Boost Your Skills in CWNP Certified Wireless Security Professional (CWSP) Exam with the Latest CWSP-207 Dumps of DumpsBase

1. What are of some of the common security capabilities often integrated within in access points deployed in a distributed WLAN architecture?

2. In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

3. What are some of the purposes of the 4-Way Handshake? (Choose all that apply.)

4. What kind of remote actions can an MDM administrator send to the mobile device over the Internet?

5. Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).

Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

6. When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?

7. As an auditor you have been asked to determine if the WLAN access points and client devices have been configured with the proper encryption.

What should you use to answer this question for your customer? (Choose all that apply.)

8. Which RADIUS packets can be sent from a RADIUS server to an access point when 802.1X/EAP is the deployed WLAN security solution? (Choose all that apply.)

9. What can happen when an intruder compromises the preshared key used during WPA/WPA2-Personal authentication? (Choose all that apply.)

10. What are some of the advantages of using SAE authentication over PSK authentication? (Choose all that apply.)

11. What protocols allow a network administrator to securely manage the configuration of WLAN controllers and access points? (Choose 2)

12. What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

13. Which management protocols are often used between a network management server (NMS) and remote access points for the purpose of monitoring a WLAN? (Choose all that apply.)

14. What would be the intended purpose of simulating Layer 2 deauthentication attacks as part of a WLAN audit?

15. The science of concealing plaintext and then revealing it is known as ___________, and the science of decrypting the ciphertext without knowledge of the key or cipher is known as ____________.

16. Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)

17. 3DES has effective key sizes of how many bits? (Choose all that apply.)

18. What inputs are used by passphrase-PSK mapping to create a final 256-bit PSK during 802.11 PSK authentication? (Choose all that apply.)

19. A WIDS/WIPS consists of which of the following components? (Choose two.)

20. Which encryption types can be used to encrypt and decrypt unicast traffic with the pairwise transient key (PTK) that is generated from a 4-Way Handshake? (Choose all that apply.)

21. What is some of the proper documentation needed prior to the WLAN security audit?

22. What must occur in order for dynamic TKIP/ARC4 or CCMP/AES encryption keys to be generated? (Choose all that apply.)

23. What statement accurately describes the functionality of the IEEE 802.1X standard?

24. Which of these types of EAP require a server-side certificate to create an encrypted TLS tunnel?

25. To calculate the capability Jeff should have on the network, which of the following can the NAC server use to initially identify and set his permission? (Choose all that apply.)

26. Which of these attacks are wireless users susceptible to at a public-access hotspot? (Choose all that apply.)

27. For an 802.1X/EAP solution to work properly with a WLAN, which two components must both support the same type of encryption?

28. When an attacker passively captures and examines wireless frames from a victim’s network, what type of attack is taking place?

29. Wired leakage occurs under which of the following circumstances?

30. These qualifications for interoperability are usually based on key components and functions that are defined in the IEEE 802.11-2012 standard and various 802.11 amendments.

31. CCMP is an acronym made up of multiple components.

Which of the following is an expanded version of this acronym? (Choose all that apply)

32. Which RADIUS attribute is used to protect encapsulated EAP frames within RADIUS packets?

33. Which of these security methods is being considered by the Wi-Fi Alliance as a replacement for PSK authentication?

34. After consulting your written security policy, to meet the new demands of an industry standard with which your organization must be compliant, an administrator logs into your WLAN controller and changes the authentication and encryption configurations on all your APs.

The help desk becomes overwhelmed with calls from angry users stating that they can no longer access the network. One by one, the users are reconfigured to reconnect to the network, causing significant loss of time.

Which portion of a well-written security policy is most likely missing from your company’s wireless security policy that caused this problem?

35. 168.80.5/24

User VLANS:

VLAN 201

VLAN 202

VLAN 203

SSIDs:

SSID-1: (employee) security: (802.1X/EAP/CCMP) - VLAN 201 - BSSID (00:08:12:43:0F:30)

SSID-2 (voice) security: (PSK/TKIP and WEP) - VLAN 202 - BSSID (00:08:12:43:0F:31)

SSID-3: (guest) security: (WEP) - VLAN 203 - BSSID (00:08:12:43:0F:32)

Based on the settings on Bob’s access point, what type of WLAN security exits within the coverage area of the AP? (Choose all that apply.)

