CWNP CWAP-404 Practice Test - Questions Answers, Page 6

A STA that supports 802.11k Radio Measurement would send a Neighbor Request to an AP to request a list of neighboring APs which the STA can use as roaming candidates. A Neighbor Request is an Action frame that contains a subelement specifying the type of information that the STA wants to receive from the AP. A Neighbor Report is an Action frame that contains a subelement with a list of neighboring APs that match the criteria specified in the Neighbor Request. The Neighbor Report provides information such as BSSID, channel, operating class, and PHY type of each neighboring AP. This information helps the STA to perform intelligent roaming decisions based on signal quality, load, and compatibility .

Reference: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 12: 802.11k/v/r/u/w/ai Amendments, page 434; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 12: 802.11k/v/r/u/w/ai Amendments, page 435.

802.11k Neighbor Requests and Neighbor Reports are sent in Action frames. An Action frame is a Management frame that is used to perform various operations or functions related to the operation or maintenance of a wireless network. An Action frame consists of a Category field that indicates the type of action being performed, and a variable-length Action Details field that contains specific information related to the action. For example, an Action frame with a Category field value of 5 indicates a Radio Measurement action, and the Action Details field may contain a Neighbor Request or a Neighbor Report subelement .

Reference: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 207; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 208; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 12: 802.11k/v/r/u/w/ai Amendments, page 434.

Open Authentication without encryption is not allowed when operating a BSS in the 6 GHz band, according to the 802.11 standard. Open Authentication is a type of authentication method that does not require any credentials or security information from a STA (station) to join a BSS (Basic Service Set). Open Authentication can be used with or without encryption, depending on the configuration of the BSS and the STA. Encryption is a technique that scrambles the data frames using an algorithm and a key to prevent unauthorized access or eavesdropping. However, in the 6 GHz band, which is a newly available frequency band for WLANs, Open Authentication without encryption is prohibited by the 802.11 standard, as it poses security and interference risks for other users and services in the band. The 6 GHz band requires all WLANs to use WPA3-Personal or WPA3-Enterprise encryption methods, which are more secure and robust than previous encryption methods such as WPA2 or WEP. The other options are not correct, as they do not describe scenarios where Open Authentication without encryption is not allowed by the 802.11 standard. When operating a BSS in the CBRS band, which is another newly available frequency band for WLANs, Open Authentication without encryption is allowed, but not recommended, as it also poses security and interference risks for other users and services in the band. When operating a BSS in FIPS mode, which is a mode that complies with the Federal Information Processing Standards for cryptographic security, Open Authentication without encryption is allowed, but not compliant, as it does not meet the FIPS requirements for encryption algorithms and keys. When operating a BSS in a government facility, Open Authentication without encryption is allowed, but not advisable, as it may violate the government policies or regulations for wireless security.Reference:[Wireless Analysis Professional Study Guide CWAP-404], Chapter 8: Security Analysis, page 220-221

Before a retransmission, the CWmax (Contention Window maximum) value doubles and increases by 1. The CWmax is a parameter that determines the upper limit of the random backoff time that a STA (station) has to wait before attempting to access the medium. The random backoff time is chosen from a range of values between CWmin (Contention Window minimum) and CWmax. The CWmin and CWmax values depend on the AC (Access Category) of the traffic and the PHY type of the STA. If a transmission fails due to a collision or an error, the STA has to retransmit the frame after waiting for another random backoff time. However, to reduce the probability of another collision, the STA increases its CWmax value by doubling it and adding 1. This increases the range of possible backoff values and spreads out the STAs more evenly. The STA resets its CWmax value to its original value after a successful transmission or after reaching a predefined limit.Reference:[Wireless Analysis Professional Study Guide CWAP-404], Chapter 7: QoS Analysis, page 196-197

The interframe space that would be expected between a CTS (Clear to Send) and a Data frame is SIFS (Short Interframe Space). A SIFS is the shortest interframe space that is used for high-priority transmissions, such as ACKs (Acknowledgements), CTSs, or data frames that are part of a fragmentation or aggregation process. A SIFS is a fixed value that depends on the PHY type and channel width. A CTS and a Data frame are part of a virtual carrier sense mechanism called RTS/CTS (Request to Send/Clear to Send), which is used to avoid collisions and hidden node problems in wireless transmissions. When a STA (station) wants to send a data frame, it first sends an RTS frame to the intended receiver, indicating the duration of the transmission. The receiver then responds with a CTS frame, also indicating the duration of the transmission. The other STAs in the vicinity hear either the RTS or the CTS frame and update their NAV (Network Allocation Vector) timers accordingly, deferring their access to the medium until the transmission is over. The sender then sends the data frame after waiting for a SIFS, followed by an ACK frame from the receiver after another SIFS. The other options are not correct, as they are not used between a CTS and a Data frame. A PIFS (PCF Interframe Space) is used for medium access by the PCF (Point Coordination Function), which is an optional and rarely implemented polling-based mechanism that provides contention-free service for time-sensitive traffic. An AIFS (Arbitration Interframe Space) is used for medium access by different ACs (Access Categories), which are logical queues that correspond to different QoS (Quality of Service) levels for different types of traffic. An AIFS is a variable interframe space that depends on the AIFSN (Arbitration Interframe Space Number) value of each AC. A DIFS (Distributed Interframe Space) is used for medium access by the DCF (Distributed Coordination Function), which is the default and mandatory contention-based mechanism that provides best-effort service for normal traffic.Reference:[Wireless Analysis Professional Study Guide CWAP-404], Chapter 6: 802.11 Frame Exchanges, page 166-167; Chapter 7: QoS Analysis, page 194-195

A VoIP phone, using WMM Power Save, requests data frames buffered at the AP by transmitting a trigger frame, which is a QoS Null frame or a QoS Data frame. WMM Power Save is a power saving mode that allows a STA (station) to conserve battery power by periodically sleeping and waking up. WMM Power Save is based on WMM (Wi-Fi Multimedia), which is a QoS (Quality of Service) enhancement that provides prioritized and differentiated access to the medium for different types of traffic. When a STA sleeps, it cannot receive any data frames from the AP, so it informs the AP of its power save status by setting a bit in its MAC header. The AP then buffers any data frames destined for the sleeping STA until it wakes up. When a STA wakes up, it sends a trigger frame to the AP, indicating its AC (Access Category), which is a logical queue that corresponds to its QoS level. A trigger frame can be either a QoS Null frame or a QoS Data frame, depending on whether it has any payload or not. The AP then responds with one or more data frames from the same AC as the trigger frame, followed by an ACK or BA (Block Acknowledgement) frame from the STA. The other options are not correct, as they are not used by a VoIP phone using WMM Power Save to request data frames buffered at the AP. A PS-Poll (Power Save Poll) frame is used by a STA using legacy power save mode, not WMM Power Save mode, to request data frames buffered at the AP. A PS-Poll frame does not indicate any AC or QoS information. Setting the More Data bit in the MAC header to 1 does not request any data frames from the AP, but indicates that there are more data frames to be sent by the STA or received by the STA. Transmitting a WMM Action frame does not request any data frames from the AP, but performs various management actions related to WMM features, such as admission control, parameter update, etc.Reference:[Wireless Analysis Professional Study Guide CWAP-404], Chapter 7: QoS Analysis, page 198-199

The STA is discovering a list of available BSSs by sending a Probe Request with an empty SSID element. This is also known as a broadcast Probe Request, as it does not specify any particular SSID to probe for. Any AP that receives this Probe Request will respond with a Probe Response containing its own SSID and other information about its BSS. This way, the STA can learn about all the BSSs in its vicinity and choose which one to associate with .

Reference: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 191; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 193.

The default 802.11 authentication method for a STA when using Pre-RSNA is Open System. This is the simplest and most common authentication method, which does not provide any security or encryption. In Open System authentication, the STA sends an Authentication Request frame to the AP, and the AP responds with an Authentication Response frame with a status code of success. After this, the STA can proceed to association with the AP .

Reference: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 181; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 183.

The value of the Listen Interval field in an Association Request frame indicates how often a STA in power save mode wakes up to listen to Beacon frames. The Listen Interval is expressed in units of Beacon Intervals (typically 100 TU or 102.4 ms). For example, if the Listen Interval is set to 10, it means that the STA will wake up every 10 Beacon Intervals (or about 1 second) to check for buffered frames at the AP. The Listen Interval is used by the AP to determine how long it can hold frames for a STA in power save mode before discarding them .

Reference: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 197; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 198.