CWSP-207 Exam Details

  • Exam Code
    :CWSP-207
  • Exam Name
    :Certified Wireless Security Professional
  • Certification
    :CWNP Certifications
  • Vendor
    :CWNP
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 14, 2026

CWNP CWSP-207 Online Questions & Answers

  • Question 121:

    Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an

    LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server.

    Where must the X.509 server certificate and private key be installed in this network?

    A. Supplicant devices
    B. LDAP server
    C. Controller-based APs
    D. WLAN controller
    E. RADIUS server

  • Question 122:

    What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in an 802.11 WLAN?

    A. EAP-TTLS sends encrypted supplicant credentials to the authentication server, but EAP-TLS uses unencrypted user credentials.
    B. EAP-TTLS supports client certificates, but EAP-TLS does not.
    C. EAP-TTLS does not require an authentication server, but EAP-TLS does.
    D. EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP-TLS does.

  • Question 123:

    In WPA2-Enterprise, which entity is responsible for verifying user credentials?

    A. Authenticator
    B. Supplicant
    C. Authentication Server
    D. Certificate Authority

  • Question 124:

    What information can be used by a WIPS to triangulate the position of a rogue device?

    A. RSSI values from multiple sensors
    B. Beacon interval timing
    C. VLAN tag assignments
    D. MAC OUI prefix

  • Question 125:

    In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from 802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC’s facility. ABC has always been highly security

    conscious, but due to budget limitations, they have not yet updated their overlay WIPS solution to 802.11n or 802.11ac.

    Given ABC’s deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?

    A. Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client
    B. Rogue AP operating in Greenfield 40 MHz-only mode
    C. 802.11a STA performing a deauthentication attack against 802.11n APs
    D. 802.11n client spoofing the MAC address of an authorized 802.11n client

  • Question 126:

    You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer-grade wireless routers. The wireless routers will connect to

    a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.

    To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?

    A. WPA-Enterprise
    B. 802.1X/EAP-PEAP
    C. WPA2-Enterprise
    D. WPA2-Personal

  • Question 127:

    Given: An 802.1X/EAP implementation includes an Active Directory domain controller running Windows Server 2012 and an AP from a major vendor. A Linux server is running RADIUS and it queries the domain controller for user credentials.

    A Windows client is accessing the network.

    What device functions as the EAP Supplicant?

    A. Linux server
    B. Windows client
    C. Access point
    D. Windows server
    E. An unlisted switch
    F. An unlisted WLAN controller

  • Question 128:

    The following numbered items show some of the contents of each of the four frames exchanged during the 4-way handshake:

    1.Encrypted GTK sent

    2.Confirmation of temporal key installation

    3.Anonce sent from authenticator to supplicant

    4.Snonce sent from supplicant to authenticator, MIC included

    Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.

    A. 2, 3, 4, 1
    B. 1, 2, 3, 4
    C. 4, 3, 1, 2
    D. 3, 4, 1, 2

  • Question 129:

    What preventative measures are performed by a WIPS against intrusions?

    A. EAPoL Reject frame flood against a rogue AP
    B. Evil twin attack against a rogue AP
    C. Deauthentication attack against a classified neighbor AP
    D. ASLEAP attack against a rogue AP
    E. Uses SNMP to disable the switch port to which rogue APs connect

  • Question 130:

    What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?

    A. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.
    B. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.
    C. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.
    D. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-207 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.