CWNP CWNA-109 Exam Practice Test Instant Access

Question 1

What common feature of MDM solutions can be used to protect enterprise data on mobile devices?

AOver-the-air registration

BOnboarding

CContainerization

DSelf-registration

Answer : C

A common feature of MDM solutions that can be used to protect enterprise data on mobile devices iscontainerization. Containerization is a technique that creates a separate and secure environment on the mobile device where enterprise data and applications are stored and accessed. Containerization isolates the enterprise data from the personal data and prevents unauthorized access, leakage, or loss of sensitive information. Containerization can also enforce security policies, encryption, authentication, and remote wipe on the enterprise data and applications. Over-the-air registration, onboarding, and self-registration are features of MDM solutions that facilitate the enrollment and management of mobile devices, but they do not directly protect enterprise data on mobile devices.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 336; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 326.

Question 2

When antenna gain is reported in dBi, the gain of the antenna is compared to what theoretical radiator?

AEnd-fire radiator

BDipole radiator

CIsotropic radiator

DAnthropomorphic radiator

Answer : C

An isotropic radiator is a theoretical point source of electromagnetic radiation that radiates equally in all directions. It has no physical dimensions and no preferred direction of radiation.It is used as a reference for antenna gain because it represents the ideal case of a perfect omnidirectional antenna12

Antenna gain is a measure of how well an antenna concentrates its radiated power in a certain direction. It is expressed in decibels (dB) relative to a reference antenn

a.When the reference antenna is an isotropic radiator, the antenna gain is denoted by dBi, which stands for decibels relative to isotropic12

For example, an antenna with a gain of 3 dBi means that it radiates 3 dB more power in its main direction than an isotropic radiator would.Conversely, an antenna with a gain of -3 dBi means that it radiates 3 dB less power in its main direction than an isotropic radiator would12

Question 3

What is always required to establish a high quality 2.4 GHz RF link at a distance of 3 miles (5 kilometers)?

AMinimum output power level of 2 W

BGrid antennas ateach endpoint

CA minimum antenna gain of 11 dBi at both endpoints

DA Fresnel Zone that is at least 60% clear of obstructions

Answer : D

What is always required to establish a high quality 2.4 GHz RF link at a distance of 3 miles (5 kilometers) isa Fresnel Zone that is at least 60% clear of obstructions. The Fresnel Zone is an elliptical-shaped area around the line-of-sight path between two antennas that reflects and refracts the RF waves. The Fresnel Zone radius depends on the frequency of the RF signal and the distance between the antennas. For optimal performance, the Fresnel Zone should be at least 60% clear of any obstructions that may cause interference, attenuation, or multipath fading. The minimum output power level, antenna gain, and antenna type may vary depending on the environmental conditions and regulatory constraints, but they are not always required for a high quality RF link.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 75; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 65.

Question 4

You were previously onsite at XYZ's facility to conduct a pre-deployment RF site survey. The WLAN has been deployed according to your recommendations and you are onsite again to perform a post-deployment validation survey.

When performing this type of post-deployment RF site survey voice over Wi-Fi, what is an action that must be performed?

ASpectrum analysis to locate and identify RF interference sources.

BFrequency-band hopping analysis to detect improper RF channel implementations.

CApplication analysis with an active phone call on an VoWiFi handset.

DProtocol analysis to discover channel use on neighboring APs.

Answer : C

When performing a post-deployment validation survey for voice over Wi-Fi (VoWiFi), an action that must be performed isApplication analysis with an active phone call on a VoWiFi handset. Application analysis is a method of testing the performance of a specific application over the WLAN by measuring parameters such as throughput, latency, jitter, packet loss, MOS score, and R-value. Application analysis with an active phone call on a VoWiFi handset can help to evaluate the quality of service (QoS) and user experience of VoWiFi calls over the WLAN. It can also help to identify any issues or bottlenecks that may affect VoWiFi calls such as interference, roaming delays, or insufficient coverage.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 549; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 519.

Question 5

What is required when operating 802.11ax APS in the 6 GHz band using passphrase-based authentication?

AVHT PHY

BHT PHY

CSAE

DCCMP

Answer : C

SAE (Simultaneous Authentication of Equals) is required when operating 802.11ax APs in the 6 GHz band using passphrase-based authentication. SAE is a secure and robust authentication method that is defined in the IEEE 802.11s amendment and is also known as WPA3-Personal or WPA3-SAE. SAE is based on a cryptographic technique called Dragonfly Key Exchange, which allows two parties to establish a shared secret key using a passphrase, without revealing the passphrase or the key to an eavesdropper or an attacker. SAE also provides forward secrecy, which means that if the passphrase or the key is compromised in the future, it does not affect the security of past communications.

