CWNP CWNA-109 Practice Test - Questions Answers, Page 9

An advantage of using WPA3-Personal instead of WPA2-Personal as a security solution for 802.11 networks is thatWPA3-Personal, also called WPA3-SAE, uses a stronger authentication exchange to better secure the network. WPA3-Personal uses Simultaneous Authentication of Equals (SAE) as the key exchange protocol, which provides stronger protection against offline dictionary attacks and password guessing than WPA2-Personal. SAE uses a Diffie-Hellman key exchange with elliptic curve cryptography (ECC) to establish a pairwise master key (PMK) between the AP and the client without revealing it to any eavesdropper. SAE also provides forward secrecy, which means that if one PMK is compromised, it does not affect the security of other PMKs. WPA2-Personal uses Pre-Shared Key (PSK) as the key exchange protocol, which is vulnerable to offline brute-force attacks if the passphrase is weak or leaked. Both WPA3-Personal and WPA2-Personal use AES for encryption, so there is no difference in that aspect. WPA3-Personal does not use a different encryption algorithm than WPA2-Personal, but rather a different key exchange protocol.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 307; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 297.

The authentication method that is referenced in the 802.11-2016 and 802.11-2020 specifications and is recommended for robust WLAN client security is802.1X/EAP. 802.1X/EAP stands for IEEE 802.1X Port-Based Network Access Control with Extensible Authentication Protocol and is a framework that provides strong authentication and dynamic encryption key generation for WLAN clients. 802.1X/EAP involves three parties: the supplicant (the client), the authenticator (the AP or the controller), and the authentication server (usually a RADIUS server). The supplicant sends its credentials (such as username and password, certificate, or token) to the authenticator, which forwards them to the authentication server. The authentication server verifies the credentials and sends a response to the authenticator, which grants or denies access to the supplicant. The authentication server also generates a master key that is used to derive encryption keys for the data frames between the supplicant and the authenticator. 802.1X/EAP supports various EAP methods that offer different levels of security and flexibility, such as EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, and EAP-SIM. SSL, IPSec, and WEP are not authentication methods, but rather encryption or security protocols that are not specific to WLANs or referenced in the 802.11 specifications.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 299; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 289.

The two IEEE amendments that should be supported to provide the management frame protection and fast secure roaming security features are 802.11r and 802.11w12.

802.11r (Fast BSS Transition): This amendment to the IEEE 802.11 standard permits continuous connectivity aboard wireless devices in motion, with fast and secure client transitions from one Basic Service Set to another1.

802.11w (Management Frame Protection): This amendment increases the security of its management frames2.

The tool described is a WLAN (Wireless Local Area Network) scanner tool. WLAN scanner tools are designed to provide information about the wireless networks in a given area, including:

Signal Strength: They show the signal strength of all access points (APs) in the vicinity, which is crucial for understanding the coverage area and potential interference.

SSID Visualization: These tools display the SSIDs (Service Set Identifiers) of available networks, allowing users to identify different wireless networks easily.

Security Settings Information: WLAN scanner tools often show the type of security implemented on each network, such as WPA2, WEP, etc.

Frequency Band Filtering: They allow users to filter and view networks based on the frequency band (2.4 GHz or 5 GHz), which is useful for analyzing network distribution and planning.

While protocol analyzers, site survey utilities, and spectrum analyzers are also used in wireless networking, their functions are distinct from what is described:

Protocol Analyzers are more sophisticated and are used to capture and analyze network traffic.

Site Survey Utilities are used to map signal coverage and plan network layouts, often with more advanced features for detailed site surveys.

Spectrum Analyzers provide a detailed view of the frequency spectrum and non-Wi-Fi interference but don't typically focus on SSIDs or security settings.

Thus, the correct answer is D, a WLAN scanner tool, based on the functionalities described.

CWNA Certified Wireless Network Administrator Official Study Guide: Exam PW0-105, by David D. Coleman and David A. Westcott.

Tools and techniques for wireless network analysis and troubleshooting.

Elevators are a common building item that frequently causes RF shadow and must be accounted for in coverage plans. RF shadow is a term that describes an area where wireless signals are blocked or significantly weakened by an obstacle or an object that absorbs or reflects RF energy. RF shadow can cause lack of coverage or poor performance in a WLAN because wireless devices in those areas may not be able to communicate with access points or other devices. RF shadow can be mitigated by adjusting access point placement, antenna orientation, transmit power level, or channel selection to avoid or overcome the obstacle or object that causes it. Elevators are a common building item that frequently causes RF shadow because they are made of metal and they move up and down within a shaft. Metal is a material that has high attenuation and reflection values, which means it can block or bounce off wireless signals very effectively. A moving elevator can create dynamic RF shadow that changes depending on its position and direction. Therefore, elevators must be accounted for in coverage plans to ensure adequate WLAN coverage and performance throughout the facility. The other options are not common building items that frequently cause RF shadow or must be accounted for in coverage plans. Wooden doors are not likely to cause RF shadow because they are made of wood, which is a material that has low attenuation and reflection values, which means it can pass through or slightly weaken wireless signals. Carpeted floors are not likely to cause RF shadow because they are made of fabric, which is a material that has low attenuation and reflection values, which means it can pass through or slightly weaken wireless signals. Cubicle partitions are not likely to cause RF shadow because they are made of thin plastic or cardboard, which are materials that have low attenuation and reflection values, which means they can pass through or slightly weaken wireless signals.Reference:CWNA-109 Study Guide, Chapter 13: Wireless LAN Site Surveys - Types & Processes , page 433

This is because the passphrase for WPA2-Personal is case-sensitive and must match exactly on both the AP and the client. If the passphrase is entered incorrectly on the client, the client will not be able to authenticate with the AP and connect to the network. The AP that covers the problem area is not likely to require a firmware update, fail, or be improperly configured, as it is online and works with other clients that have the correct passphrase. To troubleshoot this issue, you can check the passphrase settings on the clients and make sure they match with the AP. You can also try to reconnect the clients to the network or reboot them if necessary. For more information on how to configure WPA2-Personal on your router

OFDMA is a new modulation scheme introduced in 802.11ax that allows multiple users to share the same channel by dividing it into smaller subchannels called resource units (RUs). This improves the efficiency and capacity of the WLAN by reducing contention and overhead. However, to use OFDMA, both the AP and the client must support 802.11ax and negotiate the parameters of the subchannel allocation.Therefore, the customer needs to upgrade the clients that require OFDMA to 802.11ax devices12.

The other options are not correct because they do not reflect the reality of OFDMA.Option B is incorrect because OFDMA is a mandatory feature of 802.11ax for both downlink and uplink transmissions, and all 802.11ax APs must support it1. Option C is incorrect because OFDM and OFDMA are different modulation schemes, and OFDM does not allow multiple users to share the same channel.Option D is incorrect because 802.11ac devices cannot support OFDMA through driver upgrades, as they lack the hardware and firmware capabilities to do so2.