New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CWSP-207 Certified Wireless Security Professional (CWSP) Questions and Answers

Questions 4

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

Options:

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Buy Now
Questions 5

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

Options:

A.

Awareness of the exact vendor devices being installed

B.

Management support for the process

C.

End-user training manuals for the policies to be created

D.

Security policy generation software

Buy Now
Questions 6

What elements should be addressed by a WLAN security policy? (Choose 2)

Options:

A.

Enabling encryption to prevent MAC addresses from being sent in clear text

B.

How to prevent non-IT employees from learning about and reading the user security policy

C.

End-user training for password selection and acceptable network use

D.

The exact passwords to be used for administration interfaces on infrastructure devices

E.

Social engineering recognition and mitigation techniques

Buy Now
Questions 7

In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

Options:

A.

In home networks in which file and printer sharing is enabled

B.

At public hot-spots in which many clients use diverse applications

C.

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

D.

In university environments using multicast video training sourced from professor’s laptops

Buy Now
Questions 8

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

Options:

A.

Require Port Address Translation (PAT) on each laptop.

B.

Require secure applications such as POP, HTTP, and SSH.

C.

Require VPN software for connectivity to the corporate network.

D.

Require WPA2-Enterprise as the minimal WLAN security solution.

Buy Now
Questions 9

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.

When writing the 802.11 security policy, what password-related items should be addressed?

Options:

A.

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

C.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

E.

EAP-TLS must be implemented in such scenarios.

Buy Now
Questions 10

While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does notuse significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth.

What kind of signal is described?

Options:

A.

A high-power, narrowband signal

B.

A 2.4 GHz WLAN transmission using transmit beam forming

C.

An HT-OFDM access point

D.

A frequency hopping wireless device in discovery mode

E.

A deauthentication flood from a WIPS blocking an AP

F.

A high-power ultra wideband (UWB) Bluetooth transmission

Buy Now
Questions 11

Given: ABC Company secures their network with WPA2-Personal authentication and AES-CCMP encryption.

What part of the 802.11 frame is always protected from eavesdroppers by this type of security?

Options:

A.

All MSDU contents

B.

All MPDU contents

C.

All PPDU contents

D.

All PSDU contents

Buy Now
Questions 12

Given: ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS-CHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hot-spot include:

  • Cannot access corporate network resources
  • Network permissions are limited to Internet access
  • All stations must be authenticated

What security controls would you suggest? (Choose the single best answer.)

Options:

A.

Implement separate controllers for the corporate and guest WLANs.

B.

Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.

C.

Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.

D.

Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.

E.

Force all guest users to use a common VPN protocol to connect.

Buy Now
Questions 13

When TKIP is selected as the pairwise cipher suite, what frame types may be protected with data confidentiality? (Choose 2)

Options:

A.

Robust broadcast management

B.

Robust unicast management

C.

Control

D.

Data

E.

ACK

F.

QoS Data

Buy Now
Questions 14

What wireless security protocol provides mutual authentication without using an X.509 certificate?

Options:

A.

EAP-FAST

B.

EAP-MD5

C.

EAP-TLS

D.

PEAPv0/EAP-MSCHAPv2

E.

EAP-TTLS

F.

PEAPv1/EAP-GTC

Buy Now
Questions 15

Given: AAA is an architectural framework used to provide three separate security components in a network. Listed below are three phrases that each describe one aspect of the AAA framework.

Option-1 — This AAA function is performed first and validates user identify prior to determining the network resources to which they will be granted access.

Option-2 — This function is used for monitoring and auditing purposes and includes the collection of data that identifies what a user has done while connected.

Option-3 — This function is used to designate permissions to a particular user.

What answer correctly pairs the AAA component with the descriptions provided above?

Options:

A.

Option-1 – Access Control

Option-2 – Authorization

Option-3 – Accounting

B.

Option-1 – Authentication

Option-2 – Accounting

Option-3 – Association

C.

Option-1 – Authorization

Option-2 – Access Control

Option-3 – Association

D.

Option-1 – Authentication

Option-2 – Accounting

Option-3 – Authorization

Buy Now
Questions 16

You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4-way handshake.

Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)

Options:

A.

STA1 and STA2 are using different cipher suites.

B.

STA2 has retransmissions of EAP frames.

C.

STA1 is a reassociation and STA2 is an initial association.

D.

STA1 is a TSN, and STA2 is an RSN.

E.

STA1 and STA2 are using different EAP types.

Buy Now
Questions 17

Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.

