signal strength
D) Enabling DHCP
✅ Answer: A) Using WPA3 with strong encryption
Explanation: Side-channel attacks analyze timing and signal variations, and strong WPA3 encryption reduces information leakage.

166. What is the primary risk of using Wi-Fi repeaters in a network?

A) They introduce additional attack surfaces if not secured properly
B) They increase internet speed beyond ISP limits
C) They prevent deauthentication attacks
D) They block MAC spoofing attacks
✅ Answer: A) They introduce additional attack surfaces if not secured properly
Explanation: Wi-Fi repeaters can become security vulnerabilities if not configured with strong encryption or if left with default credentials.

167. How does Wi-Fi Protected Access 3 (WPA3) handle offline dictionary attacks differently than WPA2?

A) It uses Simultaneous Authentication of Equals (SAE) instead of Pre-Shared Key (PSK)
B) It encrypts passwords using WEP
C) It allows open networks to function without encryption
D) It requires MAC filtering by default
✅ Answer: A) It uses Simultaneous Authentication of Equals (SAE) instead of Pre-Shared Key (PSK)
Explanation: SAE in WPA3 makes brute-force dictionary attacks more difficult, unlike WPA2-PSK, which can be cracked offline.

168. What attack allows an adversary to force a victim to connect to a malicious Wi-Fi network?

A) Karma Attack
B) MAC Spoofing
C) DNS Hijacking
D) SQL Injection
✅ Answer: A) Karma Attack
Explanation: Karma attacks trick devices into automatically connecting to rogue access points by exploiting their preferred network list (PNL).

169. How does Wi-Fi signal triangulation work?

A) By measuring the signal strength from multiple access points
B) By encrypting packets with WPA3
C) By disabling SSID broadcasts
D) By blocking unauthorized connections
✅ Answer: A) By measuring the signal strength from multiple access points
Explanation: Wi-Fi triangulation estimates a device’s location by analyzing signal strength from multiple APs.

170. What does the term “Wardriving” refer to in wireless security?

A) Searching for and mapping open Wi-Fi networks while driving
B) Brute-force attacking Wi-Fi passwords
C) Disabling SSID broadcasting
D) Blocking unauthorized devices
✅ Answer: A) Searching for and mapping open Wi-Fi networks while driving
Explanation: Wardriving involves scanning for Wi-Fi networks while moving, often to identify open or poorly secured networks.

171. What is the function of Wi-Fi QoS (Quality of Service)?

A) To prioritize certain types of network traffic
B) To block unauthorized access points
C) To encrypt network packets
D) To prevent deauthentication attacks
✅ Answer: A) To prioritize certain types of network traffic
Explanation: Wi-Fi QoS prioritizes bandwidth usage for critical applications (e.g., VoIP, gaming, video streaming).

172. How can Wi-Fi phishing attacks be detected?

A) By checking for duplicate SSIDs with different BSSID addresses
B) By increasing Wi-Fi signal strength
C) By enabling MAC filtering
D) By using WEP encryption
✅ Answer: A) By checking for duplicate SSIDs with different BSSID addresses
Explanation: Attackers clone legitimate Wi-Fi networks to steal credentials, which can be detected by analyzing MAC addresses (BSSIDs).

173. What does the “KRACK” attack exploit in Wi-Fi networks?

A) A vulnerability in WPA2’s 4-way handshake
B) Weak passwords in WPA3
C) Default SSID names
D) DHCP misconfigurations
✅ Answer: A) A vulnerability in WPA2’s 4-way handshake
Explanation: KRACK (Key Reinstallation Attack) exploits weaknesses in WPA2’s key exchange process, allowing attackers to decrypt traffic.

174. What is the purpose of using VLANs for Wi-Fi segmentation?

A) To separate network traffic and reduce attack exposure
B) To hide the SSID from attackers
C) To improve signal strength
D) To allow MAC spoofing protection
✅ Answer: A) To separate network traffic and reduce attack exposure
Explanation: VLANs help isolate sensitive network segments, preventing lateral movement of attacks across different devices.

