CertsTopics Logo

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CWSP-208 Leak Questions

Page: 6 / 7
Total 119 questions
Get CWSP-208 Full Access Download CWSP-208 PDF

Certified Wireless Security Professional (CWSP) Questions and Answers

Question 21

Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.

In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

Options:

A.

Intruders can send spam to the Internet through the guest VLAN.

B.

Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

C.

Unauthorized users can perform Internet-based network attacks through the WLAN.

D.

Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

E.

Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

Question 22

Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.

What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

Options:

A.

On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.

B.

During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.

C.

In the WLAN controller’s local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.

D.

Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.

Question 23

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

Options:

A.

Group Key Handshake

B.

802.1X/EAP authentication

C.

DHCP Discovery

D.

4-Way Handshake

E.

Passphrase-to-PSK mapping

F.

RADIUS shared secret lookup

Question 24

In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce? (Choose 2)

Options:

A.

They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.

B.

The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).

C.

They are added together and used as the GMK, from which the GTK is derived.

D.

They are input values used in the derivation of the Pairwise Transient Key.

E.

They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.

Page: 6 / 7
Total 119 questions
Get CWSP-208 Full Access Download CWSP-208 PDF