ExamGecko
Search Search Login
Home Home / CWNP / CWSP-207

CWNP CWSP-207 Practice Test - Questions Answers

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When used as part of a WLAN authentication solution, what is the role of LDAP?
A WLAN is implemented using WPA-Personal and MAC filtering. To what common wireless network attacks is this network potentially vulnerable? (Choose 3)
What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)
Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources. What security best practices should be followed in this deployment scenario?
Given: AAA is an architectural framework used to provide three separate security components in a network. Listed below are three phrases that each describe one aspect of the AAA framework. Option-1 --- This AAA function is performed first and validates user identify prior to determining the network resources to which they will be granted access. Option-2 --- This function is used for monitoring and auditing purposes and includes the collection of data that identifies what a user has done while connected. Option-3 --- This function is used to designate permissions to a particular user. What answer correctly pairs the AAA component with the descriptions provided above?
A single AP is configured with three separate WLAN profiles, as follows: 1. SSID: ABCData -- BSSID: 00:11:22:00:1F:C3 -- VLAN 10 -- Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP -- 3 current clients 2. SSID: ABCVoice -- BSSID: 00:11:22:00:1F:C4 -- VLAN 60 -- Security: WPA2-Personal with AES-CCMP -- 2 current clients 3. SSID: Guest -- BSSID: 00:11:22:00:1F:C5 -- VLAN 90 -- Security: Open with captive portal authentication -- 3 current clients Three STAs are connected to ABCData. Three STAs are connected to Guest. Two STAs are connected to ABCVoice. How many unique GTKs and PTKs are currently in place in this scenario?
An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?
Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection. What security characteristics and/or components play a role in preventing data decryption? (Choose 2)
You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions. Which of the following statements is true regarding integrated WIPS solutions?
In order to acquire credentials of a valid user on a public hot-spot network, what attacks may be conducted? Choose the single completely correct answer.

Question 1

Report
Export
Collapse

What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

A.
H-REAP
A.
H-REAP
Answers
B.
EAP-GTC
B.
EAP-GTC
Answers
C.
EAP-TTLS
C.
EAP-TTLS
Answers
D.
PEAP
D.
PEAP
Answers
E.
LEAP
E.
LEAP
Answers
Suggested answer: D

Question 2

Report
Export
Collapse

Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

A.
Rogue APs
A.
Rogue APs
Answers
B.
DoS
B.
DoS
Answers
C.
Eavesdropping
C.
Eavesdropping
Answers
D.
Social engineering
D.
Social engineering
Answers
Suggested answer: C, D

Question 3

Report
Export
Collapse

Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)

A.
Configuration distribution for autonomous APs
A.
Configuration distribution for autonomous APs
Answers
B.
Wireless vulnerability assessment
B.
Wireless vulnerability assessment
Answers
C.
Application-layer traffic inspection
C.
Application-layer traffic inspection
Answers
D.
Analysis and reporting of AP CPU utilization
D.
Analysis and reporting of AP CPU utilization
Answers
E.
Policy enforcement and compliance management
E.
Policy enforcement and compliance management
Answers
Suggested answer: B, E

Question 4

Report
Export
Collapse

In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from 802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC's facility. ABC has always been highly security conscious, but due to budget limitations, they have not yet updated their overlay WIPS solution to 802.11n or 802.11ac.

Given ABC's deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?

A.
Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client
A.
Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client
Answers
B.
Rogue AP operating in Greenfield 40 MHz-only mode
B.
Rogue AP operating in Greenfield 40 MHz-only mode
Answers
C.
802.11a STA performing a deauthentication attack against 802.11n APs
C.
802.11a STA performing a deauthentication attack against 802.11n APs
Answers
D.
802.11n client spoofing the MAC address of an authorized 802.11n client
D.
802.11n client spoofing the MAC address of an authorized 802.11n client
Answers
Suggested answer: B

Question 5

Report
Export
Collapse

ABC Company requires the ability to identify and quickly locate rogue devices. ABC has chosen an overlay WIPS solution with sensors that use dipole antennas to perform this task. Use your knowledge of location tracking techniques to answer the question.