175. How does Wi-Fi Adaptive Frequency Hopping (AFH) improve security?

A) It reduces the risk of jamming attacks by switching channels dynamically
B) It encrypts all packets
C) It blocks deauthentication attacks
D) It prevents Wi-Fi brute-force attacks
✅ Answer: A) It reduces the risk of jamming attacks by switching channels dynamically
Explanation: AFH dynamically changes channels, making it harder for attackers to jam or interfere with communication.

176. What is the primary goal of an SSID Spoofing attack?

A) To trick users into connecting to a malicious Wi-Fi network
B) To prevent Wi-Fi devices from connecting
C) To block WPA3 encryption
D) To slow down internet speed
✅ Answer: A) To trick users into connecting to a malicious Wi-Fi network
Explanation: SSID spoofing is used in Evil Twin attacks, where attackers imitate legitimate networks to steal credentials.

177. What is a possible security risk of using a Wi-Fi mesh network?

A) If one node is compromised, the whole network can be affected
B) It prevents brute-force attacks
C) It automatically encrypts all traffic
D) It disables unauthorized access points
✅ Answer: A) If one node is compromised, the whole network can be affected
Explanation: A compromised mesh node could allow attackers to intercept traffic and move laterally across the network.

178. What is the primary advantage of using Transport Layer Security (TLS) in wireless communications?

A) It encrypts data to prevent eavesdropping
B) It increases Wi-Fi range
C) It hides SSIDs from attackers
D) It speeds up data transfer rates
✅ Answer: A) It encrypts data to prevent eavesdropping
Explanation: TLS encrypts HTTPS traffic, ensuring data privacy even on untrusted Wi-Fi networks.

179. What is a “Deauth Attack” in Wi-Fi security?

A) An attack that forces devices off a network by sending deauthentication frames
B) An attack that increases Wi-Fi range
C) A brute-force attack on WPA3
D) A method for encrypting Wi-Fi packets
✅ Answer: A) An attack that forces devices off a network by sending deauthentication frames
Explanation: Deauth attacks force users to disconnect from the network, often used for WPA handshake capture or Evil Twin attacks.

180. How can organizations prevent employees from connecting to unauthorized Wi-Fi networks?

A) Using a Mobile Device Management (MDM) policy to restrict network connections
B) Increasing Wi-Fi signal strength
C) Disabling SSID broadcasting
D) Allowing only 2.4 GHz networks
✅ Answer: A) Using a Mobile Device Management (MDM) policy to restrict network connections
Explanation: MDM solutions can enforce security policies, preventing devices from connecting to unauthorized or insecure networks.

181. What is the primary goal of a Wi-Fi honeypot?

A) To attract and monitor attackers attempting to exploit wireless networks
B) To encrypt all network traffic
C) To prevent MAC address spoofing
D) To increase the range of the Wi-Fi signal
✅ Answer: A) To attract and monitor attackers attempting to exploit wireless networks
Explanation: Wi-Fi honeypots are designed to lure cybercriminals, allowing security teams to study attack techniques and improve defenses.

182. What is the risk of allowing guest devices on the same Wi-Fi network as internal resources?

A) Guests could gain unauthorized access to sensitive data
B) It increases Wi-Fi speed
C) It blocks brute-force attacks
D) It improves WPA3 security
✅ Answer: A) Guests could gain unauthorized access to sensitive data
Explanation: Unsegregated guest networks pose a security risk because unauthorized users may access internal systems.

183. Which Wi-Fi security protocol is most resistant to brute-force attacks?

A) WPA3
B) WPA2-PSK
C) WEP
D) WPA-TKIP
✅ Answer: A) WPA3
Explanation: WPA3 uses Simultaneous Authentication of Equals (SAE), making it far more resistant to brute-force attacks than WPA2.

184. How does DNS-over-HTTPS (DoH) enhance Wi-Fi security?

A) It encrypts DNS requests to prevent eavesdropping and MITM attacks
B) It hides the SSID from attackers
C) It increases network bandwidth
D) It blocks MAC address spoofing
✅ Answer: A) It encrypts DNS requests to prevent eavesdropping and MITM attacks
Explanation: DoH ensures that DNS queries remain encrypted, protecting users from DNS hijacking and MITM attacks.

