CWNP CWSP-207 Exam Practice Test Instant Access

Question 1

Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.

What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

AMulti-factor authentication

B4-Way Handshake

CPLCP Cyclic Redundancy Check (CRC)

DEncrypted Passphrase Protocol (EPP)

EIntegrity Check Value (ICV)

FGroup Temporal Keys

Answer : B, F

Question 2

Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.

What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

AOn the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.

BDuring 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.

CIn the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.

DConfigure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.

Answer : B, C, D

Question 3

Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company's employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.

What security implementation will allow the network administrator to achieve this goal?

AImplement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect.

BImplement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect.

CImplement two separate SSIDs on the AP---one for WPA-Personal using TKIP and one for WPA2-Personal using AES-CCMP.

DImplement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP.

Answer : C

Question 4

Given: Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies.

Which one of the following statements is true related to this implementation?

AThe client will be the authenticator in this scenario.

BThe client STAs must use a different, but complementary, EAP type than the AP STAs.

CThe client STAs may communicate over the uncontrolled port in order to authenticate as soon as Open System authentication completes.

DThe client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.

Answer : C

Question 5

While performing a manual scan of your environment using a spectrum analyzer on a laptop computer, you notice a signal in the real time FFT view. The signal is characterized by having peak power centered on channel 11 with an approximate width of 20 MHz at its peak. The signal widens to approximately 40 MHz after it has weakened by about 30 dB.

What kind of signal is displayed in the spectrum analyzer?

AA frequency hopping device is being used as a signal jammer in 5 GHz

BA low-power wideband RF attack is in progress in 2.4 GHz, causing significant 802.11 interference

CAn 802.11g AP operating normally in 2.4 GHz

DAn 802.11a AP operating normally in 5 GHz

Answer : C

Question 6

Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.

As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

AMS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

BMS-CHAPv2 is subject to offline dictionary attacks.

CLEAP's use of MS-CHAPv2 is only secure when combined with WEP.

DMS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

EMS-CHAPv2 uses AES authentication, and is therefore secure.

FWhen implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

Answer : B, D

Question 7

What type of WLAN attack is prevented with the use of a per-MPDU TKIP sequence counter (TSC)?

AWeak-IV

BForgery

CReplay

DBit-flipping

ESession hijacking

Answer : C

CWNP CWSP-207 Certified Wireless Security Professional Exam Practice Test