Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CWNP CWSP-208 - Certified Wireless Security Professional (CWSP)

CWNP CWSP-208 Premium Access     Download Demo    
Page: 1 / 3
Total 119 questions

A single AP is configured with three separate WLAN profiles, as follows:

1. SSID: ABCData – BSSID: 00:11:22:00:1F:C3 – VLAN 10 – Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP – 3 current clients

2. SSID: ABCVoice – BSSID: 00:11:22:00:1F:C4 – VLAN 60 – Security: WPA2-Personal with AES-CCMP – 2 current clients

3. SSID: Guest – BSSID: 00:11:22:00:1F:C5 – VLAN 90 – Security: Open with captive portal authentication – 3 current clients

Three STAs are connected to ABCData. Three STAs are connected to Guest. Two STAs are connected to ABCVoice.

How many unique GTKs and PTKs are currently in place in this scenario?

A.

1 GTK – 8 PTKs

B.

2 GTKs – 5 PTKs

C.

2 GTKs – 8 PTKs

D.

3 GTKs – 8 PTKs

Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization.

What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)

A.

The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.

B.

The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.

C.

RADIUS can reassign a client’s 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.

D.

RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.

E.

RADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.

What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?

A.

The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.

B.

The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.

C.

The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.

D.

The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.

Given: ABC Corporation’s 802.11 WLAN is comprised of a redundant WLAN controller pair (N+1) and 30 access points implemented in 2004. ABC implemented WEP encryption with IPSec VPN technology to secure their wireless communication because it was the strongest security solution available at the time it was implemented. IT management has decided to upgrade the WLAN infrastructure and implement Voice over Wi-Fi and is concerned with security because most Voice over Wi-Fi phones do not support IPSec.

As the wireless network administrator, what new security solution would be best for protecting ABC’s data?

A.

Migrate corporate data clients to WPA-Enterprise and segment Voice over Wi-Fi phones by assigning them to a different frequency band.

B.

Migrate corporate data and Voice over Wi-Fi devices to WPA2-Enterprise with fast secure roaming support, and segment Voice over Wi-Fi data on a separate VLAN.

C.

Migrate to a multi-factor security solution to replace IPSec; use WEP with MAC filtering, SSID hiding, stateful packet inspection, and VLAN segmentation.

D.

Migrate all 802.11 data devices to WPA-Personal, and implement a secure DHCP server to allocate addresses from a segmented subnet for the Voice over Wi-Fi phones.

Given: ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS-CHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hot-spot include:

    Cannot access corporate network resources

    Network permissions are limited to Internet access

    All stations must be authenticated

What security controls would you suggest? (Choose the single best answer.)

A.

Implement separate controllers for the corporate and guest WLANs.

B.

Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.

C.

Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.

D.

Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.

E.

Force all guest users to use a common VPN protocol to connect.

You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:

1. SSID: Guest – VLAN 90 – Security: Open with captive portal authentication – 2 current clients

2. SSID: ABCData – VLAN 10 – Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP – 5 current clients

3. SSID: ABCVoice – VLAN 60 – Security: WPA2-Personal – 2 current clients

Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.

What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?

A.

Only the members of the executive team that are part of the multicast group configured on the media server

B.

All clients that are associated to the AP using the ABCData SSID

C.

All clients that are associated to the AP using any SSID

D.

All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.

Given: The Marketing department’s WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.

What single WLAN security feature should be implemented to comply with these requirements?

A.

Mutual authentication

B.

Captive portal

C.

Role-based access control

D.

Group authentication

E.

RADIUS policy accounting

What protocols allow a network administrator to securely manage the configuration of WLAN controllers and access points? (Choose 2)

A.

SNMPv1

B.

HTTPS

C.

Telnet

D.

TFTP

E.

FTP

F.

SSHv2

The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?

A.

Phase Shift Key (PSK)

B.

Group Master Key (GMK)

C.

Pairwise Master Key (PMK)

D.

Group Temporal Key (GTK)

E.

PeerKey (PK)

F.

Key Confirmation Key (KCK)

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.