Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CWNP CWSP-208 - Certified Wireless Security Professional (CWSP)

CWNP CWSP-208 Premium Access     Download Demo    
Page: 1 / 4
Total 119 questions

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

A.

Awareness of the exact vendor devices being installed

B.

Management support for the process

C.

End-user training manuals for the policies to be created

D.

Security policy generation software

In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

A.

In home networks in which file and printer sharing is enabled

B.

At public hot-spots in which many clients use diverse applications

C.

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

D.

In university environments using multicast video training sourced from professor’s laptops

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.

When writing the 802.11 security policy, what password-related items should be addressed?

A.

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

C.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

E.

EAP-TLS must be implemented in such scenarios.

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

What elements should be addressed by a WLAN security policy? (Choose 2)

A.

Enabling encryption to prevent MAC addresses from being sent in clear text

B.

How to prevent non-IT employees from learning about and reading the user security policy

C.

End-user training for password selection and acceptable network use

D.

The exact passwords to be used for administration interfaces on infrastructure devices

E.

Social engineering recognition and mitigation techniques

Given: A network security auditor is preparing to perform a comprehensive assessment of an 802.11ac network’s security.

What task should be performed at the beginning of the audit to maximize the auditor’s ability to expose network vulnerabilities?

A.

Identify the IP subnet information for each network segment.

B.

Identify the manufacturer of the wireless intrusion prevention system.

C.

Identify the skill level of the wireless network security administrator(s).

D.

Identify the manufacturer of the wireless infrastructure hardware.

E.

Identify the wireless security solution(s) currently in use.

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

A.

Require Port Address Translation (PAT) on each laptop.

B.

Require secure applications such as POP, HTTP, and SSH.

C.

Require VPN software for connectivity to the corporate network.

D.

Require WPA2-Enterprise as the minimal WLAN security solution.

You have been recently hired as the wireless network administrator for an organization spread across seven locations. They have deployed more than 100 APs, but they have not been managed in either an automated or manual process for more than 18 months. Given this length of time, what is one of the first things you should evaluate from a security perspective?

A.

The channel widths configured

B.

The channels in use

C.

The VLANs in use

D.

The firmware revision

Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly. When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful. Before using the WLAN protocol analyzer, Mary’s laptop connected to the network without any problems.

What statement indicates why Mary cannot access the network from her laptop computer?

A.

The nearby WIPS sensor categorized Mary’s protocol analyzer adapter as a threat and is performing a deauthentication flood against her computer.

B.

The PEAP client’s certificate was voided when the protocol analysis software assumed control of the wireless adapter.

C.

The protocol analyzer’s network interface card (NIC) drivers are still loaded and do not support the version of PEAP being used.

D.

Mary’s supplicant software is using PEAPv0/EAP-MSCHAPv2, and the access point is using PEAPv1/EAP-GTC.

Given: You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured.

In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?

A.

Probe request

B.

Beacon

C.

RTS

D.

CTS

E.

Data frames