CWNP CWAP-404 Practice Test - Questions Answers

The best way to test the theory of microwave interference from the New York office is to use a remote spectrum analyzer. By placing one of the London APs into spectrum analyzer mode, you can capture and analyze the RF spectrum in the London office over lunch time. You can then look for any signs of microwave interference, such as high duty cycle, high amplitude, or frequency hopping on the 2.4 GHz band. This method does not require any physical access to the microwave or any changes to its frequency.Reference:[Wireless Analysis Professional Study Guide], Chapter 3: Spectrum Analysis, page 64

The GTK (Group Temporal Key) is encrypted within the third message of the 4-Way Handshake. The 4-Way Handshake is a process that establishes a secure connection between a STA (station) and an AP (access point) using WPA2 (Wi-Fi Protected Access 2), which is a security protocol that uses AES-CCMP (Advanced Encryption Standard-Counter Mode CBC-MAC Protocol) as its encryption algorithm. The 4-Way Handshake consists of four messages that are exchanged between the STA and the AP. The first message is sent by the AP to the STA, containing the ANonce (Authenticator Nonce), which is a random number generated by the AP. The second message is sent by the STA to the AP, containing the SNonce (Supplicant Nonce), which is a random number generated by the STA, and the MIC (Message Integrity Code), which is a value that verifies the integrity of the message. The third message is sent by the AP to the STA, containing the GTK, which is a key that is used to encrypt and decrypt multicast and broadcast data frames, and the MIC. The GTK is encrypted with the KEK (Key Encryption Key), which is derived from the PTK (Pairwise Temporal Key). The PTK is a key that is used to encrypt and decrypt unicast data frames, and it is derived from the PMK (Pairwise Master Key), the ANonce, and the SNonce. The fourth message is sent by the STA to the AP, containing only the MIC, to confirm the completion of the 4-Way Handshake. The other options are not correct, as they are not encrypted within the third message of the 4-Way Handshake. The PMK is a key that is derived from a passphrase or obtained from an authentication server, and it is not transmitted in any message of the 4-Way Handshake. The PTK is a key that is derived from the PMK, the ANonce, and the SNonce, and it is not transmitted in any message of the 4-Way Handshake. The GMK (Group Master Key) is a key that is generated by the AP and used to derive the GTK, and it is not transmitted in any message of the 4-Way Handshake.Reference:[Wireless Analysis Professional Study Guide CWAP-404], Chapter 8: Security Analysis, page 211-213

Two frames are exchanged for 802.11 authentication in the 6 GHz band when WPA3-Enterprise is not used, and a passphrase is used instead. Authentication is a process that establishes an identity relationship between a STA (station) and an AP (access point) before joining a BSS (Basic Service Set). There are two types of authentication methods defined by 802.11: Open System Authentication and Shared Key Authentication. Open System Authentication does not require any credentials or security information from a STA to join a BSS, and it consists of two frames: an Authentication Request frame sent by the STA to the AP, and an Authentication Response frame sent by the AP to the STA. Shared Key Authentication requires a shared secret key from a STA to join a BSS, and it consists of four frames: two challenge-response frames in addition to the request-response frames. However, Shared Key Authentication uses WEP (Wired Equivalent Privacy) as its encryption algorithm, which is insecure and deprecated. In the 6 GHz band, which is a newly available frequency band for WLANs, Shared Key Authentication is prohibited by the 802.11 standard, as it poses security and interference risks for other users and services in the band. The 6 GHz band requires all WLANs to use WPA3-Personal or WPA3-Enterprise encryption methods, which are more secure and robust than previous encryption methods such as WPA2 or WEP. WPA3-Personal uses a passphrase to derive a PMK (Pairwise Master Key), while WPA3-Enterprise uses an authentication server to obtain a PMK. Both methods use SAE (Simultaneous Authentication of Equals) as their authentication protocol, which replaces PSK (Pre-Shared Key) or EAP (Extensible Authentication Protocol). SAE consists of two frames: an SAE Commit frame sent by both parties to exchange elliptic curve parameters and nonces, and an SAE Confirm frame sent by both parties to verify each other's identities and generate a PMK. Therefore, when WPA3-Enterprise is not used, and a passphrase is used instead in the 6 GHz band, only two frames are exchanged for 802.11 authentication: an SAE Commit frame and an SAE Confirm frame.Reference:[Wireless Analysis Professional Study Guide CWAP-404], Chapter 8: Security Analysis, page 220-221

