CWNP CWSP-205 Online Practice Questions and Exam Preparation

CWNP CWSP-205 Online Questions & Answers

• Question 91:

  Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2- Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).

  How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

  A. The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.
  B. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.
  C. The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.
  D. The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.
  B. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.

• Question 92:

  What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

  A. Require Port Address Translation (PAT) on each laptop.
  B. Require secure applications such as POP, HTTP, and SSH.
  C. Require VPN software for connectivity to the corporate network.
  D. Require WPA2-Enterprise as the minimal WLAN security solution.
  C. Require VPN software for connectivity to the corporate network.

• Question 93:

  When used as part of a WLAN authentication solution, what is the role of LDAP?

  A. A data retrieval protocol used by an authentication service such as RADIUS
  B. An IEEE X.500 standard compliant database that participates in the 802.1X port-based access control process
  C. A SQL compliant authentication service capable of dynamic key generation and distribution
  D. A role-based access control protocol for filtering data to/from authenticated stations.
  E. An Authentication Server (AS) that communicates directly with, and provides authentication for, the Supplicant.
  A. A data retrieval protocol used by an authentication service such as RADIUS

• Question 94:

  What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in an 802.11 WLAN?

  A. EAP-TTLS sends encrypted supplicant credentials to the authentication server, but EAP-TLS uses unencrypted user credentials.
  B. EAP-TTLS supports client certificates, but EAP-TLS does not.
  C. EAP-TTLS does not require an authentication server, but EAP-TLS does.
  D. EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP-TLS does.
  D. EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP-TLS does.

• Question 95:

  Given: ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS- CHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hot-spot include:

  

  Cannot access corporate network resources

  

  Network permissions are limited to Internet access

  

  All stations must be authenticated

  What security controls would you suggest? (Choose the single best answer.)

  A. Implement separate controllers for the corporate and guest WLANs.
  B. Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.
  C. Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.
  D. Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.
  E. Force all guest users to use a common VPN protocol to connect.
  D. Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.

• Question 96:

  An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?

  A. Man-in-the-middle
  B. Hijacking
  C. ASLEAP
  D. DoS
  D. DoS

• Question 97:

  What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

  A. H-REAP
  B. EAP-GTC
  C. EAP-TTLS
  D. PEAP
  E. LEAP
  D. PEAP

• Question 98:

  What 802.11 WLAN security problem is directly addressed by mutual authentication?

  A. Wireless hijacking attacks
  B. Weak password policies
  C. MAC spoofing
  D. Disassociation attacks
  E. Offline dictionary attacks
  F. Weak Initialization Vectors
  A. Wireless hijacking attacks

• Question 99:

  Given: In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.

  What statement about the WLAN security of this company is true?

  A. Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.
  B. A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.
  C. An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.
  D. An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user's 4-Way Handshake.
  E. Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.
  B. A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.

• Question 100:

  Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)

  A. Configuration distribution for autonomous APs
  B. Wireless vulnerability assessment
  C. Application-layer traffic inspection
  D. Analysis and reporting of AP CPU utilization
  E. Policy enforcement and compliance management
  B. Wireless vulnerability assessment
  E. Policy enforcement and compliance management