SAE is required when operating 802.11ax APs in the 6 GHz band using passphrase-based authentication because of the new regulations and standards that apply to this band. The 6 GHz band is a new frequency band that was opened for unlicensed use by the FCC and other regulatory bodies in 2020. The 6 GHz band offers more spectrum and less interference than the existing 2.4 GHz and 5 GHz bands, which can enable higher performance and efficiency for Wi-Fi devices. However, the 6 GHz band also has some restrictions and requirements that are different from the other bands, such as:

The 6 GHz band is divided into two sub-bands: U-NII-5 (5925-6425 MHz) and U-NII-7 (6525-6875 MHz). The U-NII-5 sub-band is subject to DFS (Dynamic Frequency Selection) rules, which require Wi-Fi devices to monitor and avoid using channels that are occupied by radar systems or other primary users. The U-NII-7 sub-band is not subject to DFS rules, but it has a lower maximum transmit power limit than the U-NII-5 sub-band.

The Wi-Fi devices that operate in the 6 GHz band are called 6E devices, which stands for Extended Spectrum. 6E devices must support 802.11ax technology, which is also known as Wi-Fi 6 or High Efficiency (HE). 802.11ax is a new standard that improves the performance and efficiency of Wi-Fi networks by using features such as OFDMA (Orthogonal Frequency Division Multiple Access), MU-MIMO (Multi-User Multiple Input Multiple Output), BSS Coloring, TWT (Target Wake Time), and HE PHY and MAC enhancements.

The 6E devices that operate in the 6 GHz band must also support WPA3 security, which is a new security protocol that replaces WPA2 and provides stronger encryption and authentication for Wi-Fi networks. WPA3 has two modes: WPA3-Personal and WPA3-Enterprise. WPA3-Personal uses SAE as its authentication method, which requires a passphrase to establish a secure connection between two devices. WPA3-Enterprise uses EAP (Extensible Authentication Protocol) as its authentication method, which requires a certificate or a credential to authenticate with a server.

Therefore, SAE is required when operating 802.11ax APs in the 6 GHz band using passphrase-based authentication because it is part of WPA3-Personal security, which is mandatory for 6E devices in this band.Reference:, Chapter 3, page 120; , Section 3.2

9of30

Question 6

A client STA must choose the best AP for connectivity. As part of the evaluation, it must verify compatible data rates. What can the client STA use to verify that an

AP supports the same data rates that it supports?

ABeacon frames transmitted by the AP

BData frames sent between the AP and current clients STAs

CAuthentication frames transmitted by the other client STAs

DProbe request frames transmitted by other client STAs

Answer : A

The client STA can useBeacon frames transmitted by the APto verify that an AP supports the same data rates that it supports. Beacon frames are management frames that are periodically broadcasted by the APs to announce their presence, capabilities, and parameters. One of the information elements contained in the Beacon frames is the Supported Rates or Extended Supported Rates, which lists the data rates that the AP can use for communication. The client STA can compare its own data rates with those advertised by the AP to determine if they are compatible. Data frames, authentication frames, and probe request frames do not contain information about data rates.Reference:[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 133; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 123.

Question 7

Lynne runs a small hotel, and as a value added service for his customers he has implemented a Wi-Fi hot-spot. Lynne has read news articles about how hackers wait at hot-spots trying to take advantage of unsuspecting users. He wants to avoid this problem at his hotel.

What is an efficient and practical step that Lynne can take to decrease the likelihood of active attacks on his customers' wireless computers?

AEnable station-to-station traffic blocking by the access points in the hotel.

BImplement Network Access Control (NAC) and require antivirus and firewall software along with OS patches.

CImplement an SSL VPN in the WLAN controller that initiates after HTTPS login.

DRequire EAP-FAST authentication and provide customers with a username/password on their receipt.

Answer : A

In a public Wi-Fi hotspot, like the one Lynne runs in his hotel, ensuring customer security against active attacks is crucial. Active attacks involve unauthorized access, eavesdropping, or manipulation of the network traffic. To mitigate such threats, an effective and practical step is:

Station-to-Station Traffic Blocking: Also known as client isolation, this feature prevents direct communication between devices connected to the Wi-Fi network. By enabling this on the access points, Lynne can significantly decrease the likelihood of active attacks like man-in-the-middle (MITM) attacks, where an attacker intercepts and possibly alters the communication between two parties.

The other options, while beneficial for network security, might not be as straightforward or practical for Lynne's situation:

Network Access Control (NAC) requires a more complex infrastructure and management, which might not be ideal for a small hotel setup.

Implementing an SSL VPN adds an extra layer of security but might complicate the login process for users, potentially affecting the user experience.

Requiring EAP-FAST authentication provides secure authentication but may not be feasible for transient customers who expect quick and easy network access.

Therefore, enabling station-to-station traffic blocking is a practical and efficient measure that Lynne can implement to enhance customer security on the Wi-Fi network.

CWNA Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109, by David D. Coleman and David A. Westcott.

Best practices for securing a wireless network in a public hotspot environment.

CWNP CWNA-109 Certified Wireless Network Administrator Exam Practice Test