Wi-Fi(802.11) interview questions and answers set – 1
Here I will share common WLAN interview questions asked in product based and service based companies. Then I will add answer for each question through any post or directly here. So keep following this post ☺.
Demo Video:
| A. ♦♦♦♦ WLAN Basic ♦♦♦♦ | ||
| No | Question | Answer / Post Link |
| 1 | How many IFSs are there? Where can we use these? Which IFS is the shortest? Which IFS is variable? | ♣ There are 6 IFSs are there. RIFS, SIFS, PIFS, DIFS, AIFS, EIFS. ♣ In short => RIFS: 11n, SIFS: Between Data and ACK, PIFS: Urgent frame transmission, AIFS: WMM enabled client, EIFS: For Retransmitted]. ♣ RIFS->2us. ♣ AIFS->Depends on AIFSN. ♠ For detailed explanation : IFS |
| 2 | Explain CSMA/CA method. | Link |
| 3 | What is Cwmin and Cwmax ? Explain. | Link |
| 4 | What is slot time? Where it is used? | TBD |
| 5 | What is random backoff number? | TBD |
| 6 | Explain frame exchanges for WLAN open security and WPA2 connection. | TBD |
| 7 | Explain frame exchanges between WEP open vs WEP shared security mechanism. | TBD |
| B. ♦♦♦♦ WLAN SCAN ♦♦♦♦ | ||
| No | Question | Answer |
| 1 | What is active and passive scanning | Link |
| 2 | Advantage and disadvantage of active and passive scan. | Link |
| 3 | Which scan is better? Why? | Link |
| 4 | What is the waiting time for each channel for Active and Passive scan? | Maximum and Minimum waiting time for each channel for scanning are defined by “MaxChannelTime[TU]” and “MinChannelTime[TU]” parameter respectively. Waiting time may vary from vendor to vendor implementation. For Active Scanning: MinChannelTime = 0.67 ms [MinChannelTime >= DIF S + CW ∗ aSlotT ime = 50 µsec + 31 * 20 µsec = 670 µsec = 0.67ms] MaxChannelTime = 15 ms For Passive Scanning : MinChannelTime will be > 100TU [As default beacon interval is 100TU for APs] |
| 5 | What is background scan? | ♣ When STA is connected to AP and STA wants to scan, the STA sends null frame with PM=1 to AP. Then STA does Active/Passive scan on other channel. Then STA comes back to original channel [Connected AP channel] and sends null frame with PM=0 to AP. Example: This type of scan observed at the time of Roaming. |
| C. ♦♦♦♦ Security ♦♦♦♦ | ||
| No | Question | Answer / Post Link |
| 1 | When you enter wrong password, in which stage of 4-way handshake fails for personal security? Explain | TBD |
| 2 | When client is entered with wrong password, still client is authenticated to the AP (because authentication happens before 4-way handshake) upon 4-way handshake failure? Explain | TBD |
| 3 | WEP open vs WEP shared? Which one is weaker? Why? | TBD |
| 4 | What happens when you enter wrong key for WEP OPEN connection ? | TBD |
| 5 | Explain WPA2-PSK 4 way handshake. | TBD |
| 6 | Difference between WPA2 vs WPA. | TBD |
| 7 | Difference between PTK and GTK | TBD |
| 8 | When GTK timeout gets trigered? | TBD |
| 9 | Difference between CCMP and TKIP? | TBD |
| 10 | Difference between RC4 vs AES? | TBD |
| 11 | How much overhead is added for WEP, TKIP and CCMP? | WEP : 8 Octet [4-IV + 4-ICV] TKIP : 20 Octet [4-IV + 4-EIV + 8-MIC + 4-ICV] CCMP : 16 Octet [8-CCMP Header + 8-MIC] |
| D. ♦♦♦♦ Power Save ♦♦♦♦ | ||
| No | Question | Answer / Post Link |
| 1 | What are the different powersave mechanisms are there? | LINK |
| 2 | How many types of Legacy PS are there? Explain PS-POLL and Non-PSPOLL frame exchanges | LINK |
| 3 | Throughput in PS-POLL and WWM-PS | TBD |
