CWSP-208 Exam Dumps : Certified Wireless Security Professional (CWSP)

Though AES-CCMP is secure and 802.1X authentication is strong, LEAP is inherently weak because:

B. LEAP uses MS-CHAPv1, making it vulnerable to offline dictionary attacks once challenge/response exchanges are captured.

F. Layer 1 DoS attacks (such as RF jamming or interference) can be launched regardless of authentication mechanisms.

Incorrect:

A. AES-CCMP resists encryption cracking.

C. Peer-to-peer at Layer 3 is unrelated to LEAP or 802.1X vulnerabilities.

D. Application-layer eavesdropping is mitigated if encryption is properly implemented.

E. Session hijacking is more difficult with proper authentication and encryption in place.

ABC Corporation already uses PKI and smart cards. EAP-TLS:

Is a certificate-based authentication protocol.

Integrates seamlessly with PKI infrastructure.

Is supported and certified by the Wi-Fi Alliance.

Incorrect:

A. EAP-FAST uses PACs, not certificates.

C. PEAPv0/EAP-MSCHAPv2 does not use certificates on the client side and is less secure.

D. LEAP is deprecated and insecure.

E. PEAPv0/EAP-TLS is not a standardized combination.

F. EAP-TTLS/MSCHAPv2 requires password-based authentication inside a tunnel, not certificate-based authentication.

Without traffic monitoring or filtering on guest VLANs, the following threats remain possible:

Spammers can exploit the open Internet access to send unsolicited traffic

en.wikipedia.org

Guests may launch external network attacks (e.g., scanning, DDoS)

Peer-to-peer attacks are prevented if client isolation is enabled. AP management plane security is a separate concern from VLAN separation, and VLAN isolation prevents frame sniffing into corporate networks.