CWNP CWAP-404 Practice Test - Questions Answers, Page 2

Receive sensitivity is the minimum signal level that a receiver can detect and decode. Different devices may have different receive sensitivity levels depending on their hardware specifications and antenna configurations. In this scenario, the portable analyzer has a lower receive sensitivity than the AP, meaning that it requires a stronger signal to capture the packets from the client STA. The AP, on the other hand, has a higher receive sensitivity and can receive the packets from the client STA even if they have a weaker signal.This explains why the portable analyzer can only see unidirectional traffic from the AP to the client when capturing near the AP5Reference:

CWAP-403 Study Guide, Chapter 4: PHY Layer Analysis, page 121

CWAP-403 Objectives, Section 4.3: Analyze PHY layer metrics

The 4-way handshake is the process that establishes the pairwise transient key (PTK) between the client and the AP in WPA2-PSK. The PTK is derived from the PSK, the SSID, and some random numbers exchanged in the handshake frames. The PTK is used to encrypt and decrypt the data frames between the client and the AP.Therefore, in order to decrypt WPA2-PSK data packets, a protocol analyzer needs to capture the 4-way handshake frames and have the PSK and SSID configured in the analyzer software12Reference:

CWAP-404 Study Guide, Chapter 3: 802.11 MAC Layer Frame Formats and Technologies, page 87

CWAP-404 Objectives, Section 3.5: Analyze security exchanges

Real-time packet decodes are not a consideration when configuring a long-term, forensic packet capture and saving all packets to disk. Real-time packet decodes are useful for live analysis and troubleshooting, but they consume CPU and memory resources that could affect the performance of the capture process. For a long-term, forensic packet capture, it is more important to consider the analyzer location, the total capture storage space, and the individual trace file size.These factors affect the quality and quantity of the captured packets and the ease of post-capture analysis34Reference:

CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 49

CWAP-404 Objectives, Section 2.1: Configure protocol analyzers

Delta is the timing column in the packet view that measures the time difference between two consecutive packets in a capture file. Delta can be used to measure the roaming time from the last VoIP packet sent on the old AP's channel to the first VoIP packet sent on the new AP's channel by selecting these two packets and looking at their delta values. The other timing columns are not suitable for this measurement because they do not show the time difference between two specific packets. Roaming is a column that shows whether a packet belongs to a roaming event or not. Relative is a column that shows the time elapsed since the beginning of the capture file.Absolute is a column that shows the date and time when a packet was captured5Reference:

CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 57

CWAP-404 Objectives, Section 2.4: Analyze timing values

A hexadecimal value is a value that uses base 16 notation, which means it can have digits from 0 to 9 and letters from A to F. A hexadecimal value is usually preceded by 0x to indicate that it is hexadecimal and not decimal or binary. For example, 0x0A is hexadecimal for 10 in decimal or 00001010 in binary. The other options are not valid prefixes for hexadecimal values.

Reference:

CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 35

CWAP-404 Objectives, Section 2.2: Analyze field values

Observing the problem is the most important step in the WLAN troubleshooting methodology among those listed. This step involves capturing and analyzing the relevant data from the wireless network, such as packets, frames, spectrum, and performance metrics. Observing the problem helps to verify the existence and scope of the issue, identify the root cause and possible solutions, and validate the results of any actions taken.The other steps are also important, but they are not as critical as observing the problem12Reference:

CWAP-404 Study Guide, Chapter 1: Troubleshooting Methodology, page 15

CWAP-404 Objectives, Section 1.2: Observe the problem

A capture visualization tool is a software application that can open a packet capture file and display various graphs, charts, tables, and statistics that illustrate the characteristics and behavior of the wireless network. A capture visualization tool can help a network administrator with little knowledge of 802.11 protocols to evaluate the overall health and performance of their wireless network by providing a visual and intuitive representation of the captured data. A spectrum analyzer is a hardware device that measures the radio frequency signals in a given frequency range and displays their amplitude, frequency, and modulation. A spectrum analyzer can help identify sources of interference and noise in the wireless environment, but it cannot open a packet capture file. Python is a programming language that can be used to write scripts or applications that manipulate or analyze packet capture files, but it requires coding skills and knowledge of 802.11 protocols. A WLAN scanner is a software application that scans for available wireless networks and displays information such as SSID, BSSID, channel, signal strength, security type, and vendor.A WLAN scanner can help discover wireless networks and their basic parameters, but it cannot open a packet capture file345Reference:

CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 63

CWAP-404 Objectives, Section 2.5: Use capture visualization tools

CWAP-404 Study Guide, Chapter 4: Spectrum Analysis and Troubleshooting, page 117

CWAP-404 Objectives, Section 4.1: Use spectrum analysis tools

CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 33

CWAP-404 Objectives, Section 2.2: Analyze field values

An HE TB PPDU (High Efficiency Trigger-Based Packet Data Unit) is used to respond with an uplink transmission to an MU-RTS trigger frame in the 802.11ax PHY (Physical Layer). An MU-RTS trigger frame is a frame that initiates a multi-user transmission opportunity (MU-TXOP) by requesting multiple stations (STAs) to send clear-to-send (CTS) frames on different spatial streams or resource units (RUs). An HE TB PPDU is a frame that contains data from multiple STAs that have been allocated RUs by an MU-RTS trigger frame or another type of trigger frame. An HE SU PPDU (High Efficiency Single User Packet Data Unit) is a frame that contains data from a single STA using all available spatial streams or RUs. An HE MU PPDU (High Efficiency Multi User Packet Data Unit) is a frame that contains data from multiple STAs using different spatial streams or RUs without being triggered by another frame. A VHT PPDU (Very High Throughput Packet Data Unit) is a frame that uses the 802.11ac PHY and does not support multi-user transmissions.

Reference:

CWAP-404 Study Guide, Chapter 3: 802.11 MAC Layer Frame Formats and Technologies, page 101

CWAP-404 Objectives, Section 3.4: Analyze multi-user transmissions

CWAP-404 Study Guide, Chapter 3: 802.11 MAC Layer Frame Formats and Technologies, page 99

The device finder is a common feature of a spectrum analyzer that helps locate a non-802.11 interference source. The device finder uses a directional antenna to measure the signal strength of a specific frequency or signal source. By pointing the antenna in different directions, the device finder can indicate the direction and distance of the interference source. The device finder can also filter out other signals that are not related to the interference source. The other options are not correct, as they do not help locate a non-802.11 interference source. Max hold and min hold are features that show the maximum and minimum RF power levels over time, respectively. Location filter is a feature that filters out signals that are not from a specific location or area.Reference:[Wireless Analysis Professional Study Guide CWAP-404], Chapter 3: Spectrum Analysis, page 77-78