Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium CWNP CWSP-208 Dumps Questions Answers

Page: 1 / 7
Total 119 questions

Certified Wireless Security Professional (CWSP) Questions and Answers

Question 1

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

Options:

A.

Awareness of the exact vendor devices being installed

B.

Management support for the process

C.

End-user training manuals for the policies to be created

D.

Security policy generation software

Buy Now
Question 2

In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

Options:

A.

In home networks in which file and printer sharing is enabled

B.

At public hot-spots in which many clients use diverse applications

C.

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

D.

In university environments using multicast video training sourced from professor’s laptops

Question 3

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

Options:

A.

Require Port Address Translation (PAT) on each laptop.

B.

Require secure applications such as POP, HTTP, and SSH.

C.

Require VPN software for connectivity to the corporate network.

D.

Require WPA2-Enterprise as the minimal WLAN security solution.

Question 4

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

Options:

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Question 5

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.

When writing the 802.11 security policy, what password-related items should be addressed?

Options:

A.

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

C.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

E.

EAP-TLS must be implemented in such scenarios.

Question 6

What elements should be addressed by a WLAN security policy? (Choose 2)

Options:

A.

Enabling encryption to prevent MAC addresses from being sent in clear text

B.

How to prevent non-IT employees from learning about and reading the user security policy

C.

End-user training for password selection and acceptable network use

D.

The exact passwords to be used for administration interfaces on infrastructure devices

E.

Social engineering recognition and mitigation techniques

Question 7

You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions. Which of the following statements is true regarding integrated WIPS solutions?

Options:

A.

Integrated WIPS always perform better from a client throughput perspective because the same radio that performs the threat scanning also services the clients.

B.

Integrated WIPS use special sensors installed alongside the APs to scan for threats.

C.

Many integrated WIPS solutions that detect Voice over Wi-Fi traffic will cease scanning altogether to accommodate the latency sensitive client traffic.

D.

Integrated WIPS is always more expensive than overlay WIPS.

Question 8

After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?

Options:

A.

Authorized PEAP usernames must be added to the WIPS server’s user database.

B.

WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

C.

Separate security profiles must be defined for network operation in different regulatory domains

D.

Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

Question 9

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

Options:

A.

AKM Suite List

B.

Group Cipher Suite

C.

RSN Capabilities

D.

Pairwise Cipher Suite List

Question 10

What WLAN client device behavior is exploited by an attacker during a hijacking attack?

Options:

A.

When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.

B.

When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.

C.

After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.

D.

As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-to-client connections, even in an infrastructure BSS.

E.

Client drivers scan for and connect to access points in the 2.4 GHz band before scanning the 5 GHz band.

Question 11

Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank’s website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John’s bank account user ID and password and exploit this information.

What likely scenario could have allowed the hacker to obtain John’s bank account user ID and password?

Options:

A.

John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.

B.

John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.

C.

John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.

D.

The bank’s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

E.

Before connecting to the bank’s website, John’s association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank’s web server and has decrypted John’s login credentials in near real-time.

Question 12

ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.

What types of wireless attacks are protected by 802.11w? (Choose 2)

Options:

A.

RF DoS attacks

B.

Layer 2 Disassociation attacks

C.

Robust management frame replay attacks

D.

Social engineering attacks

Question 13

What is a primary criteria for a network to qualify as a Robust Security Network (RSN)?

Options:

A.

Token cards must be used for authentication.

B.

Dynamic WEP-104 encryption must be enabled.

C.

WEP may not be used for encryption.

D.

WPA-Personal must be supported for authentication and encryption.

E.

WLAN controllers and APs must not support SSHv1.

Question 14

Given: You are using a Wireless Aggregator utility to combine multiple packet captures. One capture exists for each of channels 1, 6 and 11. What kind of troubleshooting are you likely performing with such a tool?

Options:

A.

Wireless adapter failure analysis.

B.

Interference source location.

C.

Fast secure roaming problems.

