When configuring a long-term, forensic packet capture and saving all packets to disk which of the following is not a consideration?
A. Real-time packet decodes
B. Analyzer location
C. Total capture storage space
D. Individual trace file size
Correct Answer: A
Explanation: Real-time packet decodes are not a consideration when configuring a long- term, forensic packet capture and saving all packets to disk. Real-time packet decodes are useful for live analysis and troubleshooting, but they consume CPU and memory resources that could affect the performance of the capture process. For a long-term, forensic packet capture, it is more important to consider the analyzer location, the total capture storage space, and the individual trace file size. These factors affect the quality and quantity of the captured packets and the ease of post-capture analysis34 References: CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 49 CWAP-404 Objectives, Section 2.1: Configure protocol analyzers
Question 52:
What should the To DS and From DS flags be to set to in an Association Response frame?
A. To DS = 1, From DS = 1
B. To DS - 1, From DS = 0
C. To DS - 0, From DS = 0
D. To DS = 0, From DS = 1
Correct Answer: C
Explanation: The To DS and From DS flags should be set to 0 in an Association Response frame. An Association Response frame is a type of management frame that is transmitted by an AP to accept or reject an association request from a STA. The To DS (To Distribution System) and From DS (From Distribution System) flags are two bits in the Frame Control field of the MAC header that indicate whether a frame is destined for or originated from the DS (Distribution System), which is a system that connects multiple BSSs together. The To DS and From DS flags can have four possible combinations: 00, 01, 10, or 11. For an Association Response frame, which is sent from an AP to a STA within a BSS, both flags should be set to 0. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 5: 802.11 MAC Sublayer, page 121-122
Question 53:
Finish the statement:
It is possible to distinguish between_______22 MHz transmissions and________20 MHz transmissions when looking at an FFT plot.
A. HR/DSSS and ERP
B. OFDM and HT
C. ERP and VHT
D. HT and VHT
Correct Answer: B
Explanation: It is possible to distinguish between OFDM 20 MHz transmissions and HT 20 MHz transmissions when looking at an FFT plot. OFDM and HT are two different modulation schemes used by 802.11 WLANs. OFDM is used by legacy 802.11a/g devices, while HT is used by newer 802.11n/ac devices. OFDM and HT have different spectral characteristics that can be observed on an FFT plot. OFDM transmissions have a flat spectrum with sharp edges, while HT transmissions have a tapered spectrum with rounded edges. This is because HT uses guard intervals and cyclic prefixes to reduce inter-symbol interference and improve performance. The other options are not correct, as they do not describe different modulation schemes or channel widths that can be distinguished on an FFT plot. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 3: Spectrum Analysis, page 70-71
Question 54:
In the 2.4 GHZ band, what data rate are Probe Requests usually sent at from an unassociated STA?
A. 1 Mbps
B. The minimum basic rate
C. MCS 0
D. 6 Mbps
Correct Answer: B
Explanation: In the 2.4 GHz band, probe requests are usually sent at the minimum basic rate from an unassociated STA. A probe request is a type of management frame that is transmitted by a STA to discover available BSSs in its vicinity. A probe request can be sent on one or more channels in either passive or active scanning mode. In passive scanning mode, a STA listens for beacon frames from APs on each channel. In active scanning mode, a STA sends probe requests on each channel and waits for probe responses from APs. A probe request is usually sent at the minimum basic rate, which is the lowest data rate among the supported rates that is required for all STAs to join and communicate with a BSS. The minimum basic rate can vary depending on the configuration of each BSS, but it is typically one of these values: 1 Mbps, 2 Mbps, 5.5 Mbps, or 11 Mbps in the 2.4 GHz band. The other options are not correct, as they do not reflect how probe requests are usually sent in the 2.4 GHz band. MCS 0 is a modulation and coding scheme used by 802.11n/ac devices in either band, but it is not a data rate per se. 6 Mbps is a data rate used by OFDM devices in either band, but it is not usually configured as a minimum basic rate in the 2.4 GHz band. References: [Wireless Analysis Professional Study Guide CWAP- 404], Chapter 5: 802.11 MAC Sublayer, page 123-124
Question 55:
As a wireless network consultant you have been called in to troubleshoot a high-priority issue for one of your customers. The customer's office is based on two floors within a multi- tenant office block. On one of these floors (floor 5) users cannot connect to the wireless network. During their own testing the customer has discovered that users can connect on floor 6 but not when they move to the floor 5. This issue is affecting all users on floor 5 and having a negative effect on productivity.
To troubleshoot this issue, you perform both Spectrum and Protocol Analysis. The Spectrum Analysis shows the presence of Bluetooth signals which you have identified as coming from wireless mice. In the protocol analyzer you see the top frame on the network is Deauthentication frames. On closer investigation you see that the Deauthentication frames' source addresses match the BSSIDs of your customers APs and the destination address is FF:FF:FF:FF:FF:FF:FF.
What do you conclude from this troubleshooting exercise?
