Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CWNP CWSP-207 - Certified Wireless Security Professional (CWSP)

CWNP CWSP-207 Premium Access     Download Demo    
Page: 1 / 4
Total 119 questions

Given: A network security auditor is preparing to perform a comprehensive assessment of an 802.11ac network’s security.

What task should be performed at the beginning of the audit to maximize the auditor’s ability to expose network vulnerabilities?

A.

Identify the IP subnet information for each network segment.

B.

Identify the manufacturer of the wireless intrusion prevention system.

C.

Identify the skill level of the wireless network security administrator(s).

D.

Identify the manufacturer of the wireless infrastructure hardware.

E.

Identify the wireless security solution(s) currently in use.

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

A.

AKM Suite List

B.

Group Cipher Suite

C.

RSN Capabilities

D.

Pairwise Cipher Suite List

You have been recently hired as the wireless network administrator for an organization spread across seven locations. They have deployed more than 100 APs, but they have not been managedin either an automated or manual process for more than 18 months. Given this length of time, what is one of the first things you should evaluate from a security perspective?

A.

The channel widths configured

B.

The channels in use

C.

The VLANs in use

D.

The firmware revision

In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from 802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC’s facility. ABC has always been highly security conscious, but due to budget limitations, they have not yet updated their overlay WIPS solution to 802.11n or 802.11ac.

Given ABC’s deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?

A.

Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client

B.

Rogue AP operating in Greenfield 40 MHz-only mode

C.

802.11a STA performing a deauthentication attack against 802.11n APs

D.

802.11n client spoofing the MAC address of an authorized 802.11n client

Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console.

What kind of system should be installed to provide the required compliance reporting and forensics features?

A.

WNMS

B.

WIPS overlay

C.

WIPS integrated

D.

Cloud management platform

You are implementing a wireless LAN that will be used by point-of-sale (PoS) systems in a retail environment. Thirteen PoS computers will be installed. To what industry requirement should you ensure you adhere?

A.

ISA99

B.

HIPAA

C.

PCI-DSS

D.

Directive 8500.01

Wireless Intrusion Prevention Systems (WIPS) are used for what purposes? (Choose 3)

A.

Performance monitoring and troubleshooting

B.

Enforcing wireless network security policy

C.

Detecting and defending against eavesdropping attacks

D.

Security monitoring and notification

E.

Preventing physical carrier sense attacks

F.

Classifying wired client devices

Given: You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured.

In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?

A.

Probe request

B.

Beacon

C.

RTS

D.

CTS

E.

Data frames

Given: A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):

1) 802.11 Probe Req and 802.11 Probe Rsp

2) 802.11 Auth and then another 802.11 Auth

3) 802.11 Assoc Req and 802.11 Assoc Rsp

4) EAPOL-KEY

5) EAPOL-KEY

6) EAPOL-KEY

7) EAPOL-KEY

What security mechanism is being used on the WLAN?

A.

WEP-128

B.

WPA2-Personal

C.

EAP-TLS

D.

WPA-Enterprise

E.

802.1X/LEAP

Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs. Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:

SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite

SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher suite

The consultant’s computer can successfully authenticate and browse the Internet when using the Blue SSID. The same computer cannot authenticate when using the Red SSID.

What is a possible cause of the problem?

A.

The Red VLAN does not use server certificate, but the client requires one.

B.

The TKIP cipher suite is not a valid option for PEAPv0 authentication.

C.

The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.

D.

The consultant does not have a valid Kerberos ID on the Blue VLAN.