CWNP Certified Wireless Analysis Professional CWAP-404 Exam Practice Test

Answer : D

Delta is the timing column in the packet view that measures the time difference between two consecutive packets in a capture file. Delta can be used to measure the roaming time from the last VoIP packet sent on the old AP's channel to the first VoIP packet sent on the new AP's channel by selecting these two packets and looking at their delta values. The other timing columns are not suitable for this measurement because they do not show the time difference between two specific packets. Roaming is a column that shows whether a packet belongs to a roaming event or not. Relative is a column that shows the time elapsed since the beginning of the capture file.Absolute is a column that shows the date and time when a packet was captured5Reference:

CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 57

CWAP-404 Objectives, Section 2.4: Analyze timing values

Answer : A

An 802.11 wireless adaptor is required for Wi-Fi integration in laptop-based spectrum analyzer software in addition to the spectrum analysis adapter. The spectrum analysis adapter is a hardware device that captures the RF signals in the wireless environment and sends them to the spectrum analyzer software for analysis and display. The 802.11 wireless adapter is a hardware device that connects the laptop to the wireless network and allows the spectrum analyzer software to correlate the RF data with the Wi-Fi data, such as SSID, channel, and BSSID. This enables the spectrum analyzer software to provide more context and insight into the spectrum activity and its impact on the Wi-Fi network. A firmware upgrade for the spectrum analysis adapter is not required for Wi-Fi integration, but it may be needed to fix bugs or add features to the device. A directional antenna is an antenna that focuses the RF energy in a specific direction and has a high gain and a narrow beamwidth. A directional antenna can be used with a spectrum analysis adapter to pinpoint the location or source of interference or noise in the wireless environment, but it is not required for Wi-Fi integration. SNMP read credentials to the WLAN controller or APs are not required for Wi-Fi integration, but they may be useful for obtaining additional information about the wireless network configuration and performance from the network devices. Reference:

CWAP-404 Study Guide, Chapter 4: Spectrum Analysis and Troubleshooting, page 123

CWAP-404 Objectives, Section 4.2: Integrate Wi-Fi data with spectrum analysis data

CWAP-404 Study Guide, Chapter 4: Spectrum Analysis and Troubleshooting, page 131

Answer : C

Display filters are applied after the capture is completed and they only hide the packets from view. The filtered packets are still present in the capture file and can be enabled for view later by changing or removing the display filter.This is an advantage over capture-time filters, which discard the packets that do not match the filter criteria and cannot be recovered later34Reference:

CWAP-403 Study Guide, Chapter 2: Protocol Analysis, page 37

CWAP-403 Objectives, Section 2.3: Apply display filters

Answer : D

A Reassociation Request frame is sent every time a STA roams from one AP to another within the same ESS. A Reassociation Request frame is similar to an Association Request frame, but it also contains the BSSID of the current AP that the STA is leaving. This allows the new AP to coordinate with the old AP and transfer the STA's context information, such as security keys, QoS parameters, and buffered frames. This way, the STA can maintain its connectivity and session continuity during roaming . Reference: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 195; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 196.

Answer : A

A hexadecimal value is a value that uses base 16 notation, which means it can have digits from 0 to 9 and letters from A to F. A hexadecimal value is usually preceded by 0x to indicate that it is hexadecimal and not decimal or binary. For example, 0x0A is hexadecimal for 10 in decimal or 00001010 in binary. The other options are not valid prefixes for hexadecimal values. Reference:

CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 35

CWAP-404 Objectives, Section 2.2: Analyze field values

Answer : C

A capture visualization tool is a software application that can open a packet capture file and display various graphs, charts, tables, and statistics that illustrate the characteristics and behavior of the wireless network. A capture visualization tool can help a network administrator with little knowledge of 802.11 protocols to evaluate the overall health and performance of their wireless network by providing a visual and intuitive representation of the captured data. A spectrum analyzer is a hardware device that measures the radio frequency signals in a given frequency range and displays their amplitude, frequency, and modulation. A spectrum analyzer can help identify sources of interference and noise in the wireless environment, but it cannot open a packet capture file. Python is a programming language that can be used to write scripts or applications that manipulate or analyze packet capture files, but it requires coding skills and knowledge of 802.11 protocols. A WLAN scanner is a software application that scans for available wireless networks and displays information such as SSID, BSSID, channel, signal strength, security type, and vendor.A WLAN scanner can help discover wireless networks and their basic parameters, but it cannot open a packet capture file345Reference:

CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 63

CWAP-404 Objectives, Section 2.5: Use capture visualization tools

CWAP-404 Study Guide, Chapter 4: Spectrum Analysis and Troubleshooting, page 117

CWAP-404 Objectives, Section 4.1: Use spectrum analysis tools

CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 33

CWAP-404 Objectives, Section 2.2: Analyze field values

Answer : D

Every Beacon frame must contain a DTIM is not a true statement concerning DTIMs. DTIM stands for Delivery Traffic Indication Message, and it is a subfield within the TIM (Traffic Indication Map) element in a Beacon frame. The DTIM indicates how many Beacon frames (including the current one) will appear before the next DTIM. For example, if the DTIM interval is set to 3, it means that every third Beacon frame will contain a DTIM. Buffered broadcast and multicast traffic will be transmitted following a DTIM, so that STAs in power save mode can wake up and receive them. The DTIM interval can also dictate when an STA will wake up to listen to Beacon frames, as some STAs may choose to only listen to Beacon frames that contain a DTIM . Reference: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 200; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 201.