In what ways can this 802.11-based WIPS platform determine the location of rogue laptops or APs? (Choose 3)

A.
Time Difference of Arrival (TDoA)
A.
Time Difference of Arrival (TDoA)
Answers
B.
Angle of Arrival (AoA)
B.
Angle of Arrival (AoA)
Answers
C.
Trilateration of RSSI measurements
C.
Trilateration of RSSI measurements
Answers
D.
GPS Positioning
D.
GPS Positioning
Answers
E.
RF Fingerprinting
E.
RF Fingerprinting
Answers
Suggested answer: A, C, E

Question 6

Report
Export
Collapse

Given: Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies.

Which one of the following statements is true related to this implementation?

A.
The client will be the authenticator in this scenario.
A.
The client will be the authenticator in this scenario.
Answers
B.
The client STAs must use a different, but complementary, EAP type than the AP STAs.
B.
The client STAs must use a different, but complementary, EAP type than the AP STAs.
Answers
C.
The client STAs may communicate over the uncontrolled port in order to authenticate as soon as Open System authentication completes.
C.
The client STAs may communicate over the uncontrolled port in order to authenticate as soon as Open System authentication completes.
Answers
D.
The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.
D.
The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.
Answers
Suggested answer: C

Question 7

Report
Export
Collapse

Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

A.
Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.
A.
Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.
Answers
B.
Allow access to specific files and applications based on the user's WMM access category.
B.
Allow access to specific files and applications based on the user's WMM access category.
Answers
C.
Provide two or more user groups connected to the same SSID with different levels of network privileges.
C.
Provide two or more user groups connected to the same SSID with different levels of network privileges.
Answers
D.
Allow simultaneous support for multiple EAP types on a single access point.
D.
Allow simultaneous support for multiple EAP types on a single access point.
Answers
Suggested answer: C

Question 8

Report
Export
Collapse

Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.

What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

A.
Multi-factor authentication
A.
Multi-factor authentication
Answers
B.
4-Way Handshake
B.
4-Way Handshake
Answers
C.
PLCP Cyclic Redundancy Check (CRC)
C.
PLCP Cyclic Redundancy Check (CRC)
Answers
D.
Encrypted Passphrase Protocol (EPP)
D.
Encrypted Passphrase Protocol (EPP)
Answers
E.
Integrity Check Value (ICV)
E.
Integrity Check Value (ICV)
Answers
F.
Group Temporal Keys
F.
Group Temporal Keys
Answers
Suggested answer: B, F

Question 9

Report
Export
Collapse

An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?

A.
Man-in-the-middle
A.
Man-in-the-middle
Answers
B.
Hijacking
B.
Hijacking
Answers
C.
ASLEAP
C.
ASLEAP
Answers
D.
DoS
D.
DoS
Answers
Suggested answer: D

Question 10

Report
Export
Collapse

Given: WLAN attacks are typically conducted by hackers to exploit a specific vulnerability within a network.

What statement correctly pairs the type of WLAN attack with the exploited vulnerability? (Choose 3)

A.
Management interface exploit attacks are attacks that use social engineering to gain credentials from managers.
A.
Management interface exploit attacks are attacks that use social engineering to gain credentials from managers.
Answers
B.
Zero-day attacks are always authentication or encryption cracking attacks.
B.
Zero-day attacks are always authentication or encryption cracking attacks.
Answers
C.
RF DoS attacks prevent successful wireless communication on a specific frequency or frequency range.
C.
RF DoS attacks prevent successful wireless communication on a specific frequency or frequency range.
Answers
D.
Hijacking attacks interrupt a user's legitimate connection and introduce a new connection with an evil twin AP.
D.
Hijacking attacks interrupt a user's legitimate connection and introduce a new connection with an evil twin AP.
Answers
E.
Social engineering attacks are performed to collect sensitive information from unsuspecting users
E.
Social engineering attacks are performed to collect sensitive information from unsuspecting users
Answers
F.
Association flood attacks are Layer 3 DoS attacks performed against authenticated client stations
F.
Association flood attacks are Layer 3 DoS attacks performed against authenticated client stations
Answers
Suggested answer: C, D, E
Total 35 questions
Go to page: of 4
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms