New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CWNP CWSP-207 Dumps Questions Answers

Page: 1 / 8
Total 119 questions

Certified Wireless Security Professional (CWSP) Questions and Answers

Question 1

Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

Options:

A.

It does not support the outer identity.

B.

It is not a valid EAP type.

C.

It does not support mutual authentication.

D.

It does not support a RADIUS server.

Buy Now
Question 2

What security benefits are provided by endpoint security solution software? (Choose 3)

Options:

A.

Can prevent connections to networks with security settings that do not conform to company policy

B.

Can collect statistics about a user’s network use and monitor network threats while they are connected

C.

Can restrict client connections to networks with specific SSIDs and encryption types

D.

Can be used to monitor for and prevent network attacks by nearby rogue clients or APs

Question 3

Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.

What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?

Options:

A.

EAP-FAST

B.

EAP-TLS

C.

PEAPv0/EAP-MSCHAPv2

D.

LEAP

E.

PEAPv0/EAP-TLS

F.

EAP-TTLS/MSCHAPv2

Question 4

Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity.

What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?

Options:

A.

Configure WPA2-Enterprise security on the access point

B.

Block TCP port 25 and 80 outbound on the Internet router

C.

Require client STAs to have updated firewall and antivirus software

D.

Allow only trusted patrons to use the WLAN

E.

Use a WIPS to monitor all traffic and deauthenticate malicious stations

F.

Implement a captive portal with an acceptable use disclaimer

Question 5

What protocols allow a network administrator to securely manage the configuration of WLAN controllers and access points? (Choose 2)

Options:

A.

SNMPv1

B.

HTTPS

C.

Telnet

D.

TFTP

E.

FTP

F.

SSHv2

Question 6

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

Options:

A.

Group Key Handshake

B.

802.1X/EAP authentication

C.

DHCP Discovery

D.

4-Way Handshake

E.

Passphrase-to-PSK mapping

F.

RADIUS shared secret lookup

Question 7

Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company’s employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.

What security implementation will allow the network administrator to achieve this goal?

Options:

A.

Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect.

B.

Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect.

C.

Implement two separate SSIDs on the AP—one for WPA-Personal using TKIP and one for WPA2-Personal using AES-CCMP.

D.

Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP.

Question 8

Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.

What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

Options:

A.

Multi-factor authentication

B.

4-Way Handshake

C.

PLCP Cyclic Redundancy Check (CRC)

D.

Encrypted Passphrase Protocol (EPP)

E.

Integrity Check Value (ICV)

F.

Group Temporal Keys

Question 9

What are the three roles of the 802.1X framework, as defined by the 802.1X standard, that are performed by the client STA, the AP (or WLAN controller), and the RADIUS server? (Choose 3)

Options:

A.

Enrollee

B.

Registrar

C.

AAA Server

D.

Authentication Server

E.

Supplicant

F.

Authenticator

G.

Control Point

Question 10

Given: During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text.

From a security perspective, why is this significant?

Options:

A.

The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.

B.

The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.

C.

4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.

D.

The username can be looked up in a dictionary file that lists common username/password combinations.

Question 11

What type of WLAN attack is prevented with the use of a per-MPDU TKIP sequence counter (TSC)?

Options:

A.

Weak-IV

B.

Forgery

C.

Replay

D.

Bit-flipping

E.

Session hijacking

Question 12

Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data.

What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

Options:

A.

All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

B.

Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.

C.

Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.

D.

Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.

E.

The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.

Question 13

You perform a protocol capture using Wireshark and a compatible 802.11 adapter in Linux. When viewing the capture, you see an auth req frame and an auth rsp frame. Then you see an assoc req frame and an assoc rsp frame. Shortly after, you see DHCP communications and then ISAKMP protocol packets. What security solution is represented?

Options:

A.

802.1X/EAP-TTLS

B.

Open 802.11 authentication with IPSec

C.

802.1X/PEAPv0/MS-CHAPv2

D.

WPA2-Personal with AES-CCMP

E.

EAP-MD5

Question 14

Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

Options:

A.

Rogue APs

B.

DoS

C.

Eavesdropping

D.

Social engineering

Question 15

An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?

Options:

A.

Man-in-the-middle

B.

Hijacking

C.

ASLEAP

D.

DoS

Question 16

Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individualshave raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.

As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

Options:

A.

MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

B.

MS-CHAPv2 is subject to offline dictionary attacks.

C.

LEAP’s use of MS-CHAPv2 is only secure when combined with WEP.

D.

MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

E.

MS-CHAPv2 uses AES authentication, and is therefore secure.

F.

When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

Question 17

Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other users’ traffic, the attacker must obtain certain information from the 4-way handshake of the other users.

In addition to knowing the Pairwise Master Key (PMK) and the supplicant’s address (SA), what other three inputs must be collected with a protocol analyzer to recreate encryption keys? (Choose 3)

Options:

A.

Authenticator nonce

B.

Supplicant nonce

C.

Authenticator address (BSSID)

D.

GTKSA

E.

Authentication Server nonce

Question 18

What is a primary criteria for a network to qualify as a Robust Security Network (RSN)?

Options:

A.

Token cards must be used for authentication.

B.

Dynamic WEP-104 encryption must be enabled.

C.

