CWSP-207 Exam Details

  • Exam Code
    :CWSP-207
  • Exam Name
    :Certified Wireless Security Professional
  • Certification
    :CWNP Certifications
  • Vendor
    :CWNP
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 14, 2026

CWNP CWSP-207 Online Questions & Answers

  • Question 21:

    Given: You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and

    encryption solution.

    In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)

    A. Encryption cracking
    B. Offline dictionary attacks
    C. Layer 3 peer-to-peer
    D. Application eavesdropping
    E. Session hijacking
    F. Layer 1 DoS

  • Question 22:

    Which one of the following describes the correct hierarchy of 802.1X authentication key derivation?

    A. The MSK is generated from the 802.1X/EAP authentication. The PMK is derived from the MSK. The PTK is derived from the PMK, and the keys used for actual data encryption are a part of the PTK.
    B. If passphrase-based client authentication is used by the EAP type, the PMK is mapped directly from the user’s passphrase. The PMK is then used during the 4-way handshake to create data encryption keys.
    C. After successful EAP authentication, the RADIUS server generates a PMK. A separate key, the MSK, is derived from the AAA key and is hashed with the PMK to create the PTK and GTK.
    D. The PMK is generated from a successful mutual EAP authentication. When mutual authentication is not used, an MSK is created. Either of these two keys may be used to derive the temporal data encryption keys during the 4-way handshake.

  • Question 23:

    As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

    A. Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.
    B. Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.
    C. Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.
    D. A trained employee should install and configure a WIPS for rogue detection and response measures.
    E. Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

  • Question 24:

    For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?

    A. All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.
    B. A location chipset (GPS) must be installed with it.
    C. At least six antennas must be installed in each sensor.
    D. The RF environment must be sampled during an RF calibration process.

  • Question 25:

    Given: Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM.

    What device functions as the 802.1X/EAP Authenticator?

    A. SRV21
    B. WLAN Controller/AP
    C. MacBook Pro
    D. RADIUS server

  • Question 26:

    When monitoring APs within a LAN using a Wireless Network Management System (WNMS), what secure protocol may be used by the WNMS to issue configuration changes to APs?

    A. IPSec/ESP
    B. TFTP
    C. 802.1X/EAP
    D. SNMPv3
    E. PPTP

  • Question 27:

    Which 802.1X port type allows only EAP traffic prior to authentication?

    A. Controlled Port
    B. Uncontrolled Port
    C. Open Port
    D. Access Port

  • Question 28:

    Which frame exchange immediately follows successful 802.1X authentication in a WPA2-Enterprise environment?

    A. Group Key Handshake
    B. Association Response
    C. 4-Way Handshake
    D. EAP Success acknowledgment

  • Question 29:

    Which of the following best describes Opportunistic Key Caching (OKC)?

    A. Key caching technique that allows re-use of PMK across APs under the same controller
    B. Dynamic key generation for each session between STA and RADIUS
    C. Mechanism to refresh GTK after every association
    D. 802.11w key confirmation protocol

  • Question 30:

    Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing

    WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console.

    What kind of system should be installed to provide the required compliance reporting and forensics features?

    A. WNMS
    B. WIPS overlay
    C. WIPS integrated
    D. Cloud management platform

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-207 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.