New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

CWSP-207 Certified Wireless Security Professional (CWSP) Questions and Answers

Questions 4

Given: Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.

While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)

Options:

A.

Man-in-the-Middle

B.

Wi-Fi phishing

C.

Management interface exploits

D.

UDP port redirection

E.

IGMP snooping

Buy Now
Questions 5

Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data.

What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

Options:

A.

All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

B.

Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.

C.

Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.

D.

Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.

E.

The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.

Buy Now
Questions 6

What WLAN client device behavior is exploited by an attacker during a hijacking attack?

Options:

A.

When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.

B.

When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.

C.

After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.

D.

As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-to-client connections, even in an infrastructure BSS.

E.

Client drivers scan for and connect to access points in the 2.4 GHz band before scanning the 5 GHz band.

Buy Now
Questions 7

What type of WLAN attack is prevented with the use of a per-MPDU TKIP sequence counter (TSC)?

Options:

A.

Weak-IV

B.

Forgery

C.

Replay

D.

Bit-flipping

E.

Session hijacking

Buy Now
Questions 8

ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.

What types of wireless attacks are protected by 802.11w? (Choose 2)

Options:

A.

RF DoS attacks

B.

Layer 2 Disassociation attacks

C.

Robust management frame replay attacks

D.

Social engineering attacks

Buy Now
Questions 9

Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individualshave raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.

As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

Options:

A.

MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

B.

MS-CHAPv2 is subject to offline dictionary attacks.

C.

LEAP’s use of MS-CHAPv2 is only secure when combined with WEP.

D.

MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

E.

MS-CHAPv2 uses AES authentication, and is therefore secure.

F.

When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

Buy Now
Questions 10

The following numbered items show some of the contents of each of the four frames exchanged during the 4-way handshake:

1. Encrypted GTK sent

2. Confirmation of temporal key installation

3. Anonce sent from authenticator to supplicant

4. Snonce sent from supplicant to authenticator, MIC included

Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.

Options:

A.

2, 3, 4, 1

B.

1, 2, 3, 4

C.

4, 3, 1, 2

D.

3, 4, 1, 2

Buy Now
Questions 11

For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?

Options:

A.

All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.

B.

A location chipset (GPS) must be installed with it.

C.

At least six antennas must be installed in each sensor.

D.

The RF environment must be sampled during an RF calibration process.

Buy Now
Questions 12

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

Options:

A.

AKM Suite List

B.

Group Cipher Suite

C.

RSN Capabilities

D.

Pairwise Cipher Suite List

Buy Now
Questions 13

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

Options:

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Buy Now
Questions 14

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

Options:

A.

Awareness of the exact vendor devices being installed

B.

Management support for the process

C.

End-user training manuals for the policies to be created

D.

Security policy generation software

Buy Now
Questions 15

What elements should be addressed by a WLAN security policy? (Choose 2)

Options:

A.

Enabling encryption to prevent MAC addresses from being sent in clear text

B.

How to prevent non-IT employees from learning about and reading the user security policy

C.

End-user training for password selection and acceptable network use

D.

The exact passwords to be used for administration interfaces on infrastructure devices

E.

Social engineering recognition and mitigation techniques

Buy Now
Questions 16

In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

Options:

A.

In home networks in which file and printer sharing is enabled

B.

At public hot-spots in which many clients use diverse applications

C.

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

D.

In university environments using multicast video training sourced from professor’s laptops

Buy Now
Questions 17

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.

When writing the 802.11 security policy, what password-related items should be addressed?

Options:

A.

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

C.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

E.

EAP-TLS must be implemented in such scenarios.

Buy Now
Questions 18

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

Options:

A.

Require Port Address Translation (PAT) on each laptop.

B.

Require secure applications such as POP, HTTP, and SSH.

C.

Require VPN software for connectivity to the corporate network.

D.

Require WPA2-Enterprise as the minimal WLAN security solution.

Buy Now
Questions 19

Given: ABC Corporation’s 802.11 WLAN is comprised of a redundant WLAN controller pair (N+1) and 30 access points implemented in 2004. ABC implemented WEP encryption with IPSec VPN technology to secure their wireless communication because it was the strongest security solution available at the time it was implemented. IT management has decided to upgrade the WLAN infrastructure and implement Voice over Wi-Fi and is concerned with security because most Voice over Wi-Fi phones do not support IPSec.

As the wireless network administrator, what new security solution would be best for protecting ABC’s data?

Options:

A.

Migrate corporate data clients to WPA-Enterprise and segment Voice over Wi-Fi phones by assigning them to a different frequency band.

B.

Migrate corporate data and Voice over Wi-Fi devices to WPA2-Enterprise with fast secure roaming support, and segment Voice over Wi-Fi data on a separate VLAN.

C.

Migrate to a multi-factor security solution to replace IPSec; use WEP with MAC filtering, SSID hiding, stateful packet inspection, and VLAN segmentation.

D.

Migrate all 802.11 data devices to WPA-Personal, and implement a secure DHCP server to allocate addresses from a segmented subnet for the Voice over Wi-Fi phones.

Buy Now
Questions 20

When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?

Options:

A.

X.509 certificates

B.

User credentials

C.

Server credentials

D.

RADIUS shared secret

Buy Now
Questions 21

Given: Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies.

Which one of the following statements is true related to this implementation?

Options:

A.

The client will be the authenticator in this scenario.

B.

The client STAs must use a different, but complementary, EAP type than the AP STAs.

C.

The client STAs may communicate over the uncontrolled port in order to authenticate as soon as Open System authentication completes.

D.

The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.

Buy Now
Questions 22

You must support a TSN as you have older wireless equipment that will not support the required processing of AES encryption. Which one of the following technologies will you use on the network so that a TSN can be implemented that would not be required in a network compliant with 802.11-2012 non-deprecated technologies?

Options:

A.

WEP

B.

RC4

C.

CCMP

D.

WPA2

Buy Now
Questions 23

What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?

Options:

A.

The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.

B.

The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.

C.

The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.

D.

The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.

Buy Now
Questions 24

Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity.

What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?

Options:

A.

Configure WPA2-Enterprise security on the access point

B.

Block TCP port 25 and 80 outbound on the Internet router

C.

Require client STAs to have updated firewall and antivirus software

D.

Allow only trusted patrons to use the WLAN

E.

Use a WIPS to monitor all traffic and deauthenticate malicious stations

F.

Implement a captive portal with an acceptable use disclaimer

Buy Now
Questions 25

In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce? (Choose 2)

Options:

A.

They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.

B.

The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).

C.

They are added together and used as the GMK, from which the GTK is derived.

D.

They are input values used in the derivation of the Pairwise Transient Key.

E.

They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.

Buy Now
Questions 26

What wireless security protocol provides mutual authentication without using an X.509 certificate?

Options:

A.

EAP-FAST

B.

EAP-MD5

C.

EAP-TLS

D.

PEAPv0/EAP-MSCHAPv2

E.

EAP-TTLS

F.

PEAPv1/EAP-GTC

Buy Now
Questions 27

Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company’s employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.

What security implementation will allow the network administrator to achieve this goal?

Options:

A.

Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect.

B.

Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect.

C.

Implement two separate SSIDs on the AP—one for WPA-Personal using TKIP and one for WPA2-Personal using AES-CCMP.

D.

Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP.

Buy Now
Exam Code: CWSP-207
Exam Name: Certified Wireless Security Professional (CWSP)
Last Update: Dec 21, 2024
Questions: 119

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now CWSP-207 testing engine

PDF (Q&A)

$36.75  $104.99
buy now CWSP-207 pdf