In this remote scenario, what single wireless security practice will provide the greatest security for Fred?

Options:

A.

Use an IPSec VPN for connectivity to the office network

B.

Use only HTTPS when agreeing to acceptable use terms on public networks

C.

Use enterprise WIPS on the corporate office network

D.

Use WIPS sensor software on the laptop to monitor for risks and attacks

E.

Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots

F.

Use secure protocols, such as FTP, for remote file transfers.

Buy Now
Questions 18

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

Options:

A.

Group Key Handshake

B.

802.1X/EAP authentication

C.

DHCP Discovery

D.

4-Way Handshake

E.

Passphrase-to-PSK mapping

F.

RADIUS shared secret lookup

Buy Now
Questions 19

You perform a protocol capture using Wireshark and a compatible 802.11 adapter in Linux. When viewing the capture, you see an auth req frame and an auth rsp frame. Then you see an assoc req frame and an assoc rsp frame. Shortly after, you see DHCP communications and then ISAKMP protocol packets. What security solution is represented?

Options:

A.

802.1X/EAP-TTLS

B.

Open 802.11 authentication with IPSec

C.

802.1X/PEAPv0/MS-CHAPv2

D.

WPA2-Personal with AES-CCMP

E.

EAP-MD5

Buy Now
Questions 20

Given: You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution.

In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)

Options:

A.

Encryption cracking

B.

Offline dictionary attacks

C.

Layer 3 peer-to-peer

D.

Application eavesdropping

E.

Session hijacking

F.

Layer 1 DoS

Buy Now
Questions 21

What is a primary criteria for a network to qualify as a Robust Security Network (RSN)?

Options:

A.

Token cards must be used for authentication.

B.

Dynamic WEP-104 encryption must be enabled.

C.

WEP may not be used for encryption.

D.

WPA-Personal must be supported for authentication and encryption.

E.

WLAN controllers and APs must not support SSHv1.

Buy Now
Questions 22

Given: The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions.

What are three uses for such a tool? (Choose 3)

Options:

A.

Transmitting a deauthentication frame to disconnect a user from the AP.

B.

Auditing the configuration and functionality of a WIPS by simulating common attack sequences

C.

Probing the RADIUS server and authenticator to expose the RADIUS shared secret

D.

Cracking the authentication or encryption processes implemented poorly in some WLANs

Buy Now
Questions 23

Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individualshave raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.

As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

Options:

A.

MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

B.

MS-CHAPv2 is subject to offline dictionary attacks.

C.

LEAP’s use of MS-CHAPv2 is only secure when combined with WEP.

D.

MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

E.

MS-CHAPv2 uses AES authentication, and is therefore secure.

F.

When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

Buy Now
Questions 24

Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data.

What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

Options:

A.

All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

B.

Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.

C.

Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.

D.

Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.

E.

The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.

Buy Now
Questions 25

Given: In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation’s wireless network. Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user’s connections. XYZ’s legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices.

With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?

Options:

A.

All WLAN clients will reassociate to the consultant’s software AP if the consultant’s software AP provides the same SSID on any channel with a 10 dB SNR improvement over the authorized AP.

B.

A higher SSID priority value configured in the Beacon frames of the consultant’s software AP will take priority over the SSID in the authorized AP, causing the clients to reassociate.

C.

When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant’s software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software AP.

D.

If the consultant’s software AP broadcasts Beacon frames that advertise 802.11g data rates that are faster rates than XYZ’s current 802.11b data rates, all WLAN clients will reassociate to the faster AP.

Buy Now
Questions 26

An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?

Options:

A.

Man-in-the-middle

B.

Hijacking

C.

ASLEAP

D.

DoS

Buy Now
Questions 27

What software and hardware tools are used together to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network? (Choose 2)

Options:

A.

RF jamming device and a wireless radio card

B.

A low-gain patch antenna and terminal emulation software

C.

A wireless workgroup bridge and a protocol analyzer

D.

DHCP server software and access point software

E.

MAC spoofing software and MAC DoS software

Buy Now
Exam Code: CWSP-207
Exam Name: Certified Wireless Security Professional (CWSP)
Last Update: Dec 26, 2024
Questions: 119
CWSP-207 pdf

CWSP-207 PDF

$25.5  $84.99
CWSP-207 Engine

CWSP-207 Testing Engine

$30  $99.99
CWSP-207 PDF + Engine

CWSP-207 PDF + Testing Engine

$40.5  $134.99