CWSP-208 Exam Details

  • Exam Code
    :CWSP-208
  • Exam Name
    :Certified Wireless Security Professional (CWSP)
  • Certification
    :CWNP Certifications
  • Vendor
    :CWNP
  • Total Questions
    :152 Q&As
  • Last Updated
    :Jul 11, 2026

CWNP CWSP-208 Online Questions & Answers

  • Question 21:

    Given: Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.

    While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)

    A. Man-in-the-Middle
    B. Wi-Fi phishing
    C. Management interface exploits
    D. UDP port redirection
    E. IGMP snooping

  • Question 22:

    What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

    A. Require Port Address Translation (PAT) on each laptop.
    B. Require secure applications such as POP, HTTP, and SSH.
    C. Require VPN software for connectivity to the corporate network.
    D. Require WPA2-Enterprise as the minimal WLAN security solution.

  • Question 23:

    What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in an 802.11 WLAN?

    A. EAP-TTLS sends encrypted supplicant credentials to the authentication server, but EAP-TLS uses unencrypted user credentials.
    B. EAP-TTLS supports client certificates, but EAP-TLS does not.
    C. EAP-TTLS does not require an authentication server, but EAP-TLS does.
    D. EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP-TLS does.

  • Question 24:

    Given: A company is implementing WPA3-Personal on a new WLAN and wants protection against passive capture of credentials during the initial authentication process.

    What mechanism provides this protection?

    A. Pre-Shared Key (PSK)
    B. Simultaneous Authentication of Equals (SAE)
    C. TKIP sequence counters
    D. Group Temporal Key (GTK)

  • Question 25:

    Which WIPS function helps identify an attacker using MAC address spoofing?

    A. RF fingerprinting
    B. Deauthentication protection
    C. Probe request filtering
    D. VLAN segmentation

  • Question 26:

    Which 802.1X port type allows only EAP traffic prior to authentication?

    A. Controlled Port
    B. Uncontrolled Port
    C. Open Port
    D. Access Port

  • Question 27:

    Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

    A. It does not support the outer identity.
    B. It is not a valid EAP type.
    C. It does not support mutual authentication.
    D. It does not support a RADIUS server.

  • Question 28:

    Given: You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet.

    What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations?

    (Choose the single best answer.)

    A. User external antennas.
    B. Use internal antennas.
    C. Power the APs using PoE.
    D. Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.

  • Question 29:

    Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console.

    What kind of system should be installed to provide the required compliance reporting and forensics features?

    A. WNMS
    B. WIPS overlay
    C. WIPS integrated
    D. Cloud management platform

  • Question 30:

    Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.

    What security best practices should be followed in this deployment scenario?

    A. An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.
    B. APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.
    C. RADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.
    D. Remote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-208 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.