New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CWNP > CWNP Certification > CWSP-207

CWSP-207 Certified Wireless Security Professional (CWSP) Question and Answers

Question # 4

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

A.

Awareness of the exact vendor devices being installed

B.

Management support for the process

C.

End-user training manuals for the policies to be created

D.

Security policy generation software

Full Access
Question # 5

What elements should be addressed by a WLAN security policy? (Choose 2)

A.

Enabling encryption to prevent MAC addresses from being sent in clear text

B.

How to prevent non-IT employees from learning about and reading the user security policy

C.

End-user training for password selection and acceptable network use

D.

The exact passwords to be used for administration interfaces on infrastructure devices

E.

Social engineering recognition and mitigation techniques

Full Access
Question # 6

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Full Access
Question # 7

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

A.

Require Port Address Translation (PAT) on each laptop.

B.

Require secure applications such as POP, HTTP, and SSH.

C.

Require VPN software for connectivity to the corporate network.

D.

Require WPA2-Enterprise as the minimal WLAN security solution.

Full Access
Question # 8

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.

When writing the 802.11 security policy, what password-related items should be addressed?

A.

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

C.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

E.

EAP-TLS must be implemented in such scenarios.

Full Access
Question # 9

Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

A.

Rogue APs

B.

DoS

C.

Eavesdropping

D.

Social engineering

Full Access
Question # 10

What is a primary criteria for a network to qualify as a Robust Security Network (RSN)?

A.

Token cards must be used for authentication.

B.

Dynamic WEP-104 encryption must be enabled.

C.

WEP may not be used for encryption.

D.

WPA-Personal must be supported for authentication and encryption.

E.

WLAN controllers and APs must not support SSHv1.

Full Access
Question # 11

You perform a protocol capture using Wireshark and a compatible 802.11 adapter in Linux. When viewing the capture, you see an auth req frame and an auth rsp frame. Then you see an assoc req frame and an assoc rsp frame. Shortly after, you see DHCP communications and then ISAKMP protocol packets. What security solution is represented?

A.

802.1X/EAP-TTLS

B.

Open 802.11 authentication with IPSec

C.

802.1X/PEAPv0/MS-CHAPv2

D.

WPA2-Personal with AES-CCMP

E.

EAP-MD5

Full Access
Question # 12

Given: You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution.

In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)

A.

Encryption cracking

B.

Offline dictionary attacks

C.

Layer 3 peer-to-peer

D.

Application eavesdropping

E.

Session hijacking

F.

Layer 1 DoS

Full Access
Question # 13

Given: The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions.

What are three uses for such a tool? (Choose 3)

A.

Transmitting a deauthentication frame to disconnect a user from the AP.

B.

Auditing the configuration and functionality of a WIPS by simulating common attack sequences

C.

Probing the RADIUS server and authenticator to expose the RADIUS shared secret

D.

Cracking the authentication or encryption processes implemented poorly in some WLANs

Full Access
Question # 14

Given: In XYZ’s small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.

What statement about the WLAN security of this company is true?

A.

Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.

B.

A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.

C.

An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.

D.

An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user’s 4-Way Handshake.

E.

Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.

Full Access
Question # 15

A WLAN is implemented using WPA-Personal and MAC filtering.

To what common wireless network attacks is this network potentially vulnerable? (Choose 3)

A.

Offline dictionary attacks

B.

MAC Spoofing

C.

ASLEAP

D.

DoS

Full Access
Question # 16

What software and hardware tools are used together to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network? (Choose 2)

A.

RF jamming device and a wireless radio card

B.

A low-gain patch antenna and terminal emulation software

C.

A wireless workgroup bridge and a protocol analyzer

D.

DHCP server software and access point software

E.

MAC spoofing software and MAC DoS software

Full Access
Question # 17

Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individualshave raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.

As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

A.

MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

B.

MS-CHAPv2 is subject to offline dictionary attacks.

C.

LEAP’s use of MS-CHAPv2 is only secure when combined with WEP.

D.

MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

E.

MS-CHAPv2 uses AES authentication, and is therefore secure.