D.

Narrowband DoS attack detection.

Question 15

Given: You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution.

In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)

Options:

A.

Encryption cracking

B.

Offline dictionary attacks

C.

Layer 3 peer-to-peer

D.

Application eavesdropping

E.

Session hijacking

F.

Layer 1 DoS

Question 16

Given: Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.

While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)

Options:

A.

Man-in-the-Middle

B.

Wi-Fi phishing

C.

Management interface exploits

D.

UDP port redirection

E.

IGMP snooping

Question 17

An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?

Options:

A.

Man-in-the-middle

B.

Hijacking

C.

ASLEAP

D.

DoS

Question 18

Given: In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation’s wireless network. Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user’s connections. XYZ’s legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices.

With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?

Options:

A.

All WLAN clients will reassociate to the consultant’s software AP if the consultant’s software AP provides the same SSID on any channel with a 10 dB SNR improvement over the authorized AP.

B.

A higher SSID priority value configured in the Beacon frames of the consultant’s software AP will take priority over the SSID in the authorized AP, causing the clients to reassociate.

C.

When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant’s software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software AP.

D.

If the consultant’s software AP broadcasts Beacon frames that advertise 802.11g data rates that are faster rates than XYZ’s current 802.11b data rates, all WLAN clients will reassociate to the faster AP.

Question 19

You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:

1. SSID: Guest – VLAN 90 – Security: Open with captive portal authentication – 2 current clients

2. SSID: ABCData – VLAN 10 – Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP – 5 current clients

3. SSID: ABCVoice – VLAN 60 – Security: WPA2-Personal – 2 current clients

Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.

What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?

Options:

A.

Only the members of the executive team that are part of the multicast group configured on the media server

B.

All clients that are associated to the AP using the ABCData SSID

C.

All clients that are associated to the AP using any SSID

D.

All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.

Question 20

The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?

Options:

A.

Phase Shift Key (PSK)

B.

Group Master Key (GMK)

C.

Pairwise Master Key (PMK)

D.

Group Temporal Key (GTK)

E.

PeerKey (PK)

F.

Key Confirmation Key (KCK)

Question 21

Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.

In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

Options:

A.

Intruders can send spam to the Internet through the guest VLAN.

B.

Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

C.

Unauthorized users can perform Internet-based network attacks through the WLAN.

D.

Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

E.

Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

Question 22

Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.

What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

Options:

A.

On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.

B.

During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.

C.

In the WLAN controller’s local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.

D.

Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.

Question 23

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

Options:

A.

Group Key Handshake

B.

802.1X/EAP authentication

C.

DHCP Discovery

D.

4-Way Handshake

E.

Passphrase-to-PSK mapping

F.

RADIUS shared secret lookup

Question 24

In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce? (Choose 2)

Options:

A.

They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.

B.

The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).

C.

They are added together and used as the GMK, from which the GTK is derived.

D.

They are input values used in the derivation of the Pairwise Transient Key.

E.

They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.

Question 25

When TKIP is selected as the pairwise cipher suite, what frame types may be protected with data confidentiality? (Choose 2)

Options:

A.

Robust broadcast management

B.

Robust unicast management

C.

Control

D.

Data

E.

ACK

F.

QoS Data

Question 26

Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity.

What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?

Options:

A.

Configure WPA2-Enterprise security on the access point

B.

Block TCP port 25 and 80 outbound on the Internet router

C.

Require client STAs to have updated firewall and antivirus software

D.

Allow only trusted patrons to use the WLAN

E.

Use a WIPS to monitor all traffic and deauthenticate malicious stations

F.

Implement a captive portal with an acceptable use disclaimer

Question 27

Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.

What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?

Options:

A.

EAP-FAST

B.

EAP-TLS

C.

PEAPv0/EAP-MSCHAPv2

D.

LEAP

E.

PEAPv0/EAP-TLS

F.

EAP-TTLS/MSCHAPv2

Page: 1 / 7
Total 119 questions