CWSP CWSP-208 Syllabus Exam Questions Answers

A Robust Security Network (RSN) is defined by the IEEE 802.11i standard and is designed to provide a framework for secure wireless LAN communications. One of the primary criteria for a network to qualify as an RSN is that WEP (Wired Equivalent Privacy) must not be used for encryption, as WEP has well-known vulnerabilities and is considered insecure. RSN-compliant networks must use either CCMP (AES) or GCMP for encryption and 802.1X/EAP or WPA2-Personal for authentication.

Incorrect:

A. Token cards are not part of RSN criteria.

B. Dynamic WEP is still WEP and disqualifies RSN status.

D. WPA-Personal may be supported, but alone does not define an RSN.

E. SSHv1 concerns device management security, not RSN qualification.

Wireless Intrusion Prevention Systems (WIPS) are excellent for detecting on-air threats such as rogue APs, DoS attacks, spoofing, and misconfigured devices. However, WIPS cannot detect:

C. Eavesdropping — Passive listening on wireless transmissions cannot be detected because no signal is transmitted by the attacker.

D. Social engineering — Human-based attacks like phishing or pretexting fall outside the scope of wireless monitoring.

Incorrect:

A. Rogue APs can be detected via MAC address comparison, frame analysis, and signal triangulation.

B. DoS attacks, such as deauth floods or RF jamming, can be detected with appropriate WIPS sensors.

For troubleshooting fast roaming (e.g. 802.11r) across channels, a portable protocol analyzer with dual- or multi-band 802.11n adapters enables:

Simultaneous packet capture on different channels

Capturing handoff-related frames and timing analysis in roaming scenarios

This setup allows detailed capture of reassociation, authentication, and 4-Way Handshake processes, essential for diagnosing roaming delays.

Other options (WIPS, spectrum analyzer, autonomous AP) do not support detailed 802.11 frame capture across multiple channels during roaming events.

Wireless Intrusion Prevention Systems (WIPS) can proactively respond to detected threats using various techniques. One such preventative measure is integration with the wired infrastructure to mitigate rogue APs by disabling the switch port they are connected to. This is typically done through SNMP or other switch management interfaces.

This form of wired-side containment is more secure and compliant than wireless-side attacks (e.g., deauthentication), which can violate regulations in some jurisdictions.