185. What is the main security concern with public Wi-Fi networks?

A) Lack of encryption, making it easy for attackers to intercept traffic
B) They have lower bandwidth
C) They limit the number of devices that can connect
D) They always require authentication
✅ Answer: A) Lack of encryption, making it easy for attackers to intercept traffic
Explanation: Public Wi-Fi networks are often unencrypted, making users vulnerable to eavesdropping and MITM attacks.

186. What is a common countermeasure for preventing Evil Twin attacks?

A) Verifying the SSID and using a VPN
B) Increasing router power output
C) Using WEP encryption
D) Disabling SSID broadcasting
✅ Answer: A) Verifying the SSID and using a VPN
Explanation: Evil Twin attacks involve fake APs, so verifying SSIDs and encrypting traffic using a VPN help protect against them.

187. What is the main security risk of leaving Wi-Fi open with no encryption?

A) Attackers can intercept and manipulate network traffic
B) It reduces internet speed
C) It improves range for all users
D) It prevents brute-force attacks
✅ Answer: A) Attackers can intercept and manipulate network traffic
Explanation: Open Wi-Fi allows attackers to sniff and manipulate unencrypted data, making it a significant security risk.

188. How does WPA3-Personal differ from WPA2-Personal?

A) WPA3 uses Simultaneous Authentication of Equals (SAE) instead of Pre-Shared Key (PSK)
B) WPA3 uses WEP for encryption
C) WPA3 does not require a password
D) WPA3 provides lower security than WPA2
✅ Answer: A) WPA3 uses Simultaneous Authentication of Equals (SAE) instead of Pre-Shared Key (PSK)
Explanation: SAE in WPA3 prevents offline brute-force attacks, offering improved security over WPA2-PSK.

189. What is the purpose of the EAP (Extensible Authentication Protocol) in Wi-Fi security?

A) To provide flexible authentication options in WPA-Enterprise networks
B) To encrypt all wireless packets
C) To increase Wi-Fi signal strength
D) To prevent MAC address spoofing
✅ Answer: A) To provide flexible authentication options in WPA-Enterprise networks
Explanation: EAP is used in enterprise Wi-Fi security to provide various authentication methods like certificates, tokens, and passwords.

190. How can attackers perform a Wi-Fi pineapple attack?

A) By setting up a rogue access point to capture user data
B) By disabling SSID broadcasting
C) By increasing Wi-Fi signal strength
D) By encrypting traffic with WPA3
✅ Answer: A) By setting up a rogue access point to capture user data
Explanation: A Wi-Fi Pineapple is a penetration testing tool used to create rogue access points and intercept traffic.

191. Why is using weak WPA2 passphrases a security risk?

A) They can be cracked using dictionary or brute-force attacks
B) They reduce Wi-Fi speed
C) They prevent deauthentication attacks
D) They increase signal strength
✅ Answer: A) They can be cracked using dictionary or brute-force attacks
Explanation: Weak WPA2 passwords can be brute-forced once an attacker captures a WPA2 handshake.

192. What is a recommended setting for guest Wi-Fi networks?

A) Isolating guest devices from the internal network using VLANs
B) Using the same SSID as the main network
C) Allowing unrestricted access to all internal resources
D) Disabling encryption for easy access
✅ Answer: A) Isolating guest devices from the internal network using VLANs
Explanation: Guest Wi-Fi should be isolated using VLANs to prevent unauthorized access to internal resources.

193. What does a Wi-Fi Captive Portal do?

A) Requires users to authenticate before accessing the internet
B) Encrypts Wi-Fi traffic
C) Prevents brute-force attacks
D) Increases internet speed
✅ Answer: A) Requires users to authenticate before accessing the internet
Explanation: Captive portals are commonly used in public Wi-Fi to authenticate users and enforce access policies.

194. What attack exploits WPS PIN brute-force vulnerabilities?

A) Reaver Attack
B) Karma Attack
C) DNS Spoofing
D) SQL Injection
✅ Answer: A) Reaver Attack
Explanation: Reaver exploits WPS vulnerabilities, allowing attackers to brute-force WPS PINs and retrieve WPA/WPA2 keys.

