CWSP-208 Exam Training Practice Tests (CWNP Certified Wireless Security Professional (CWSP))]

Question 1

The following numbered items show some of the contents of each of the four frames exchanged during the 4- way handshake:
1. Encrypted GTK sent
2. Confirmation of temporal key installation
3. Anonce sent from authenticator to supplicant
4. Snonce sent from supplicant to authenticator, MIC included
Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.

A. 1, 2, 3, 4 B. 2, 3, 4, 1 C. 4, 3, 1, 2 D. 3, 4, 1, 2

Correct Answer: D

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 2

Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.
In this remote scenario, what single wireless security practice will provide the greatest security for Fred?

A. Use only HTTPS when agreeing to acceptable use terms on public networks B. Use an IPSec VPN for connectivity to the office network C. Use enterprise WIPS on the corporate office network D. Use secure protocols, such as FTP, for remote file transfers. E. Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots F. Use WIPS sensor software on the laptop to monitor for risks and attacks

Correct Answer: B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 3

Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

A. It does not support the outer identity. B. It is not a valid EAP type. C. It does not support a RADIUS server. D. It does not support mutual authentication.

Correct Answer: D

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 4

Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company's employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.
What security implementation will allow the network administrator to achieve this goal?

A. Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect. B. Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP. C. Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect. D. Implement two separate SSIDs on the AP-one for WPA-Personal using TKIP and one for WPA2- Personal using AES-CCMP.

Correct Answer: D

Question 5

When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?

A. X.509 certificates B. RADIUS shared secret C. User credentials D. Server credentials

Correct Answer: C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 6

Given: An 802.1X/EAP implementation includes an Active Directory domain controller running Windows Server 2012 and an AP from a major vendor. A Linux server is running RADIUS and it queries the domain controller for user credentials. A Windows client is accessing the network.
What device functions as the EAP Supplicant?

A. An unlisted switch B. Windows server C. Windows client D. An unlisted WLAN controller E. Linux server F. Access point

Correct Answer: C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 7

Given: In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2- Personal.
What statement about the WLAN security of this company is true?

A. Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users. B. An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user's 4-Way Handshake. C. A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client. D. Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed. E. An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.

Correct Answer: C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 8

Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

A. In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN. B. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN. C. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients. D. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.

Correct Answer: A,B,D

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 9

Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.
As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication?
(Choose 2)

A. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel. B. MS-CHAPv2 is subject to offline dictionary attacks. C. When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure. D. MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise. E. MS-CHAPv2 uses AES authentication, and is therefore secure. F. LEAP's use of MS-CHAPv2 is only secure when combined with WEP.

Correct Answer: A,B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 10

Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.
What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

A. Group Temporal Keys B. Integrity Check Value (ICV) C. 4-Way Handshake D. Encrypted Passphrase Protocol (EPP) E. PLCP Cyclic Redundancy Check (CRC) F. Multi-factor authentication

Correct Answer: A,C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

CWNP Certified Wireless Security Professional (CWSP) - CWSP-208 Exam Practice Test