CWNP CWSP-207 Exam Questions Instant Access

Question 1

When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?

AThe 802.1X Controlled Port is always blocked, but the Uncontrolled Port opens after the EAP authentication process completes.

BThe 802.1X Controlled Port remains blocked until an IP address is requested and accepted by the Supplicant.

CThe 4-Way Handshake must be performed before the 802.1X Controlled Port changes to the unblocked state.

DThe 802.1X Controlled Port is blocked until Vender Specific Attributes (VSAs) are exchanged inside a RADIUS packet between the Authenticator and Authentication Server.

Answer : C

Question 2

Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs. Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:

SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite

SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher suite

The consultant's computer can successfully authenticate and browse the Internet when using the Blue SSID. The same computer cannot authenticate when using the Red SSID.

What is a possible cause of the problem?

AThe Red VLAN does not use server certificate, but the client requires one.

BThe TKIP cipher suite is not a valid option for PEAPv0 authentication.

CThe client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.

DThe consultant does not have a valid Kerberos ID on the Blue VLAN.

Answer : C

Question 3

Given: ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication.

How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

AImport all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.

BImplement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.

CMirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.

DImplement a RADIUS server and query user authentication requests through the LDAP server.

Answer : D

Question 4

Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other users' traffic, the attacker must obtain certain information from the 4-way handshake of the other users.

In addition to knowing the Pairwise Master Key (PMK) and the supplicant's address (SA), what other three inputs must be collected with a protocol analyzer to recreate encryption keys? (Choose 3)

AAuthenticator nonce

BSupplicant nonce

CAuthenticator address (BSSID)

DGTKSA

EAuthentication Server nonce

Answer : A, B, C

Question 5

You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:

1. SSID: Guest -- VLAN 90 -- Security: Open with captive portal authentication -- 2 current clients

2. SSID: ABCData -- VLAN 10 -- Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP -- 5 current clients

3. SSID: ABCVoice -- VLAN 60 -- Security: WPA2-Personal -- 2 current clients

Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.

What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?

AOnly the members of the executive team that are part of the multicast group configured on the media server

BAll clients that are associated to the AP using the ABCData SSID

CAll clients that are associated to the AP using any SSID

DAll clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.

Answer : B

Question 6

While performing a manual scan of your environment using a spectrum analyzer on a laptop computer, you notice a signal in the real time FFT view. The signal is characterized by having peak power centered on channel 11 with an approximate width of 20 MHz at its peak. The signal widens to approximately 40 MHz after it has weakened by about 30 dB.

What kind of signal is displayed in the spectrum analyzer?

AA frequency hopping device is being used as a signal jammer in 5 GHz

BA low-power wideband RF attack is in progress in 2.4 GHz, causing significant 802.11 interference

CAn 802.11g AP operating normally in 2.4 GHz

DAn 802.11a AP operating normally in 5 GHz

Answer : C

Question 7

You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer-grade wireless routers. The wireless routers will connect to a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.

To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?

AWPA-Enterprise

B802.1X/EAP-PEAP

CWPA2-Enterprise

DWPA2-Personal

Answer : D

CWNP Certified Wireless Security Professional CWSP-207 Exam Questions