New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CWNP CWSP-208 - Certified Wireless Security Professional (CWSP)

CWNP CWSP-208 Premium Access     Download Demo    
Page: 2 / 4
Total 119 questions

What security vulnerabilities may result from a lack of staging, change management, and installation procedures for WLAN infrastructure equipment? (Choose 2)

A.

The WLAN system may be open to RF Denial-of-Service attacks

B.

WIPS may not classify authorized, rogue, and neighbor APs accurately

C.

Authentication cracking of 64-bit Hex WPA-Personal PSK

D.

Management interface exploits due to the use of default usernames and passwords for AP management

E.

AES-CCMP encryption keys may be decrypted

Select the answer option that arranges the numbered events in the correct time sequence (first to last) for a client associating to a BSS using EAP-PEAPv0/MSCHAPv2.

1. Installation of PTK

2. Initiation of 4-way handshake

3. Open system authentication

4. 802.11 association

5. 802.1X controlled port is opened for data traffic

6. Client validates server certificate

7. AS validates client credentials

A.

3—4—6—7—2—1—5

B.

4—3—5—2—7—6—1

C.

5—3—4—2—6—7—1

D.

6—1—3—4—2—7—5

E.

4—3—2—7—6—1—5

F.

3—4—7—6—5—2—1

ABC Company has deployed a Single Channel Architecture (SCA) solution to help overcome some of the common problems with client roaming. In such a network, all APs are configured with the same channel and BSSID. PEAPv0/EAP-MSCHAPv2 is the only supported authentication mechanism.

As the Voice over Wi-Fi (STA-1) client moves throughout this network, what events are occurring?

A.

STA-1 initiates open authentication and 802.11 association with each AP prior to roaming.

B.

The WLAN controller is querying the RADIUS server for authentication before the association of STA-1 is moved from one AP to the next.

C.

STA-1 controls when and where to roam by using signal and performance metrics in accordance with the chipset drivers and 802.11k.

D.

The WLAN controller controls the AP to which STA-1 is associated and transparently moves this association in accordance with the physical location of STA-1.

When monitoring APs within a LAN using a Wireless Network Management System (WNMS), what secure protocol may be used by the WNMS to issue configuration changes to APs?

A.

IPSec/ESP

B.

TFTP

C.

802.1X/EAP

D.

SNMPv3

E.

PPTP

In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from 802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC’s facility. ABC has always been highly security conscious, but due to budget limitations, they have not yet updated their overlay WIPS solution to 802.11n or 802.11ac.

Given ABC’s deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?

A.

Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client

B.

Rogue AP operating in Greenfield 40 MHz-only mode

C.

802.11a STA performing a deauthentication attack against 802.11n APs

D.

802.11n client spoofing the MAC address of an authorized 802.11n client

Given: You are using WEP as an encryption solution. You are using VLANs for network segregation.

Why can you not establish an RSNA?

A.

RSNA connections require TKIP or CCMP.

B.

RSNA connections require BIP and do not support TKIP, CCMP or WEP.

C.

RSNA connections require CCMP and do not support TKIP or WEP.

D.

RSNA connections do not work in conjunction with VLANs.

Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company’s employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.

What security implementation will allow the network administrator to achieve this goal?

A.

Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect.

B.

Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect.

C.

Implement two separate SSIDs on the AP—one for WPA-Personal using TKIP and one for WPA2-Personal using AES-CCMP.

D.

Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP.

What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in an 802.11 WLAN?

A.

EAP-TTLS sends encrypted supplicant credentials to the authentication server, but EAP-TLS uses unencrypted user credentials.

B.

EAP-TTLS supports client certificates, but EAP-TLS does not.

C.

EAP-TTLS does not require an authentication server, but EAP-TLS does.

D.

EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP-TLS does.

Given: ABC Company secures their network with WPA2-Personal authentication and AES-CCMP encryption.

What part of the 802.11 frame is always protected from eavesdroppers by this type of security?

A.

All MSDU contents

B.

All MPDU contents

C.

All PPDU contents

D.

All PSDU contents

What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

A.

H-REAP

B.

EAP-GTC

C.

EAP-TTLS

D.

PEAP

E.

LEAP