195. What is a common security risk with using IoT devices on Wi-Fi?

A) They may lack strong encryption and be vulnerable to attacks
B) They prevent brute-force attacks
C) They increase network speed
D) They provide stronger encryption than WPA3
✅ Answer: A) They may lack strong encryption and be vulnerable to attacks
Explanation: Many IoT devices lack strong security controls, making them an easy target for attackers.

195. What is the main advantage of WPA3-Enterprise over WPA2-Enterprise?

A) It provides stronger encryption and enhanced authentication methods
B) It uses WEP for legacy compatibility
C) It requires no password for authentication
D) It disables VLAN segmentation
✅ Answer: A) It provides stronger encryption and enhanced authentication methods
Explanation: WPA3-Enterprise enhances security by introducing 256-bit encryption and improved authentication mechanisms over WPA2-Enterprise.

196. How can businesses prevent employees from connecting to personal hotspots for internet access?

A) Using Mobile Device Management (MDM) policies to block unauthorized networks
B) Increasing the Wi-Fi signal strength
C) Disabling SSID broadcasting
D) Allowing only 2.4 GHz networks
✅ Answer: A) Using Mobile Device Management (MDM) policies to block unauthorized networks
Explanation: MDM policies can restrict corporate devices from connecting to unauthorized Wi-Fi networks, preventing security risks.

197. What type of attack exploits the use of a compromised Wi-Fi router to redirect users to malicious websites?

A) DNS Hijacking
B) Deauthentication Attack
C) MAC Spoofing
D) Signal Jamming
✅ Answer: A) DNS Hijacking
Explanation: DNS hijacking allows attackers to modify DNS settings, redirecting users to phishing or malicious websites.

198. Why is using an open Wi-Fi network without a VPN risky?

A) Traffic is unencrypted, allowing attackers to intercept sensitive data
B) It reduces Wi-Fi range
C) It disables brute-force protection
D) It prevents MAC address spoofing
✅ Answer: A) Traffic is unencrypted, allowing attackers to intercept sensitive data
Explanation: Open Wi-Fi networks do not encrypt traffic, making users vulnerable to Man-in-the-Middle (MITM) and packet sniffing attacks.

199. What does a Wi-Fi jammer do?

A) It disrupts wireless signals, preventing devices from connecting
B) It encrypts traffic for security
C) It increases network speed
D) It blocks brute-force attacks
✅ Answer: A) It disrupts wireless signals, preventing devices from connecting
Explanation: Wi-Fi jamming involves flooding radio frequencies to disrupt communication and cause denial-of-service (DoS) attacks.

200. What is a major risk of using outdated firmware on a Wi-Fi router?

A) Vulnerabilities may be exploited by attackers
B) It increases Wi-Fi speed
C) It prevents unauthorized access
D) It automatically blocks malware
✅ Answer: A) Vulnerabilities may be exploited by attackers
Explanation: Outdated firmware can have security vulnerabilities, which attackers exploit to gain unauthorized access to networks.

201. What does a Wi-Fi deauthentication attack typically target?

A) Wireless clients, forcing them to disconnect
B) Encryption settings on a router
C) The range of Wi-Fi signals
D) The number of connected devices
✅ Answer: A) Wireless clients, forcing them to disconnect
Explanation: Deauthentication attacks exploit the 802.11 protocol to force clients off a Wi-Fi network, often for eavesdropping or phishing.

202. How can businesses protect against Rogue APs (unauthorized access points)?

A) Using a Wireless Intrusion Prevention System (WIPS)
B) Disabling SSID broadcasting
C) Increasing firewall logging
D) Reducing Wi-Fi signal strength
✅ Answer: A) Using a Wireless Intrusion Prevention System (WIPS)
Explanation: WIPS monitors and detects unauthorized access points, preventing Rogue AP attacks in corporate environments.

203. What does the term “Wi-Fi snooping” refer to?

A) Capturing and analyzing unencrypted network traffic
B) Hiding the SSID from attackers
C) Increasing Wi-Fi range
D) Preventing unauthorized devices from connecting
✅ Answer: A) Capturing and analyzing unencrypted network traffic
Explanation: Wi-Fi snooping occurs when attackers capture and inspect unencrypted traffic to steal sensitive information.