F.

When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

Full Access
Question # 18

Given: XYZ Company has recently installed an 802.11ac WLAN. The company needs the ability to control access to network services, such as file shares, intranet web servers, and Internet access based on an employee's job responsibilities.

What WLAN security solution meets this requirement?

A.

An autonomous AP system with MAC filters

B.

WPA2-Personal with support for LDAP queries

C.

A VPN server with multiple DHCP scopes

D.

A WLAN controller with RBAC features

E.

A WLAN router with wireless VLAN support

Full Access
Question # 19

What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?

A.

Fast/secure roaming in an 802.11 RSN is significantly longer when EAP-TLS is in use.

B.

EAP-TLS does not protect the client's username and password inside an encrypted tunnel.

C.

EAP-TLS cannot establish a secure tunnel for internal EAP authentication.

D.

EAP-TLS is supported only by Cisco wireless infrastructure and client devices.

E.

EAP-TLS requires extensive PKI use to create X.509 certificates for both the server and all clients, which increases administrative overhead.

Full Access
Question # 20

Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization.

What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)

A.

The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.

B.

The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.

C.

RADIUS can reassign a client’s 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.

D.

RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.

E.

RADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.

Full Access
Question # 21

Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.

In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

A.

Intruders can send spam to the Internet through the guest VLAN.

B.

Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

C.

Unauthorized users can perform Internet-based network attacks through the WLAN.

D.

Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

E.

Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

Full Access
Question # 22

Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.

What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

A.

Multi-factor authentication

B.

4-Way Handshake

C.

PLCP Cyclic Redundancy Check (CRC)

D.

Encrypted Passphrase Protocol (EPP)

E.

Integrity Check Value (ICV)

F.

Group Temporal Keys

Full Access
Question # 23

When TKIP is selected as the pairwise cipher suite, what frame types may be protected with data confidentiality? (Choose 2)

A.

Robust broadcast management

B.

Robust unicast management

C.

Control

D.

Data

E.

ACK

F.

QoS Data

Full Access
Question # 24

What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)

A.

802.11w frame protection protects against some Layer 2 denial-of-service (DoS) attacks, but it cannot prevent all types of Layer 2 DoS attacks.

B.

When frame protection is in use, the PHY preamble and header as well as the MAC header are encrypted with 256- or 512-bit AES.

C.

Authentication, association, and acknowledgment frames are protected if management frame protection is enabled, but deauthentication and disassociation frames are not.

D.

Management frame protection protects disassociation and deauthentication frames.

Full Access
Question # 25

Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).

Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

A.

Fragmentation threshold

B.

Administrative password

C.

Output power

D.

Cell radius

Full Access
Question # 26

Given: When the CCMP cipher suite is used for protection of data frames, 16 bytes of overhead are added to the Layer 2 frame. 8 of these bytes comprise the MIC.

What purpose does the encrypted MIC play in protecting the data frame?

A.

The MIC is used as a first layer of validation to ensure that the wireless receiver does not incorrectly process corrupted signals.

B.

The MIC provides for a cryptographic integrity check against the data payload to ensure that it matches the original transmitted data.

C.

The MIC is a hash computation performed by the receiver against the MAC header to detect replay attacks prior to processing the encrypted payload.

D.

The MIC is a random value generated during the 4-way handshake and is used for key mixing to enhance the strength of the derived PTK.

Full Access
Question # 27

Given: XYZ Hospital plans to improve the security and performance of their Voice over Wi-Fi implementation and will be upgrading to 802.11n phones with 802.1X/EAP authentication. XYZ would like to support fast secure roaming for the phones and will require the ability to troubleshoot reassociations that are delayed or dropped during inter-channel roaming.

What portable solution would be recommended for XYZ to troubleshoot roaming problems?

A.

WIPS sensor software installed on a laptop computer

B.

Spectrum analyzer software installed on a laptop computer

C.

An autonomous AP mounted on a mobile cart and configured to operate in monitor mode

D.

Laptop-based protocol analyzer with multiple 802.11n adapters

Full Access