CWSP-207 Exam Details

  • Exam Code
    :CWSP-207
  • Exam Name
    :Certified Wireless Security Professional
  • Certification
    :CWNP Certifications
  • Vendor
    :CWNP
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 14, 2026

CWNP CWSP-207 Online Questions & Answers

  • Question 1:

    Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

    A. Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.
    B. Allow access to specific files and applications based on the user's WMM access category.
    C. Provide two or more user groups connected to the same SSID with different levels of network privileges.
    D. Allow simultaneous support for multiple EAP types on a single access point.

  • Question 2:

    Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly. When

    Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful. Before using the WLAN protocol analyzer, Mary’s laptop connected to the

    network without any problems.

    What statement indicates why Mary cannot access the network from her laptop computer?

    A. The nearby WIPS sensor categorized Mary’s protocol analyzer adapter as a threat and is performing a deauthentication flood against her computer.
    B. The PEAP client’s certificate was voided when the protocol analysis software assumed control of the wireless adapter.
    C. The protocol analyzer’s network interface card (NIC) drivers are still loaded and do not support the version of PEAP being used.
    D. Mary’s supplicant software is using PEAPv0/EAP-MSCHAPv2, and the access point is using PEAPv1/EAP-GTC.

  • Question 3:

    After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?

    A. Authorized PEAP usernames must be added to the WIPS server’s user database.
    B. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.
    C. Separate security profiles must be defined for network operation in different regulatory domains
    D. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

  • Question 4:

    Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank’s website uses the HTTPS protocol to protect sensitive

    account information. While John was using the hot-spot, a hacker was able to obtain John’s bank account user ID and password and exploit this information.

    What likely scenario could have allowed the hacker to obtain John’s bank account user ID and password?

    A. John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.
    B. John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.
    C. John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.
    D. The bank’s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
    E. Before connecting to the bank’s website, John’s association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank’s web server and has decrypted John’s login credentials in near real-time.

  • Question 5:

    What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

    A. H-REAP
    B. EAP-GTC
    C. EAP-TTLS
    D. PEAP
    E. LEAP

  • Question 6:

    What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

    A. Require Port Address Translation (PAT) on each laptop.
    B. Require secure applications such as POP, HTTP, and SSH.
    C. Require VPN software for connectivity to the corporate network.
    D. Require WPA2-Enterprise as the minimal WLAN security solution.

  • Question 7:

    When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?

    A. X.509 certificates
    B. User credentials
    C. Server credentials
    D. RADIUS shared secret

  • Question 8:

    Given: The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions. What are three uses for such a tool? (Choose 3)

    A. Transmitting a deauthentication frame to disconnect a user from the AP.
    B. Auditing the configuration and functionality of a WIPS by simulating common attack sequences
    C. Probing the RADIUS server and authenticator to expose the RADIUS shared secret
    D. Cracking the authentication or encryption processes implemented poorly in some WLANs

  • Question 9:

    Which statement correctly defines the role of the Authenticator in 802.1X authentication?

    A. It generates encryption keys for clients
    B. It relays EAP messages between the Supplicant and Authentication Server
    C. It verifies the server certificate
    D. It provides IP addressing for authenticated clients

  • Question 10:

    Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2-Enterprise as its primary

    authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.

    What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?

    A. EAP-FAST
    B. EAP-TLS
    C. PEAPv0/EAP-MSCHAPv2
    D. LEAP
    E. PEAPv0/EAP-TLS
    F. EAP-TTLS/MSCHAPv2

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-207 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.