36. 802.11 pre-RSNA security defines which wireless security solution?

37. Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security.

The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).

How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

38. After viewing the frame capture in the graphic shown here, identify which type of encryption method is being used.

39. Given: In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation's wireless network.

Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user's connections. XYZ's legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices.

With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?

40. Which of these alarms should be configured to send an automatic notification to the WIPS administrator’s phone and/or email account? (Choose all that apply.)

41. What is another name for a wireless hijacking attack?

42. Which of these terms best describes a measure of uncertainty associated with a random variable?

43. Which of these tools are required for a proper WLAN security audit? (Choose all that apply.)

44. In an IEEE 802.11-compliant WLAN, when is the 802.1X Controlled Port placed into the unblocked state?

45. Which of these authentication methods are supported by RADIUS and can be used for WLAN security? (Choose all that apply.)

46. Tammy, the WLAN security engineer, has recommended to management that WPA-Personal security not be deployed within the ACME Company’s WLAN.

What are some of the reasons for Tammy’s recommendation? (Choose all that apply.)

47. What is the recommended ratio of WIPS sensors providing security monitoring to access points that are providing access for WLAN clients?

48. Laura is attempting to diagnose a WLAN by using a packet analyzer to capture the exchange of frames and packets between a wireless client and the AP.

In the process of analyzing the packets, she sees two 802.11 authentication frames, two 802.11 association frames, and DHCP requests and responses, and then she begins to see encrypted data.

Which of the following could the client be using? (Choose all that apply.)

49. What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)

50. The IEEE 802.11-2012 standard requires an authentication and key management protocol (AKMP) that can be either a preshared (PSK) or an EAP protocol used during 802.1X/EAP authentication.

What is another name for PSK authentication? (Choose all that apply.)

51. When two client stations are already associated to an AP, which handshake is used to create a different unicast key that the two client stations can use for a private conversation while they remain associated to the AP?

52. What operations must occur before the virtual controlled port of the authenticator becomes unblocked? (Choose all that apply.)

53. Bob the WLAN administrator is troubleshooting an IPsec VPN problem that has been deployed as the security solution over a point-to-point 802.11 wireless bridge link between two buildings. Bob cannot get the VPN tunnel to establish and notices that there is a certificate error during the IKE Phase 1 exchange.

What are the possible causes of this problem? (Choose all that apply.)

54. Which of the following are the security measures that are needed to maintain the security of wireless LAN?

Each correct answer represents a complete solution. Choose all that apply.

55. This graphic shows a WLAN discovery tool screen capture.

How many SSIDs are configured with cloaking enabled? (Choose all that apply.)

56. Which technologies use the RC4 or ARC4 cipher? (Choose all that apply.)

57. You have been tasked with configuring a secure WLAN for 600 APs at the corporate offices. All the APs and employee Windows laptops have been configured for 802.1X/EAP.

The domain user accounts are failing authentication with every attempt. After looking at some packet captures of the authentication failures, you have determined that an SSL/TLS tunnel is never created.

After viewing the graphic shown here, determine the possible causes of the problem. (Choose all that apply.)

58. You must locate non-compliant 802.11 devices.

Which one of the following tools will you use and why?

59. What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in an 802.11 WLAN?

60. As defined by the 802.11-2012 standard, which of these authentication methods can be used by a client station to establish a pairwise master key security association (PMKSA)? (Choose all that apply.)

61. Which of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

62. Which WLAN architectural models typically require support for 802.1Q tagging at the edge on the network when multiple user VLANs are required? (Choose all that apply.)

63. What software and hardware tools are used in the process performed to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network?

64. Given: An 802.1X/EAP implementation includes an Active Directory domain controller running Windows Server 2012 and an AP from a major vendor. A Linux server is running RADIUS and it queries the domain controller for user credentials.

