March Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CWNP CWSP-206 Dumps

Page: 1 / 2
Total 60 questions

CWSP Certified Wireless Security Professional Questions and Answers

Question 1

Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM. What device functions as the 802.1X/EAP Authenticator?

Options:

A.

WLAN Controller/AP

B.

MacBook Pro

C.

SRV21

D.

RADIUS server

Question 2

ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each groupwithin the company (Marketing, Sales, and Engineering). How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

Options:

A.

The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.

B.

The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.

C.

The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.

D.

The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.

Question 3

What software and hardware tools are used in the processperformed to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network?

Options:

A.

A low-gain patch antenna and terminal emulation software

B.

MAC spoofing software and MAC DoS software

C.

RF jamming device and a wireless radio card

D.

A wireless workgroup bridge and a protocol analyzer

Question 4

ABC Company is an Internet Service Provider with thousands of customers. ABC’s customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication. How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

Options:

A.

Implement a RADIUS server and query user authentication requests through the LDAP server.

B.

Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.

C.

Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.

D.

Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAPserver.

Question 5

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

Options:

A.

802.1X/ EAPauthentication

B.

Group Key Handshake

C.

DHCP Discovery

D.

RADIUS shared secret lookup

E.

4-Way Handshake

F.

Passphrase-to-PSK mapping

Question 6

In order to acquire credentials of a valid user on a public hotspot network, what attacks may be conducted? Choose thesingle completely correct answer.

Options:

A.

MAC denial of service and/or physical theft

B.

Social engineering and/or eavesdropping

C.

Authentication cracking and/or RF DoS

D.

Code injection and/or XSS

E.

RF DoS and/or physical theft

Question 7

Many corporations configure guest VLANs on their WLAN controllers that allowvisitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks. In this deployment, what risk is still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering featureenabled?

Options:

A.

Intruders can send spam to the Internet through the guest VLAN.

B.

Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

C.

Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

D.

Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

Question 8

The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?

Options:

A.

PeerKey (PK)

B.

Group Master Key (GMK)

C.

Key Confirmation Key (KCK)

D.

Pairwise Master Key (PMK)

E.

Phase Shift Key (PSK)

F.

Group Temporal Key (GTK)

Question 9

As the primary security engineer for a large corporate network, you have been asked to author a new securitypolicy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods. When writing the 802.11 security policy, what password-related items should be addressed?

Options:

A.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

B.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

C.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D.

EAP-TLS must be implemented in such scenarios.

E.

MS-CHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

Page: 1 / 2
Total 60 questions