CWSP-206 Exam Details

  • Exam Code
    :CWSP-206
  • Exam Name
    :CWSP Certified Wireless Security Professional
  • Certification
    :CWNP Certifications
  • Vendor
    :CWNP
  • Total Questions
    :60 Q&As
  • Last Updated
    :Jul 10, 2026

CWNP CWSP-206 Online Questions & Answers

  • Question 11:

    ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations. As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication?

    A. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.
    B. When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.
    C. MS-CHAPv2 uses AES authentication, and is therefore secure.
    D. MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.
    E. LEAP's use of MS-CHAPv2 is only secure when combined with WEP.

  • Question 12:

    When monitoring APs within a LAN using a Wireless Network Management System (WNMS), what secure protocol may be used by the WNMS to issue configuration changes to APs?

    A. PPTP
    B. 802.1X/EAP
    C. TFTP
    D. SNMPv3
    E. IPSec/ESP

  • Question 13:

    Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies. Which one of the following statements is true related to this implementation?

    A. The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.
    B. The client STAs may communicate over the uncontrolled port in order to authenticate as soon as the Open System authentication completes.
    C. The client STAs may use a different, but complementary, EAP type than the AP STAs.
    D. The client will be the authenticator in this scenario.

  • Question 14:

    You must implement 7 APs for a branch office location in your organizations. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).

    Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

    A. Output power
    B. Fragmentation threshold
    C. Administrative password
    D. Cell radius

  • Question 15:

    You support a coffee shop and have recently installed a free 802.11ac wireless hotspot for the benefit of your customers. You want to minimize legal risk in the event that the hotspot is used for illegal Internet activity. What option specifies the best approach to minimize legal risk at this public hotspot while maintaining an open venue for customer Internet access?

    A. Require client STAs to have updated firewall and antivirus software.
    B. Block TCP port 25 and 80 outbound on the Internet router.
    C. Use a WIPS to monitor all traffic and deauthenticate malicious stations.
    D. Implement a captive portal with an acceptable use disclaimer.
    E. Allow only trusted patrons to use the WLAN.
    F. Configure WPA2-Enterprise security on the access point.

  • Question 16:

    Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

    A. Provide two or more user groups connected to the same SSID with different levels of network privileges.
    B. Allow access to specific files and applications based on the user's WMM access category.
    C. Allow simultaneous support for multiple EAP types on a single access point.
    D. Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.

  • Question 17:

    You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured. In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?

    A. CTS
    B. Beacon
    C. RTS
    D. Data frames
    E. Probe request

  • Question 18:

    After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify the security threats?

    A. Separate security profiles must be defined for network operation in different regulatory domains.
    B. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.
    C. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.
    D. Authorized PEAP usernames must be added to the WIPS server's user database.

  • Question 19:

    XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization. What RADIUS feature could be used by XYZ to assign the proper network permissions to users during authentications?

    A. RADIUS can reassign a client's 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.
    B. The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.
    C. The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.
    D. RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.

  • Question 20:

    What attack cannot be detected by a Wireless Intrusion Prevention System (WIPS)?

    A. Deauthentication flood
    B. Soft AP
    C. EAP flood
    D. Eavesdropping
    E. MAC Spoofing
    F. Hotspotter

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-206 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.