| 4 | Frame exchanges in WMM-PS? | LINK |
| 5 | What is SMPS and PSMP ? | TBD |
| 6 | Advantages in WMMPS | LINK |
| E. ♦♦♦♦ 802.11n ♦♦♦♦ | ||
| No | Question | Answer / Post Link |
| 1 | What are the enhancements added to 802.11n standard? | TBD |
| 2 | Is there any change in 802.11 MAC header for 802.11n? | TBD |
| 3 | What are the important fields for ADDBA (ADD BlockACK)? | TBD |
| 4 | How many types of Aggregations are there? Explain A-MPDU, A-MSDU and A-MSDU inside A-MPDU. | TBD |
| 5 | What is the use of BA (Block ACK)? Explain BA frame format. | TBD |
| 6 | Which is better A-MPDU or A-MSDU? Why? | TBD |
| 7 | What is DELBA (Delete Block ACK) | TBD |
| F. ♦♦♦♦ Roaming ♦♦♦♦ | ||
| No | Question | Answer / Post Link |
| 1 | Explain different roaming scenario differences: Legacy->PMK caching->Pre-Auth->OKC->11r | TBD |
| 2 | Explain 11r PMK-R0 and PMK1 keys. | TBD |
| G. ♦♦♦♦ 802.11ac ♦♦♦♦ | ||
| No | Question | Answer / Post Link |
| 1 | Comparison table for 11n and 11ac | Link |
| 2 | What is MIMO? | TBD |
| 3 | Explain STBC, SDM, TxBF, MRC | TBD |
| 4 | Explain Dynamic bandwidth signaling | TBD |
| 5 | Explain MU-MIMO | TBD |
| H. ♦♦♦♦ 802.11 Frames ♦♦♦♦ | ||
| No | Question | Answer / Post Link |
| 1 | Probe request is unicast or broadcast? | Probe Request can be unicast or broadcast. Broadcast Probe Request: Destination address is ff:ff:ff:ff:ff:ff and SSID field is blank. Unicast Probe Request: i) Destination address is ff:ff:ff:ff:ff:ff and SSID field is set to target AP’s SSID. Or ii) Destination address is set to target AP’s MAC address and SSID field is set to target AP’s SSID. |
| 2 | How to send unicast probe request? Which field is set? | Unicast Probe Request: i) Destination address is ff:ff:ff:ff:ff:ff and SSID field is set to target AP’s SSID. Or ii) Destination address is set to target AP’s MAC address and SSID field is set to target AP’s SSID. Unicast probe request SSID field is always set to target AP’s SSID. |
| 3 | Difference between Beacon and Probe response? | Link |
| 4 | Which frame has AID, Listen interval? | Association/Re-Association response frame contains AID. Association/Re-association request frame contains Listen Interval. |
| 5 | Which frame has SSID ? | Beacon, Directed Probe request, Probe Response, Assoc Req, Re-association Req |
| 6 | Which frame has security information? | Beacon, Probe Response, Assoc Req, Re-association Req, 11r Re-association response |
| 7 | What is Hidden node problem? | TBD |
| 8 | What is Hidden SSID and use of it? | TBD |
| 9 | When a Wi-Fi device can send RTS-CTS? | TBD |
♥♥If you have any doubts or query please let me know in comment section or send mail at feedback@wifisharks.com.♥♥
Tabrez
Please post the answers for every question, difficult to find it outside…!
Bamdeb
Hi Tabrez,
Thanks for reading the post.
Will post the answers slowly.
Mark D’Rozario
if we enter wrong password , in which step of the 4 way handshake does it fail for personal security ?
Ans: it fails in the m2 step as the MIC which will be sent will be validated and if found incorrect , the four way handshake fails. Is my understanding correct.
Bamdeb
Hi Mark,
Yes. MIC of M2 validation will be failed at AP side. I will share a details post on it. Keep following.
Thanks
Ravi patel
Yes, it will fail @ M2 steps if both PTK (PMK->MSK(which is PSK basically)will not match
& AP won’t send out M3 & this loop is keep going on between AP & STA for exchange of M1 & M2 continuously.