A Windows client is accessing the network.

What device functions as the EAP Supplicant?

65. What preventative measures are performed by a WIPS against intrusions?

66. Which organization is responsible for the creation of documents known as Requests for Comments?

67. You must support a TSN as you have older wireless equipment that will not support the required processing of AES encryption.

Which one of the following technologies will you use on the network so that a TSN can be implemented that would not be required in a network compliant with 802.11-2012 non-deprecated technologies?

68. What 802.11 WLAN security problem is directly addressed by mutual authentication?

69. Although your organization’s written policy and many external policy influences may require only periodic scanning for rogue devices, you are trying to make a case for deploying a WIPS.

What are some of the benefits of using a WIPS to achieve policy compliance that make it more desirable than using periodic handheld or laptop-based scanning solutions? (Choose all that apply.)

70. What security vulnerabilities may result from a lack of staging, change management, and installation procedures for WLAN infrastructure equipment? (Choose 2)

71. In a point-to-point bridge environment where 802.1X/EAP is used for bridge authentication, what device in the network acts as the 802.1X supplicant?

72. What are some of the recommendations that might be made to a customer after a successful WLAN security audit? (Choose all that apply.)

73. What encryption methods are defined by the IEEE 802.11-2012 standard? (Choose all that apply.)

74. Evan has configured a laptop and an AP, each with two WEP keys. WEP key 1 is the same on both devices, and WEP key 2 is the same on both devices.

He configured the laptop to use WEP key 1 to encrypt its data. He configured the AP to use WEP key 2 to encrypt its data. Will this configuration work?

75. What is the main purpose of using a WLAN protocol analyzer during the Layer 2 analysis of a WLAN security audit? (Choose all that apply.)

76. What type of WLAN security is depicted by this graphic?

77. What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?

78. ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways.

They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.

What types of wireless attacks are protected by 802.11w? (Choose 2)

79. Which method of guest management can be used by a company to gather valuable personal information about guest users?

80. Which of these radio form factors are used in 802.11 WIDS/WIPS sensors? (Choose all that apply.)

81. SSID: ABCVoice VLAN 60 Security: WPA2-Personal 2 current clients

Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.

What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?

82. Which of the following encryption methods use symmetric algorithms? (Choose all that apply.)

83. Which of the following can be used with a wireless network to segment or restrict access to parts of the network? (Choose all that apply.)

84. Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly.

When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful.

Before using the WLAN protocol analyzer, Mary's laptop connected to the network without any problems.

What statement indicates why Mary cannot access the network from her laptop computer?

85. What type of files are used by the MDM profiles for Apple Mac OS and iOS devices? (Choose all that apply.)

86. Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards.

The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.

What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?

87. When developing a security policy, it is important to include many influences such as internal requirements, governmental regulations, and industry standards.

When is it allowable not to include a specific external influence in your policy development?

88. An HT client STA is transmitting to an HT AP using modulation and coding scheme (MCS) #12 that defines 16-QAM modulation, two spatial streams, a 40-MHz bonded channel, and an 800 ns guard interval to achieve a data rate of 162 Mbps.

According to the IEEE, which types of encryption should be used by the HT client STA? (Choose all that apply.)

89. How does a RADIUS server communicate with an authenticator? (Choose all that apply.)

90. You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer grade wireless routers.

The wireless routers will connect to a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.

To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?

91. The IEEE 802.11-2012 standard mandates this encryption for robust security network associations and the optional use of which other encryption?

92. What type of WLAN attacks might be detected by a distributed WIDS/WIPS solution using a signature analysis software engine? (Choose all that apply.)

93. What is some of the operation information that an 802.11k-2008Ccompliant client station may receive in the neighbor report from an 802.11k-2008Ccompliant access point (AP)? (Choose all that apply.)

94. What are the available form factors for network management server (NMS) solutions? (Choose all that apply.)

95. The Wi-Fi Alliance is responsible for which of the following certification programs? (Choose all that apply.)

96. Which Layer 2 protocol is used for authentication in an 802.1X framework?