CWSP-207 Exam Details

  • Exam Code
    :CWSP-207
  • Exam Name
    :Certified Wireless Security Professional
  • Certification
    :CWNP Certifications
  • Vendor
    :CWNP
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 14, 2026

CWNP CWSP-207 Online Questions & Answers

  • Question 31:

    While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2

    megahertz of bandwidth and it does notuse significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth.

    What kind of signal is described?

    A. A high-power, narrowband signal
    B. A 2.4 GHz WLAN transmission using transmit beam forming
    C. An HT-OFDM access point
    D. A frequency hopping wireless device in discovery mode
    E. A deauthentication flood from a WIPS blocking an AP
    F. A high-power ultra wideband (UWB) Bluetooth transmission

  • Question 32:

    Select the answer option that arranges the numbered events in the correct time sequence (first to last) for a client associating to a BSS using EAP-PEAPv0/MSCHAPv2.

    1.Installation of PTK

    2.Initiation of 4-way handshake

    3.Open system authentication

    4.802.11 association

    5.802.1X controlled port is opened for data traffic

    6.Client validates server certificate

    7.AS validates client credentials

    A. 3-4-6-7-2-1-5
    B. 4-3-5-2-7-6-1
    C. 5-3-4-2-6-7-1
    D. 6-1-3-4-2-7-5
    E. 4-3-2-7-6-1-5
    F. 3-4-7-6-5-2-1

  • Question 33:

    In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce? (Choose 2)

    A. They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.
    B. The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).
    C. They are added together and used as the GMK, from which the GTK is derived.
    D. They are input values used in the derivation of the Pairwise Transient Key.
    E. They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.

  • Question 34:

    Given: You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet. What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)

    A. User external antennas.
    B. Use internal antennas.
    C. Power the APs using PoE.
    D. Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.

  • Question 35:

    Given: ABC Company is an Internet Service Provider with thousands of customers. ABC’s customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential

    database. ABC is extending their service toexisting customers in some public access areas and would like to use their existing database for authentication.

    How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

    A. Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.
    B. Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.
    C. Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.
    D. Implement a RADIUS server and query user authentication requests through the LDAP server.

  • Question 36:

    Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other usersA. Authenticator nonce
    B. Supplicant nonce
    C. Authenticator address (BSSID)
    D. GTKSA
    E. Authentication Server nonce

  • Question 37:

    You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)

    A. Generating passwords for WLAN infrastructure equipment logins
    B. Generating PMKs that can be imported into 802.11 RSN-compatible devices
    C. Generating secret keys for RADIUS servers and WLAN infrastructure devices
    D. Generating passphrases for WLAN systems secured with WPA2-Personal
    E. Generating dynamic session keys used for IPSec VPNs

  • Question 38:

    Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs. Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The

    SSIDs are configured as follows:

    SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite

    SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher suite

    The consultant’s computer can successfully authenticate and browse the Internet when using the Blue SSID.

    The same computer cannot authenticate when using the Red SSID.

    What is a possible cause of the problem?

    A. The Red VLAN does not use server certificate, but the client requires one.
    B. The TKIP cipher suite is not a valid option for PEAPv0 authentication.
    C. The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.
    D. The consultant does not have a valid Kerberos ID on the Blue VLAN.

  • Question 39:

    Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop

    operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individualshave raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2

    has proven vulnerable in improper implementations.

    As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

    A. MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.
    B. MS-CHAPv2 is subject to offline dictionary attacks.
    C. LEAP’s use of MS-CHAPv2 is only secure when combined with WEP.
    D. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.
    E. MS-CHAPv2 uses AES authentication, and is therefore secure.
    F. When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

  • Question 40:

    When implementing a WPA2-Enterprise security solution, what protocol must the selected RADIUS server support?

    A. LWAPP, GRE, or CAPWAP
    B. IPSec/ESP
    C. EAP
    D. CCMP and TKIP
    E. LDAP

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-207 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.