Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?
A. Provide two or more user groups connected to the same SSID with different levels of network privileges.
B. Allow access to specific files and applications based on the user's WMM access category.
C. Allow simultaneous support for multiple EAP types on a single access point.
D. Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.
What protocol, listed here, allows a network manager to securely administer the network?
A. TFTP
B. Telnet
C. HTTPS
D. SNMPv2
XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization. What RADIUS feature could be used by XYZ to assign the proper network permissions to users during authentications?
A. RADIUS can reassign a client's 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.
B. The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.
C. The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.
D. RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.
When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?
A. Server credentials
B. User credentials
C. RADIUS shared secret
D. X.509 certificates
In an IEEE 802.11-compliant WLAN, when is the 802.1X Controlled Port placed into the unblocked state?
A. After EAP authentication is successful
B. After Open System authentication
C. After the 4-Way Handshake
D. After any Group Handshake
Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM. What device functions as the 802.1X/EAP Authenticator?
A. WLAN Controller/AP
B. MacBook Pro
C. SRV21
D. RADIUS server
A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs. Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:
SSID Blue – VLAN 10 – Lightweight EAP (LEAP) authentication – CCMP cipher suite SSID Red – VLAN 20 – PEAPv0/EAP-TLS authentication – TKIP cipher suite
The consultant's computer can successfully authenticate and browse the Internet when using the Blue SSID. The same computer cannot authenticate when using the Red SSID. What is a possible cause of the problem?
A. The consultant does not have a valid Kerberos ID on the Blue VLAN.
B. The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.
C. The TKIP cipher suite is not a valid option for PEAPv0 authentication.
D. The Red VLAN does not use server certificate, but the client requires one.
Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies. Which one of the following statements is true related to this implementation?
A. The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.
B. The client STAs may communicate over the uncontrolled port in order to authenticate as soon as the Open System authentication completes.
C. The client STAs may use a different, but complementary, EAP type than the AP STAs.
D. The client will be the authenticator in this scenario.
What TKIP feature was introduced to counter the weak integrity check algorithm used in WEP?
A. RC5 stream cipher
B. Block cipher support
C. Sequence counters
D. 32-bit ICV (CRC-32)
E. Michael
Which of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?
A. It does not support a RADIUS server.
B. It is not a valid EAP type.
C. It does not support mutual authentication.
D. It does not support the outer identity.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-206 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.