CWSP-208 Exam Details

  • Exam Code
    :CWSP-208
  • Exam Name
    :Certified Wireless Security Professional (CWSP)
  • Certification
    :CWNP Certifications
  • Vendor
    :CWNP
  • Total Questions
    :152 Q&As
  • Last Updated
    :Jul 11, 2026

CWNP CWSP-208 Online Questions & Answers

  • Question 81:

    Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other users' traffic, the attacker must obtain certain information from the 4- way handshake of the other users.

    In addition to knowing the Pairwise Master Key (PMK) and the supplicant's address (SA), what other three inputs must be collected with a protocol analyzer to recreate encryption keys? (Choose 3)

    A. Authenticator nonce
    B. Supplicant nonce
    C. Authenticator address (BSSID)
    D. GTKSA
    E. Authentication Server nonce

  • Question 82:

    You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4-way handshake.

    Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)

    A. STA1 and STA2 are using different cipher suites.
    B. STA2 has retransmissions of EAP frames.
    C. STA1 is a reassociation and STA2 is an initial association.
    D. STA1 is a TSN, and STA2 is an RSN.
    E. STA1 and STA2 are using different EAP types.

  • Question 83:

    Given: The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions.

    What are three uses for such a tool? (Choose 3)

    A. Transmitting a deauthentication frame to disconnect a user from the AP.
    B. Auditing the configuration and functionality of a WIPS by simulating common attack sequences
    C. Probing the RADIUS server and authenticator to expose the RADIUS shared secret
    D. Cracking the authentication or encryption processes implemented poorly in some WLANs

  • Question 84:

    What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?

    A. Fast/secure roaming in an 802.11 RSN is significantly longer when EAP-TLS is in use.
    B. EAP-TLS does not protect the client's username and password inside an encrypted tunnel.
    C. EAP-TLS cannot establish a secure tunnel for internal EAP authentication.
    D. EAP-TLS is supported only by Cisco wireless infrastructure and client devices.
    E. EAP-TLS requires extensive PKI use to create X.509 certificates for both the server and all clients, which increases administrative overhead.

  • Question 85:

    You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:

    1. SSID: Guest - VLAN 90 - Security: Open with captive portal authentication - 2 current clients

    2. SSID: ABCData - VLAN 10 - Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP - 5 current clients

    3. SSID: ABCVoice - VLAN 60 - Security: WPA2-Personal - 2 current clients

    Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.

    What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?

    A. Only the members of the executive team that are part of the multicast group configured on the media server
    B. All clients that are associated to the AP using the ABCData SSID
    C. All clients that are associated to the AP using any SSID
    D. All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.

  • Question 86:

    What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?

    A. Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.
    B. Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.
    C. Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.
    D. The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.

  • Question 87:

    You must locate non-compliant 802.11 devices.

    Which one of the following tools will you use and why?

    A. A spectrum analyzer, because it can show the energy footprint of a device using WPA differently from a device using WPA2.
    B. A spectrum analyzer, because it can decode the PHY preamble of a non-compliant device.
    C. A protocol analyzer, because it can be used to view the spectrum energy of non-compliant 802.11 devices, which is always different from compliant devices.
    D. A protocol analyzer, because it can be used to report on security settings and regulatory or rule compliance

  • Question 88:

    You are implementing a wireless LAN that will be used by point-of-sale (PoS) systems in a retail environment. Thirteen PoS computers will be installed.

    To what industry requirement should you ensure you adhere?

    A. ISA99
    B. HIPAA
    C. PCI-DSS
    D. Directive 8500.01

  • Question 89:

    Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.

    What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?

    A. EAP-FAST
    B. EAP-TLS
    C. PEAPv0/EAP-MSCHAPv2
    D. LEAP
    E. PEAPv0/EAP-TLS
    F. EAP-TTLS/MSCHAPv2

  • Question 90:

    Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

    A. Rogue APs
    B. DoS
    C. Eavesdropping
    D. Social engineering

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-208 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.