CWNP CWSP-207 Dumps

Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

What security benefits are provided by endpoint security solution software? (Choose 3)

Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.

What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?

Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity.

What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?

What protocols allow a network administrator to securely manage the configuration of WLAN controllers and access points? (Choose 2)

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company’s employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.

What security implementation will allow the network administrator to achieve this goal?

Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.

What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

What are the three roles of the 802.1X framework, as defined by the 802.1X standard, that are performed by the client STA, the AP (or WLAN controller), and the RADIUS server? (Choose 3)

Given: During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text.

From a security perspective, why is this significant?

What type of WLAN attack is prevented with the use of a per-MPDU TKIP sequence counter (TSC)?

Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data.

What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

You perform a protocol capture using Wireshark and a compatible 802.11 adapter in Linux. When viewing the capture, you see an auth req frame and an auth rsp frame. Then you see an assoc req frame and an assoc rsp frame. Shortly after, you see DHCP communications and then ISAKMP protocol packets. What security solution is represented?

Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?

Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individualshave raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.

As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other users’ traffic, the attacker must obtain certain information from the 4-way handshake of the other users.

In addition to knowing the Pairwise Master Key (PMK) and the supplicant’s address (SA), what other three inputs must be collected with a protocol analyzer to recreate encryption keys? (Choose 3)

What is a primary criteria for a network to qualify as a Robust Security Network (RSN)?

For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?

Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly. When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful. Before using the WLAN protocol analyzer, Mary’s laptop connected to the network without any problems.

What statement indicates why Mary cannot access the network from her laptop computer?

You are implementing a wireless LAN that will be used by point-of-sale (PoS) systems in a retail environment. Thirteen PoS computers will be installed. To what industry requirement should you ensure you adhere?

You work as the security administrator for your organization. In relation to the WLAN, you are viewing a dashboard that shows security threat, policy compliance and rogue threat charts. What type of system is in view?

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

Select the answer option that arranges the numbered events in the correct time sequence (first to last) for a client associating to a BSS using EAP-PEAPv0/MSCHAPv2.

1. Installation of PTK

2. Initiation of 4-way handshake

3. Open system authentication

4. 802.11 association

5. 802.1X controlled port is opened for data traffic

6. Client validates server certificate

7. AS validates client credentials

ABC Company requires the ability to identify and quickly locate rogue devices. ABC has chosen an overlay WIPS solution with sensors that use dipole antennas to perform this task. Use your knowledge of location tracking techniques to answer the question.

In what ways can this 802.11-based WIPS platform determine the location of rogue laptops or APs? (Choose 3)

When monitoring APs within a LAN using a Wireless Network Management System (WNMS), what secure protocol may be used by the WNMS to issue configuration changes to APs?

Given: A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):

1) 802.11 Probe Req and 802.11 Probe Rsp

2) 802.11 Auth and then another 802.11 Auth

3) 802.11 Assoc Req and 802.11 Assoc Rsp

4) EAPOL-KEY

5) EAPOL-KEY

6) EAPOL-KEY

7) EAPOL-KEY

What security mechanism is being used on the WLAN?

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

What elements should be addressed by a WLAN security policy? (Choose 2)

In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.

When writing the 802.11 security policy, what password-related items should be addressed?

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?