204. Why should a WPA2/WPA3 password be at least 16 characters long?

A) To make it resistant to brute-force and dictionary attacks
B) To increase network bandwidth
C) To disable deauthentication attacks
D) To improve signal strength
✅ Answer: A) To make it resistant to brute-force and dictionary attacks
Explanation: Longer, complex passwords are significantly harder to crack, reducing the risk of brute-force attacks.

205. What security risk is associated with default SSIDs?

A) Attackers can easily determine the router manufacturer and exploit known vulnerabilities
B) It prevents unauthorized users from connecting
C) It increases Wi-Fi performance
D) It improves encryption strength
✅ Answer: A) Attackers can easily determine the router manufacturer and exploit known vulnerabilities
Explanation: Default SSIDs often reveal router brands, allowing attackers to target known vulnerabilities specific to those devices.

206. How does using 5 GHz Wi-Fi improve security over 2.4 GHz?

A) It reduces interference, making attacks like jamming less effective
B) It provides automatic encryption
C) It prevents DNS hijacking
D) It blocks unauthorized MAC addresses
✅ Answer: A) It reduces interference, making attacks like jamming less effective
Explanation: 5 GHz Wi-Fi has more available channels, reducing interference and making targeted jamming attacks more difficult.

207. What attack method involves intercepting and modifying Wi-Fi traffic without the victim’s knowledge?

A) Man-in-the-Middle (MITM) Attack
B) MAC Spoofing
C) SQL Injection
D) Rogue DHCP Attack
✅ Answer: A) Man-in-the-Middle (MITM) Attack
Explanation: MITM attacks allow attackers to eavesdrop, modify, and manipulate network traffic between users and access points.

208. What security mechanism can prevent Wi-Fi brute-force attacks?

A) Using WPA3 with Simultaneous Authentication of Equals (SAE)
B) Disabling SSID broadcasting
C) Using WEP encryption
D) Reducing Wi-Fi power output
✅ Answer: A) Using WPA3 with Simultaneous Authentication of Equals (SAE)
Explanation: SAE in WPA3 prevents offline password cracking attempts, making brute-force attacks significantly harder.

209. What is a common vulnerability in many IoT devices that connect to Wi-Fi?

A) Use of default credentials and weak encryption
B) Too much power consumption
C) Increased network latency
D) Support only for 2.4 GHz networks
✅ Answer: A) Use of default credentials and weak encryption
Explanation: Many IoT devices lack strong security by using default passwords and weak encryption, making them easy targets for attackers.

210. Why is disabling Universal Plug and Play (UPnP) on a Wi-Fi router recommended?

A) It prevents automatic port forwarding, reducing attack risks
B) It increases internet speed
C) It hides SSID from attackers
D) It prevents MAC spoofing
✅ Answer: A) It prevents automatic port forwarding, reducing attack risks
Explanation: UPnP can be abused by malware to open router ports automatically, leading to potential remote exploitation.

