CWNP CWSP-205 Online Practice Questions and Exam Preparation

CWNP CWSP-205 Online Questions & Answers

• Question 81:

  A WLAN is implemented using WPA-Personal and MAC filtering.

  To what common wireless network attacks is this network potentially vulnerable? (Choose 3)

  A. Offline dictionary attacks
  B. MAC Spoofing
  C. ASLEAP
  D. DoS
  A. Offline dictionary attacks
  B. MAC Spoofing
  D. DoS

• Question 82:

  While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does not use significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth.

  What kind of signal is described?

  A. A high-power, narrowband signal
  B. A 2.4 GHz WLAN transmission using transmit beam forming
  C. An HT-OFDM access point
  D. A frequency hopping wireless device in discovery mode
  E. A deauthentication flood from a WIPS blocking an AP
  F. A high-power ultra wideband (UWB) Bluetooth transmission
  A. A high-power, narrowband signal

• Question 83:

  Given: ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication.

  How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

  A. Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.
  B. Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.
  C. Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.
  D. Implement a RADIUS server and query user authentication requests through the LDAP server.
  D. Implement a RADIUS server and query user authentication requests through the LDAP server.

• Question 84:

  Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

  Before creating the WLAN security policy, what should you ensure you possess?

  A. Awareness of the exact vendor devices being installed
  B. Management support for the process
  C. End-user training manuals for the policies to be created
  D. Security policy generation software
  B. Management support for the process

• Question 85:

  Given: In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation's wireless network. Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user's connections. XYZ's legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices.

  With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?

  A. All WLAN clients will reassociate to the consultant's software AP if the consultant's software AP provides the same SSID on any channel with a 10 dB SNR improvement over the authorized AP.
  B. A higher SSID priority value configured in the Beacon frames of the consultant's software AP will take priority over the SSID in the authorized AP, causing the clients to reassociate.
  C. When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant's software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software AP.
  D. If the consultant's software AP broadcasts Beacon frames that advertise 802.11g data rates that are faster rates than XYZ's current 802.11b data rates, all WLAN clients will reassociate to the faster AP.
  C. When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant's software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software AP.

• Question 86:

  Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server.

  Where must the X.509 server certificate and private key be installed in this network?

  A. Supplicant devices
  B. LDAP server
  C. Controller-based APs
  D. WLAN controller
  E. RADIUS server
  E. RADIUS server

• Question 87:

  Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company's employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.

  What security implementation will allow the network administrator to achieve this goal?

  A. Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect.
  B. Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect.
  C. Implement two separate SSIDs on the AP--one for WPA-Personal using TKIP and one for WPA2- Personal using AES-CCMP.
  D. Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP.
  C. Implement two separate SSIDs on the AP--one for WPA-Personal using TKIP and one for WPA2- Personal using AES-CCMP.

• Question 88:

  The following numbered items show some of the contents of each of the four frames exchanged during the 4-way handshake:

  1.

  Encrypted GTK sent

  2.

  Confirmation of temporal key installation

  3.

  Anonce sent from authenticator to supplicant

  4.

  Snonce sent from supplicant to authenticator, MIC included

  Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.

  A. 2, 3, 4, 1
  B. 1, 2, 3, 4
  C. 4, 3, 1, 2
  D. 3, 4, 1, 2
  D. 3, 4, 1, 2

• Question 89:

  What security benefits are provided by endpoint security solution software? (Choose 3)

  A. Can prevent connections to networks with security settings that do not conform to company policy
  B. Can collect statistics about a user's network use and monitor network threats while they are connected
  C. Can restrict client connections to networks with specific SSIDs and encryption types
  D. Can be used to monitor for and prevent network attacks by nearby rogue clients or APs
  A. Can prevent connections to networks with security settings that do not conform to company policy
  B. Can collect statistics about a user's network use and monitor network threats while they are connected
  C. Can restrict client connections to networks with specific SSIDs and encryption types

• Question 90:

  Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.

  What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

  A. Multi-factor authentication
  B. 4-Way Handshake
  C. PLCP Cyclic Redundancy Check (CRC)
  D. Encrypted Passphrase Protocol (EPP)
  E. Integrity Check Value (ICV)
  F. Group Temporal Keys
  B. 4-Way Handshake
  F. Group Temporal Keys