WEP may not be used for encryption.

D.

WPA-Personal must be supported for authentication and encryption.

E.

WLAN controllers and APs must not support SSHv1.

Question 19

For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?

Options:

A.

All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.

B.

A location chipset (GPS) must be installed with it.

C.

At least six antennas must be installed in each sensor.

D.

The RF environment must be sampled during an RF calibration process.

Question 20

Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly. When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful. Before using the WLAN protocol analyzer, Mary’s laptop connected to the network without any problems.

What statement indicates why Mary cannot access the network from her laptop computer?

Options:

A.

The nearby WIPS sensor categorized Mary’s protocol analyzer adapter as a threat and is performing a deauthentication flood against her computer.

B.

The PEAP client’s certificate was voided when the protocol analysis software assumed control of the wireless adapter.

C.

The protocol analyzer’s network interface card (NIC) drivers are still loaded and do not support the version of PEAP being used.

D.

Mary’s supplicant software is using PEAPv0/EAP-MSCHAPv2, and the access point is using PEAPv1/EAP-GTC.

Question 21

You are implementing a wireless LAN that will be used by point-of-sale (PoS) systems in a retail environment. Thirteen PoS computers will be installed. To what industry requirement should you ensure you adhere?

Options:

A.

ISA99

B.

HIPAA

C.

PCI-DSS

D.

Directive 8500.01

Question 22

You work as the security administrator for your organization. In relation to the WLAN, you are viewing a dashboard that shows security threat, policy compliance and rogue threat charts. What type of system is in view?

Options:

A.

Wireshark Protocol Analyzer

B.

Wireless VPN Management Systems

C.

Wireless Intrusion Prevention System

D.

Distributed RF Spectrum Analyzer

E.

WLAN Emulation System

Question 23

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

Options:

A.

AKM Suite List

B.

Group Cipher Suite

C.

RSN Capabilities

D.

Pairwise Cipher Suite List

Question 24

Select the answer option that arranges the numbered events in the correct time sequence (first to last) for a client associating to a BSS using EAP-PEAPv0/MSCHAPv2.

1. Installation of PTK

2. Initiation of 4-way handshake

3. Open system authentication

4. 802.11 association

5. 802.1X controlled port is opened for data traffic

6. Client validates server certificate

7. AS validates client credentials

Options:

A.

3—4—6—7—2—1—5

B.

4—3—5—2—7—6—1

C.

5—3—4—2—6—7—1

D.

6—1—3—4—2—7—5

E.

4—3—2—7—6—1—5

F.

3—4—7—6—5—2—1

Question 25

ABC Company requires the ability to identify and quickly locate rogue devices. ABC has chosen an overlay WIPS solution with sensors that use dipole antennas to perform this task. Use your knowledge of location tracking techniques to answer the question.

In what ways can this 802.11-based WIPS platform determine the location of rogue laptops or APs? (Choose 3)

Options:

A.

Time Difference of Arrival (TDoA)

B.

Angle of Arrival (AoA)

C.

Trilateration of RSSI measurements

D.

GPS Positioning

E.

RF Fingerprinting

Question 26

When monitoring APs within a LAN using a Wireless Network Management System (WNMS), what secure protocol may be used by the WNMS to issue configuration changes to APs?

Options:

A.

IPSec/ESP

B.

TFTP

C.

802.1X/EAP

D.

SNMPv3

E.

PPTP

Question 27

Given: A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):

1) 802.11 Probe Req and 802.11 Probe Rsp

2) 802.11 Auth and then another 802.11 Auth

3) 802.11 Assoc Req and 802.11 Assoc Rsp

4) EAPOL-KEY

5) EAPOL-KEY

6) EAPOL-KEY

7) EAPOL-KEY

What security mechanism is being used on the WLAN?

Options:

A.

WEP-128

B.

WPA2-Personal

C.

EAP-TLS

D.

WPA-Enterprise

E.

802.1X/LEAP

Question 28

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

Options:

A.

Awareness of the exact vendor devices being installed

B.

Management support for the process

C.

End-user training manuals for the policies to be created

D.

Security policy generation software

Question 29

What elements should be addressed by a WLAN security policy? (Choose 2)

Options:

A.

Enabling encryption to prevent MAC addresses from being sent in clear text

B.

How to prevent non-IT employees from learning about and reading the user security policy

C.

End-user training for password selection and acceptable network use

D.

The exact passwords to be used for administration interfaces on infrastructure devices

E.

Social engineering recognition and mitigation techniques

Question 30

In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

Options:

A.

In home networks in which file and printer sharing is enabled

B.

At public hot-spots in which many clients use diverse applications

C.

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

D.

In university environments using multicast video training sourced from professor’s laptops

Question 31

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

Options:

A.

Require Port Address Translation (PAT) on each laptop.

B.

Require secure applications such as POP, HTTP, and SSH.

C.

Require VPN software for connectivity to the corporate network.

D.

Require WPA2-Enterprise as the minimal WLAN security solution.

Question 32

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.

When writing the 802.11 security policy, what password-related items should be addressed?

Options:

A.

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

C.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

E.

EAP-TLS must be implemented in such scenarios.

Question 33

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

Options:

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Page: 1 / 8
Total 119 questions