ExamGecko
Search Search Login
Home Home / CWNP / CWSP-207

CWNP CWSP-207 Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When used as part of a WLAN authentication solution, what is the role of LDAP?
A WLAN is implemented using WPA-Personal and MAC filtering. To what common wireless network attacks is this network potentially vulnerable? (Choose 3)
What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)
Given: AAA is an architectural framework used to provide three separate security components in a network. Listed below are three phrases that each describe one aspect of the AAA framework. Option-1 --- This AAA function is performed first and validates user identify prior to determining the network resources to which they will be granted access. Option-2 --- This function is used for monitoring and auditing purposes and includes the collection of data that identifies what a user has done while connected. Option-3 --- This function is used to designate permissions to a particular user. What answer correctly pairs the AAA component with the descriptions provided above?
A single AP is configured with three separate WLAN profiles, as follows: 1. SSID: ABCData -- BSSID: 00:11:22:00:1F:C3 -- VLAN 10 -- Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP -- 3 current clients 2. SSID: ABCVoice -- BSSID: 00:11:22:00:1F:C4 -- VLAN 60 -- Security: WPA2-Personal with AES-CCMP -- 2 current clients 3. SSID: Guest -- BSSID: 00:11:22:00:1F:C5 -- VLAN 90 -- Security: Open with captive portal authentication -- 3 current clients Three STAs are connected to ABCData. Three STAs are connected to Guest. Two STAs are connected to ABCVoice. How many unique GTKs and PTKs are currently in place in this scenario?
An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?
Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection. What security characteristics and/or components play a role in preventing data decryption? (Choose 2)
Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources. What security best practices should be followed in this deployment scenario?
You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions. Which of the following statements is true regarding integrated WIPS solutions?
In order to acquire credentials of a valid user on a public hot-spot network, what attacks may be conducted? Choose the single completely correct answer.

Question 11

Report
Export
Collapse

Given: A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication.

For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

A.
WPA2-Enterprise authentication/encryption
A.
WPA2-Enterprise authentication/encryption
Answers
B.
Internal RADIUS server
B.
Internal RADIUS server
Answers
C.
WIPS support and integration
C.
WIPS support and integration
Answers
D.
802.1Q VLAN trunking
D.
802.1Q VLAN trunking
Answers
E.
SNMPv3 support
E.
SNMPv3 support
Answers
Suggested answer: B

Question 12

Report
Export
Collapse

What WLAN client device behavior is exploited by an attacker during a hijacking attack?

A.
When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.
A.
When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.
Answers
B.
When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.
B.
When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.
Answers
C.
After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.
C.
After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.
Answers
D.
As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-to-client connections, even in an infrastructure BSS.
D.
As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-to-client connections, even in an infrastructure BSS.
Answers
E.
Client drivers scan for and connect to access points in the 2.4 GHz band before scanning the 5 GHz band.
E.
Client drivers scan for and connect to access points in the 2.4 GHz band before scanning the 5 GHz band.
Answers
Suggested answer: A

Question 13

Report
Export
Collapse

Given: When the CCMP cipher suite is used for protection of data frames, 16 bytes of overhead are added to the Layer 2 frame. 8 of these bytes comprise the MIC.

What purpose does the encrypted MIC play in protecting the data frame?

A.
The MIC is used as a first layer of validation to ensure that the wireless receiver does not incorrectly process corrupted signals.
A.
The MIC is used as a first layer of validation to ensure that the wireless receiver does not incorrectly process corrupted signals.
Answers
B.
The MIC provides for a cryptographic integrity check against the data payload to ensure that it matches the original transmitted data.
B.
The MIC provides for a cryptographic integrity check against the data payload to ensure that it matches the original transmitted data.
Answers
C.
The MIC is a hash computation performed by the receiver against the MAC header to detect replay attacks prior to processing the encrypted payload.
C.
The MIC is a hash computation performed by the receiver against the MAC header to detect replay attacks prior to processing the encrypted payload.
Answers
D.
The MIC is a random value generated during the 4-way handshake and is used for key mixing to enhance the strength of the derived PTK.
D.
The MIC is a random value generated during the 4-way handshake and is used for key mixing to enhance the strength of the derived PTK.
Answers
Suggested answer: B

Question 14

Report
Export
Collapse

Given: XYZ Company has recently installed an 802.11ac WLAN. The company needs the ability to control access to network services, such as file shares, intranet web servers, and Internet access based on an employee's job responsibilities.

What WLAN security solution meets this requirement?

A.
An autonomous AP system with MAC filters
A.
An autonomous AP system with MAC filters
Answers
B.
WPA2-Personal with support for LDAP queries
B.
WPA2-Personal with support for LDAP queries
Answers
C.
A VPN server with multiple DHCP scopes
C.
A VPN server with multiple DHCP scopes
Answers
D.
A WLAN controller with RBAC features
D.
A WLAN controller with RBAC features
Answers
E.
A WLAN router with wireless VLAN support
E.
A WLAN router with wireless VLAN support
Answers
Suggested answer: D

Question 15

Report
Export
Collapse

Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.

What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

A.
On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.
A.
On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.
Answers
B.
During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.
B.
During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.
Answers
C.
In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.
C.
In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.
Answers
D.
Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.
D.
Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.
Answers
Suggested answer: B, C, D

Question 16

Report
Export
Collapse

What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?

A.
The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.
A.
The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.
Answers
B.
The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.
B.
The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.
Answers
C.
The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.
C.
The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.
Answers
D.
The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.
D.
The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.
Answers
Suggested answer: B

Question 17

Report
Export
Collapse

What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)

A.
802.11w frame protection protects against some Layer 2 denial-of-service (DoS) attacks, but it cannot prevent all types of Layer 2 DoS attacks.
A.
802.11w frame protection protects against some Layer 2 denial-of-service (DoS) attacks, but it cannot prevent all types of Layer 2 DoS attacks.
Answers
B.
When frame protection is in use, the PHY preamble and header as well as the MAC header are encrypted with 256- or 512-bit AES.
B.
When frame protection is in use, the PHY preamble and header as well as the MAC header are encrypted with 256- or 512-bit AES.
Answers
C.
Authentication, association, and acknowledgment frames are protected if management frame protection is enabled, but deauthentication and disassociation frames are not.
C.
Authentication, association, and acknowledgment frames are protected if management frame protection is enabled, but deauthentication and disassociation frames are not.
Answers
D.
Management frame protection protects disassociation and deauthentication frames.
D.
Management frame protection protects disassociation and deauthentication frames.
Answers
Suggested answer: A, D

Question 18

Report
Export
Collapse

A single AP is configured with three separate WLAN profiles, as follows:

1. SSID: ABCData -- BSSID: 00:11:22:00:1F:C3 -- VLAN 10 -- Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP -- 3 current clients

2. SSID: ABCVoice -- BSSID: 00:11:22:00:1F:C4 -- VLAN 60 -- Security: WPA2-Personal with AES-CCMP -- 2 current clients

3. SSID: Guest -- BSSID: 00:11:22:00:1F:C5 -- VLAN 90 -- Security: Open with captive portal authentication -- 3 current clients

Three STAs are connected to ABCData. Three STAs are connected to Guest. Two STAs are connected to ABCVoice.

How many unique GTKs and PTKs are currently in place in this scenario?

A.
1 GTK -- 8 PTKs
A.
1 GTK -- 8 PTKs
Answers
B.
2 GTKs -- 5 PTKs
B.
2 GTKs -- 5 PTKs
Answers
C.
2 GTKs -- 8 PTKs
C.
2 GTKs -- 8 PTKs
Answers
D.
3 GTKs -- 8 PTKs
D.
3 GTKs -- 8 PTKs
Answers
Suggested answer: B

Question 19

Report
Export
Collapse

Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

A.
It does not support the outer identity.
A.
It does not support the outer identity.
Answers
B.
It is not a valid EAP type.
B.
It is not a valid EAP type.
Answers
C.
It does not support mutual authentication.
C.
It does not support mutual authentication.
Answers
D.
It does not support a RADIUS server.
D.
It does not support a RADIUS server.
Answers
Suggested answer: C

Question 20

Report
Export
Collapse

Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.

What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?

A.
John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.
A.
John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.
Answers
B.
John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.
B.
John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.
Answers
C.
John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.
C.
John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.
Answers
D.
The bank's web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
D.
The bank's web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Answers
E.
Before connecting to the bank's website, John's association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank's web server and has decrypted John's login credentials in near real-time.
E.
Before connecting to the bank's website, John's association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank's web server and has decrypted John's login credentials in near real-time.
Answers
Suggested answer: B
Total 35 questions
Go to page: of 4
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms