New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

CWNP CWSP-207 Certified Wireless Security Professional (CWSP) Exam Practice Test

Page: 1 / 12
Total 119 questions

Certified Wireless Security Professional (CWSP) Questions and Answers

Question 1

Given: The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions.

What are three uses for such a tool? (Choose 3)

Options:

A.

Transmitting a deauthentication frame to disconnect a user from the AP.

B.

Auditing the configuration and functionality of a WIPS by simulating common attack sequences

C.

Probing the RADIUS server and authenticator to expose the RADIUS shared secret

D.

Cracking the authentication or encryption processes implemented poorly in some WLANs

Question 2

Given: In XYZ’s small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.

What statement about the WLAN security of this company is true?

Options:

A.

Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.

B.

A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.

C.

An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.

D.

An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user’s 4-Way Handshake.

E.

Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.

Question 3

A WLAN is implemented using WPA-Personal and MAC filtering.

To what common wireless network attacks is this network potentially vulnerable? (Choose 3)

Options:

A.

Offline dictionary attacks

B.

MAC Spoofing

C.

ASLEAP

D.

DoS

Question 4

ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.

What types of wireless attacks are protected by 802.11w? (Choose 2)

Options:

A.

RF DoS attacks

B.

Layer 2 Disassociation attacks

C.

Robust management frame replay attacks

D.

Social engineering attacks

Question 5

What is a primary criteria for a network to qualify as a Robust Security Network (RSN)?

Options:

A.

Token cards must be used for authentication.

B.

Dynamic WEP-104 encryption must be enabled.

C.

WEP may not be used for encryption.

D.

WPA-Personal must be supported for authentication and encryption.

E.

WLAN controllers and APs must not support SSHv1.

Question 6

What software and hardware tools are used together to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network? (Choose 2)

Options:

A.

RF jamming device and a wireless radio card

B.

A low-gain patch antenna and terminal emulation software

C.

A wireless workgroup bridge and a protocol analyzer

D.

DHCP server software and access point software

E.

MAC spoofing software and MAC DoS software

Question 7

Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individualshave raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.

As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

Options:

A.

MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

B.

MS-CHAPv2 is subject to offline dictionary attacks.

C.

LEAP’s use of MS-CHAPv2 is only secure when combined with WEP.

D.

MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

E.

MS-CHAPv2 uses AES authentication, and is therefore secure.

F.

When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

Question 8

What WLAN client device behavior is exploited by an attacker during a hijacking attack?

Options:

A.

When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.

B.

When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.

C.

After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.

D.

As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-to-client connections, even in an infrastructure BSS.

E.

Client drivers scan for and connect to access points in the 2.4 GHz band before scanning the 5 GHz band.

Question 9

Given: Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.

While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)

Options:

A.

Man-in-the-Middle

B.

Wi-Fi phishing

C.

Management interface exploits

D.

UDP port redirection

E.

IGMP snooping

Question 10

What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?

Options:

A.

Fast/secure roaming in an 802.11 RSN is significantly longer when EAP-TLS is in use.

B.

EAP-TLS does not protect the client's username and password inside an encrypted tunnel.

C.

EAP-TLS cannot establish a secure tunnel for internal EAP authentication.

D.

EAP-TLS is supported only by Cisco wireless infrastructure and client devices.

E.

EAP-TLS requires extensive PKI use to create X.509 certificates for both the server and all clients, which increases administrative overhead.

Question 11

When TKIP is selected as the pairwise cipher suite, what frame types may be protected with data confidentiality? (Choose 2)

Options:

A.

Robust broadcast management

B.

Robust unicast management

C.

Control

D.

Data

E.

ACK

F.

QoS Data

Question 12

You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4-way handshake.

Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)

Options:

A.

STA1 and STA2 are using different cipher suites.

B.

STA2 has retransmissions of EAP frames.

C.

STA1 is a reassociation and STA2 is an initial association.

D.

STA1 is a TSN, and STA2 is an RSN.

E.

STA1 and STA2 are using different EAP types.

Question 13

Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

Options:

A.

Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.

B.

Allow access to specific files and applications based on the user's WMM access category.

C.

Provide two or more user groups connected to the same SSID with different levels of network privileges.

D.

Allow simultaneous support for multiple EAP types on a single access point.

Question 14

Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs. Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:

SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite

SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher suite

The consultant’s computer can successfully authenticate and browse the Internet when using the Blue SSID. The same computer cannot authenticate when using the Red SSID.

What is a possible cause of the problem?

Options:

A.

The Red VLAN does not use server certificate, but the client requires one.

B.

The TKIP cipher suite is not a valid option for PEAPv0 authentication.

C.

The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.

D.

The consultant does not have a valid Kerberos ID on the Blue VLAN.

Question 15

Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

Options:

A.

It does not support the outer identity.

B.

It is not a valid EAP type.

C.

It does not support mutual authentication.

D.

It does not support a RADIUS server.

Question 16

What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)

Options:

A.

EAP-MD5

B.

EAP-TLS

C.

LEAP

D.

PEAPv0/MSCHAPv2

E.

EAP-TTLS

Question 17

Given: ABC Corporation’s 802.11 WLAN is comprised of a redundant WLAN controller pair (N+1) and 30 access points implemented in 2004. ABC implemented WEP encryption with IPSec VPN technology to secure their wireless communication because it was the strongest security solution available at the time it was implemented. IT management has decided to upgrade the WLAN infrastructure and implement Voice over Wi-Fi and is concerned with security because most Voice over Wi-Fi phones do not support IPSec.

As the wireless network administrator, what new security solution would be best for protecting ABC’s data?

Options:

A.

Migrate corporate data clients to WPA-Enterprise and segment Voice over Wi-Fi phones by assigning them to a different frequency band.

B.

Migrate corporate data and Voice over Wi-Fi devices to WPA2-Enterprise with fast secure roaming support, and segment Voice over Wi-Fi data on a separate VLAN.

C.

Migrate to a multi-factor security solution to replace IPSec; use WEP with MAC filtering, SSID hiding, stateful packet inspection, and VLAN segmentation.

D.

Migrate all 802.11 data devices to WPA-Personal, and implement a secure DHCP server to allocate addresses from a segmented subnet for the Voice over Wi-Fi phones.

Question 18

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

Options:

A.

Group Key Handshake

B.

802.1X/EAP authentication

C.

DHCP Discovery

D.

4-Way Handshake

E.

Passphrase-to-PSK mapping

F.

RADIUS shared secret lookup

Question 19

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

Options:

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Question 20

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

Options:

A.

Awareness of the exact vendor devices being installed

B.

Management support for the process

C.

End-user training manuals for the policies to be created

D.

Security policy generation software

Question 21

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.

When writing the 802.11 security policy, what password-related items should be addressed?

Options:

A.

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

C.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

E.

EAP-TLS must be implemented in such scenarios.

Question 22

What elements should be addressed by a WLAN security policy? (Choose 2)

Options:

A.

Enabling encryption to prevent MAC addresses from being sent in clear text

B.

How to prevent non-IT employees from learning about and reading the user security policy

C.

End-user training for password selection and acceptable network use

D.

The exact passwords to be used for administration interfaces on infrastructure devices

E.

Social engineering recognition and mitigation techniques

Question 23

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

Options:

A.

Require Port Address Translation (PAT) on each laptop.

B.

Require secure applications such as POP, HTTP, and SSH.

C.

Require VPN software for connectivity to the corporate network.

D.

Require WPA2-Enterprise as the minimal WLAN security solution.

Question 24

In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

Options:

A.

In home networks in which file and printer sharing is enabled

B.

At public hot-spots in which many clients use diverse applications

C.

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

D.

In university environments using multicast video training sourced from professor’s laptops

Question 25

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

Options:

A.

AKM Suite List

B.

Group Cipher Suite

C.

RSN Capabilities

D.

Pairwise Cipher Suite List

Question 26

After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?

Options:

A.

Authorized PEAP usernames must be added to the WIPS server’s user database.

B.

WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

C.

Separate security profiles must be defined for network operation in different regulatory domains

D.

Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

Question 27

Select the answer option that arranges the numbered events in the correct time sequence (first to last) for a client associating to a BSS using EAP-PEAPv0/MSCHAPv2.

1. Installation of PTK

2. Initiation of 4-way handshake

3. Open system authentication

4. 802.11 association

5. 802.1X controlled port is opened for data traffic

6. Client validates server certificate

7. AS validates client credentials

Options:

A.

3—4—6—7—2—1—5

B.

4—3—5—2—7—6—1

C.

5—3—4—2—6—7—1

D.

6—1—3—4—2—7—5

E.

4—3—2—7—6—1—5

F.

3—4—7—6—5—2—1

Page: 1 / 12
Total 119 questions