CWNP CWNA-109 Practice Test - Questions Answers, Page 9
List of questions
Related questions
Question 81
What statement about 802.11 WLAN performance is true?
Explanation:
The statement that in modern networks, both centralized and distributed data forwarding work well for most standard office deployments is true about WLAN performance. Data forwarding refers to how wireless frames are transmitted from wireless clients to wired networks or vice versa through wireless access points (APs). Centralized data forwarding means that all wireless frames are sent to a central controller or gateway before being forwarded to their destinations. Distributed data forwarding means that wireless frames are forwarded directly by the APs to their destinations without going through a central controller or gateway. Both methods have their advantages and disadvantages, depending on the network size, topology, traffic pattern, security, and management requirements. However, in modern networks, both methods can achieve high performance and scalability for most standard office deployments, as they can leverage advanced features such as fast roaming, load balancing, quality of service, and encryption. The other statements about WLAN performance are false. In most WLANs, special skill or tuning is required to get peak performance, such as selecting the appropriate channel, power, data rate, and antenna settings. WLANs perform worse as more wireless clients connect with each AP, as they cause more contention and interference on the wireless medium.To get the best performance out of an AP, you should not disable data rates of 72 Mbps and lower, as they are needed for backward compatibility and range extension.Reference:CWNA-109 Study Guide, Chapter 9: Wireless LAN Architecture, page 2811
Question 82
What is an advantage of using WPA3-Personal instead of WPA2-Personal as a security solution for 802.11 networks?
Explanation:
An advantage of using WPA3-Personal instead of WPA2-Personal as a security solution for 802.11 networks is thatWPA3-Personal, also called WPA3-SAE, uses a stronger authentication exchange to better secure the network. WPA3-Personal uses Simultaneous Authentication of Equals (SAE) as the key exchange protocol, which provides stronger protection against offline dictionary attacks and password guessing than WPA2-Personal. SAE uses a Diffie-Hellman key exchange with elliptic curve cryptography (ECC) to establish a pairwise master key (PMK) between the AP and the client without revealing it to any eavesdropper. SAE also provides forward secrecy, which means that if one PMK is compromised, it does not affect the security of other PMKs. WPA2-Personal uses Pre-Shared Key (PSK) as the key exchange protocol, which is vulnerable to offline brute-force attacks if the passphrase is weak or leaked. Both WPA3-Personal and WPA2-Personal use AES for encryption, so there is no difference in that aspect. WPA3-Personal does not use a different encryption algorithm than WPA2-Personal, but rather a different key exchange protocol.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 307; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 297.
Question 83
What authentication method is referenced in the 802.11-2016 and 802.11-2020 specifications and is recommended for robust WI-AN client security?
Explanation:
The authentication method that is referenced in the 802.11-2016 and 802.11-2020 specifications and is recommended for robust WLAN client security is802.1X/EAP. 802.1X/EAP stands for IEEE 802.1X Port-Based Network Access Control with Extensible Authentication Protocol and is a framework that provides strong authentication and dynamic encryption key generation for WLAN clients. 802.1X/EAP involves three parties: the supplicant (the client), the authenticator (the AP or the controller), and the authentication server (usually a RADIUS server). The supplicant sends its credentials (such as username and password, certificate, or token) to the authenticator, which forwards them to the authentication server. The authentication server verifies the credentials and sends a response to the authenticator, which grants or denies access to the supplicant. The authentication server also generates a master key that is used to derive encryption keys for the data frames between the supplicant and the authenticator. 802.1X/EAP supports various EAP methods that offer different levels of security and flexibility, such as EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, and EAP-SIM. SSL, IPSec, and WEP are not authentication methods, but rather encryption or security protocols that are not specific to WLANs or referenced in the 802.11 specifications.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 299; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 289.
Question 84
What security solution is required to be used in place of Open System Authentication for all open network 802.11 implementations in the 6 GHz band?
Question 85
What terms accurately complete the following sentence?
The IEEE 802.11-2016 standard specifies mandatory support of the _______________ cipher suite for Robust Security Network Associations, and optional use of the ________________ cipher suite, which is designed for use with pre-RSNA hardware and is deprecated.
Question 86
XYZ Company has decided to install an 802.11 WLAN system that will support 1083 wireless users, but they are concerned about network security. XYZ is interested in deploying standardized security features. In addition to WPA2-Enterprise with PEAP and role-based access control, XYZ would like to support management frame protection as well as a fast secure roaming protocol for future mobile handsets.
As XYZ Company selects a product to deploy, what two IEEE amendments, which are included in 802.11-2016, and 802.11-2020 should be supported to provide the management frame protection and fast secure roaming security features?
Question 87
You are using a tool that allows you to see signal strength for all Aps in the area with a visual representation. It shows you SSIDs available and the security settings for each SSID. It allows you to filter by frequency band to see only 2.4 GHz networks or only 5 GHz networks. No additional features are available.
What kind of application is described?
Question 88
You are attempting to explain RF shadow and how it can cause lack of coverage. What common building item frequently causes RF shadow and must be accounted for in coverage plans?
Question 89
You administer a small WLAN with nine access point. As a small business, you do not rum a RADIUS server and use WPA2-Personal for security. Recently, you changed the passphrase for WPA2-personal in all Aps and clients. Several users are now reporting the inability to connect to the network at time and it is constrained to one area of the building. When using scanner, you see that the AP covering that area is online
Question 90
You have implemented an 802.11ax WLAN for a customer. All APs are four stream HE APs. The customer states that it is essential that most of the clients can use the OFDMA modulation scheme. What do you tell the customer?
Question