The users on floor 5 are being subjected to a denial of service attack, as this is happening across the entire floor it is likely to be a misconfigured WIPS solution belonging to the tenants on the floor below. This is because the Deauthentication frames have a source address that matches the BSSIDs of the customer's APs and a destination address that is a broadcast address (FF:FF:FF:FF:FF:FF). This indicates that someone is sending spoofed Deauthentication frames to all STAs associated with the customer's APs, causing them to disconnect from the wireless network.This is a common type of DoS attack on wireless networks, and it could be caused by a rogue device or a WIPS solution that is configured to protect the wireless network of another tenant on the floor below12.

Reference: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 13: Troubleshooting Common Wi-Fi Issues, page 4961; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 14: Troubleshooting Tools, page 5272.

The beamformee transmits a Feedback Matrix within the Compressed Beamforming frame to the beamformer. The Feedback Matrix contains information about the channel state between the beamformee and each spatial stream of the beamformer.This information is used by the beamformer to adjust its transmit weights and optimize its signal for the beamformee34.

Reference: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 11: 802.11n/ac/ax PHYsical Layer Frame Exchanges, page 4033; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 11: 802.11n/ac/ax PHYsical Layer Frame Exchanges, page 4064.

The FFT plot is a spectrum analysis plot that shows the RF power present at a particular frequency over a short period of time. It can help identify the sources and characteristics of RF signals in the spectrum. By looking at the FFT plot, you can determine which ZigBee channels are used by the lighting system and whether they overlap with the WLAN channels in the 2.4 GHz band. ZigBee channels are 5 MHz wide and WLAN channels are 20 MHz or 40 MHz wide, so there is a possibility of overlap and interference between them. The other questions cannot be answered by looking at the FFT plot alone, as they require other types of plots or analysis tools, such as duty cycle plot, airtime utilization plot, or protocol analyzer.Reference:[Wireless Analysis Professional Study Guide], Chapter 3: Spectrum Analysis, page 69-70

The Swept Spectrogram plot is a spectrum analysis plot that shows the RF power present at a particular frequency over the course of time. It can help identify trends and patterns in the RF spectrum over a longer period of time. It can also show how the RF environment changes over time and how different sources of RF signals affect each other. The other options are not correct, as they describe different types of plots or information that are not related to the Swept Spectrogram plot.Reference:[Wireless Analysis Professional Study Guide], Chapter 3: Spectrum Analysis, page 72-73

The most likely cause of higher airtime utilization on the first 20 MHz of the 80 MHz channel is non-Wi-Fi interference. Non-Wi-Fi interference can prevent an AP from using its full channel width, as it will degrade the signal quality and increase the noise floor on some parts of the channel. This will force the AP to fall back to a narrower channel width, such as 20 MHz or 40 MHz, to maintain communication with its clients. The waterfall plot can help identify non-Wi-Fi interference by showing spikes or bursts of RF energy on specific frequencies or sub-channels. The other options are not correct, as they do not explain why only the first 20 MHz of the channel has higher airtime utilization.Reference:[Wireless Analysis Professional Study Guide], Chapter 3: Spectrum Analysis, page 74-75

The first step in any troubleshooting process is to define the problem. This involves gathering information from various sources, such as users, network administrators, network documentation, and network monitoring tools.Defining the problem helps to narrow down the scope of the issue and identify the symptoms, causes, and effects of the problem12Reference:

CWAP-403 Study Guide, Chapter 1: Troubleshooting Methodology, page 7

CWAP-403 Objectives, Section 1.1: Define the problem