Wireless Security – Protecting Wi-Fi Networks – MCQ Questions

1. Which encryption protocol is considered the most secure for Wi-Fi networks?

2. What is the main vulnerability of WEP (Wired Equivalent Privacy)?

3. Which attack involves an attacker setting up a rogue Wi-Fi network with a similar name to a legitimate one?

4. How does MAC address filtering enhance Wi-Fi security?

5. What is the recommended security measure for protecting a home Wi-Fi network?

6. What is the function of a deauthentication attack in Wi-Fi hacking?

7. Which tool is commonly used for Wi-Fi penetration testing?

8. Why is disabling SSID broadcasting not a foolproof security measure?

9. What is the recommended minimum character length for a WPA2/WPA3 passphrase?

10. What is a common method attackers use to crack WPA2-PSK passwords?

11. What is the best practice for securing guest Wi-Fi networks?

12. What is Wi-Fi Protected Setup (WPS) vulnerable to?

13. What type of attack can occur if a public Wi-Fi network is not encrypted?

14. Which protocol is used for secure remote access over a Wi-Fi network?

15. What is the primary security concern with using public Wi-Fi?

16. What is a common security risk of using an open Wi-Fi network?

17. What is the best way to prevent unauthorized access to a Wi-Fi router’s admin panel?

18. How can an attacker perform a deauthentication attack?

19. What is the function of a wireless intrusion detection system (WIDS)?

20. What is the primary purpose of a captive portal in Wi-Fi security?

21. What is the recommended setting for WPS (Wi-Fi Protected Setup) on routers?

22. Which Wi-Fi authentication method provides the highest level of security?

23. What is a key advantage of using 802.1X authentication in Wi-Fi networks?

24. Which wireless attack involves capturing encrypted packets and attempting to decrypt them offline?

25. How can an organization prevent rogue access points from being installed in their network?

26. What is the purpose of Wi-Fi geofencing?

27. Which attack exploits Wi-Fi signals that extend beyond secure locations?

28. What is one way to mitigate a Wi-Fi jamming attack?

29. What does a VPN (Virtual Private Network) do when connected to a public Wi-Fi network?

30. What is the recommended action if a Wi-Fi network is suspected to be malicious?

31. What is the main function of an Evil Twin attack?

32. What is the purpose of setting up a guest Wi-Fi network separately from the main network?

33. Which type of Wi-Fi encryption is no longer recommended due to severe vulnerabilities?

34. Which tool is commonly used for detecting rogue Wi-Fi networks?

35. What is a key difference between WPA2-PSK and WPA2-Enterprise?

36. What is a common method used to secure IoT devices on a Wi-Fi network?

37. How does a Wi-Fi honeypot work?

38. Which Wi-Fi security feature prevents a device from connecting to an unauthorized access point?

39. What is one way to detect a Wi-Fi Evil Twin attack?

40. Why should you disable UPnP (Universal Plug and Play) on a Wi-Fi router?

41. What is the recommended action if a company detects an unauthorized access point on its network?

42. How does enabling 802.11w improve Wi-Fi security?

43. What is the purpose of a VPN on a public Wi-Fi network?

44. Which authentication method is used by WPA3-Personal?

45. What is the purpose of using a RADIUS server in enterprise Wi-Fi security?

46. What is the primary function of a Wi-Fi kill switch in security settings?

47. How can you detect unauthorized Wi-Fi devices on a network?

48. Which of the following is NOT a recommended security measure for home Wi-Fi?

49. What does “Wi-Fi 6” (802.11ax) improve in terms of security?

50. Why is it important to regularly update router firmware?

51. What does the KRACK (Key Reinstallation Attack) exploit?

52. What is the primary goal of Wi-Fi fingerprinting?

53. What is the purpose of an SSID cloaking feature?

54. Why is using a default router SSID a security risk?

55. What is the main risk of using an outdated Wi-Fi encryption protocol?

56. How can network segmentation improve Wi-Fi security?

57. What is one way to mitigate brute-force attacks against a Wi-Fi network?

58. What is the primary risk of allowing IoT devices to connect to a main Wi-Fi network?

59. What technique is used to prevent Wi-Fi packet sniffing?

60. What is an effective countermeasure against Wi-Fi signal jamming?

61. What is the primary security risk of using public Wi-Fi hotspots?

62. How can users protect their data while using public Wi-Fi?

63. Which attack allows an adversary to impersonate a legitimate Wi-Fi access point?

64. What is Wi-Fi deauthentication used for in hacking?

65. What is an effective way to prevent Wi-Fi brute-force attacks?

66. What is the purpose of implementing RADIUS authentication in enterprise Wi-Fi networks?

67. What is a common method to detect rogue access points?

68. How can companies prevent Wi-Fi sniffing on their networks?

69. Why is using HTTPS important on Wi-Fi networks?

70. How can you prevent an attacker from accessing your router settings?

71. Which Wi-Fi security feature encrypts management frames to prevent deauthentication attacks?

72. What is the function of a captive portal on a Wi-Fi network?

73. What is the main risk of using default SSIDs on a Wi-Fi network?

74. What is the main benefit of using MAC address randomization?

75. Which attack exploits the reinstallation of encryption keys in WPA2?

76. Why should UPnP (Universal Plug and Play) be disabled on a Wi-Fi router?

77. What is the recommended action when detecting a suspicious Wi-Fi network?

78. What is the primary function of Wi-Fi Protected Management Frames (PMF)?

79. How can an attacker exploit weak Wi-Fi encryption?