A. The customer should replace all their Bluetooth wireless mice as they are stopping the users on floor 5 from connecting to the wireless network
B. The users on floor 5 are being subjected to a denial of service attack, as this is happening across the entire floor it is likely to be a misconfigured WIPS solution belonging to the tenants on the floor below
C. The customers APs are misbehaving and a technical support case should be open with the vendor
D. The CCI from the APs on the floor 4 is the problem and you need to ask the tenant below to turn down their APs Tx power
Correct Answer: B
Explanation: The users on floor 5 are being subjected to a denial of service attack, as this is happening across the entire floor it is likely to be a misconfigured WIPS solution belonging to the tenants on the floor below. This is because the
Deauthentication frames have a source address that matches the BSSIDs of the customer's APs and a destination address that is a broadcast address (FF:FF:FF:FF:FF:FF). This indicates that someone is sending spoofed Deauthentication
frames to all STAs associated with the customer's APs, causing them to disconnect from the wireless network. This is a common type of DoS attack on wireless networks, and it could be caused by a rogue device or a WIPS solution that is
configured to protect the wireless network of another tenant on the floor below12. References: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 13: Troubleshooting Common Wi-Fi Issues, page 4961;
CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 14:
Troubleshooting Tools, page 5272.
Question 56:
Protocol analyzers may present field values in either binary, decimal or hexadecimal. What preceeds a hexadecimal value to indicate it is hexadecimal?
A. 0x
B. 16x
C. %
D. HEX
Correct Answer: A
Explanation: A hexadecimal value is a value that uses base 16 notation, which means it can have digits from 0 to 9 and letters from A to F. A hexadecimal value is usually preceded by 0x to indicate that it is hexadecimal and not decimal or binary. For example, 0x0A is hexadecimal for 10 in decimal or 00001010 in binary. The other options are not valid prefixes for hexadecimal values.References: CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 35 CWAP-404 Objectives, Section 2.2: Analyze field values
Question 57:
Where, in a protocol analyzer, would you find an indication that a frame was transmitted as part of an A-MPDU?
A. The HT Operation Element
B. A-MPDU flag in the QoS Control Field
C. A-MPDU flag in the Frame Control Field
D. The Aggregation flag in the Radio Tap Header
Correct Answer: D
Explanation: In a protocol analyzer, you would find an indication that a frame was transmitted as part of an A-MPDU by looking at the Aggregation flag in the Radio Tap Header. The Radio Tap Header is a pseudo-header that is added by some wireless capture devices to provide additional information about the physical layer characteristics of a frame. The Aggregation flag is one of the fields in this header, and it indicates whether the frame belongs to an A-MPDU or not. If the flag is set to 1, it means that the frame is part of an A- MPDU; if it is set to 0, it means that the frame is not part of an A-MPDU . References: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter
9: PHY Layer Frame Formats andTechnologies, page 303; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 9: PHY Layer Frame Formats and Technologies, page 304.
Question 58:
Which one of the following should be the first step when troubleshooting a WLAN issue?
A. Identify probable causes
B. Identify capture locations
C. Perform an initial WLAN scan and see if any obvious issues stand out
D. Define the problem
Correct Answer: D
Explanation: The first step in any troubleshooting process is to define the problem. This involves gathering information from various sources, such as users, network administrators, network documentation, and network monitoring tools.
Defining the problem helps to narrow down the scope of the issue and identify the symptoms, causes, and effects of the problem12 References:
CWAP-403 Study Guide, Chapter 1: Troubleshooting Methodology, page 7 CWAP-403 Objectives, Section 1.1: Define the problem
Question 59:
What is the difference between a Data frame and a QoS-Data frame?
A. QoS Data frames include a DSCP control field
B. QoS Data frames include a QoS information element
C. QoS Data frames include an 802.1Q VLAN tag
D. QoS Data frames include a QoS control field
Correct Answer: D
Explanation: The difference between a Data frame and a QoS-Data frame is that QoS Data frames include a QoS control field. A Data frame is a type of data frame that is used to carry user data or upper layer protocol data between STAs and APs. A QoS Data frame is a type of data frame that is used to carry user data or upper layer protocol data between STAs and APs that support QoS (Quality of Service) features. QoS features allow different types of traffic to be prioritized and handled differently according to their QoS requirements, such as delay, jitter, throughput, etc. QoS Data frames include a QoS control field in their MAC header, which contains information such as traffic identifier (TID), queue size (TXOP), acknowledgment policy (ACK), etc., that are used for QoS purposes. The other options are not correct, as they do not describe the difference between Data and QoS Data frames. QoS Data frames do not include a DSCP (Differentiated Services Code Point) control field, which is part of the IP header in the network layer, not the MAC header in the data link layer. QoS Data frames do not include a QoS information element (IE), which is part of some management frames that indicate QoS capabilities or parameters, not data frames. QoS Data frames do not include an 802.1Q VLAN tag, which is part of some Ethernet frames that indicate VLAN membership or priority, not wireless frames. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 5:
802.11 MAC Sublayer, page 118-119
Question 60:
In which element of a Beacon frame would you look to identity the current HT protection mode in which an AP is operating?
A. HT Protection Element
B. HT Operations Element
C. ERP Information Element
D. HT Capabilities Element
Correct Answer: B
Explanation: The HT protection mode in which an AP is operating can be identified by looking at the HT Operations element in a Beacon frame. The HT Operations element is a part of the Beacon frame that contains information about the High Throughput (HT) capabilities and operation of an 802.11n BSS. The HT Operations element has a field called HT Protection, which indicates how the BSS protects its HT transmissions from interference or collisions with non-HT devices or BSSs. The HT Protection field can have four values: No Protection, Nonmember Protection, 20 MHz Protection, or Non-HT Mixed Mode. The other options are not correct, as they do not contain information about the HT protection mode. The HT Protection element does not exist, the ERP Information element is used for Extended Rate PHY (ERP) protection mode for 802.11g devices, and the HT Capabilities element is used for indicating the supported HT features of an individual device. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 5:
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWAP-404 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.