CWNP CWSP-208 Exam Questions Instant Access

Question 1

You must locate non-compliant 802.11 devices. Which one of the following tools will you use and why?

AA spectrum analyzer, because it can show the energy footprint of a device using WPA differently from a device using WPA2.

BA spectrum analyzer, because it can decode the PHY preamble of a non-compliant device.

CA protocol analyzer, because it can be used to view the spectrum energy of non-compliant 802.11 devices, which is always different from compliant devices.

DA protocol analyzer, because it can be used to report on security settings and regulatory or rule compliance

Answer : D

Question 2

You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions. Which of the following statements is true regarding integrated WIPS solutions?

AIntegrated WIPS always perform better from a client throughput perspective because the same radio that performs the threat scanning also services the clients.

BIntegrated WIPS use special sensors installed alongside the APs to scan for threats.

CMany integrated WIPS solutions that detect Voice over Wi-Fi traffic will cease scanning altogether to accommodate the latency sensitive client traffic.

DIntegrated WIPS is always more expensive than overlay WIPS.

Answer : C

Question 3

You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)

AGenerating passwords for WLAN infrastructure equipment logins

BGenerating PMKs that can be imported into 802.11 RSN-compatible devices

CGenerating secret keys for RADIUS servers and WLAN infrastructure devices

DGenerating passphrases for WLAN systems secured with WPA2-Personal

EGenerating dynamic session keys used for IPSec VPNs

Answer : A, C, D

Question 4

Given: You have implemented strong authentication and encryption mechanisms for your enterprise 802.11 WLAN using 802.1X/EAP with AES-CCMP.

For users connecting within the headquarters office, what other security solution will provide continuous monitoring of both clients and APs with 802.11-specific tracking?

AIPSec VPN client and server software

BInternet firewall software

CWireless intrusion prevention system

DWLAN endpoint agent software

ERADIUS proxy server

Answer : C

Question 5

Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).

Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

AFragmentation threshold

BAdministrative password

COutput power

DCell radius

Answer : B

Question 6

What 802.11 WLAN security problem is directly addressed by mutual authentication?

AWireless hijacking attacks

BWeak password policies

CMAC spoofing

DDisassociation attacks

EOffline dictionary attacks

FWeak Initialization Vectors

Answer : A

Question 7

Given: ABC Corporation's 802.11 WLAN is comprised of a redundant WLAN controller pair (N+1) and 30 access points implemented in 2004. ABC implemented WEP encryption with IPSec VPN technology to secure their wireless communication because it was the strongest security solution available at the time it was implemented. IT management has decided to upgrade the WLAN infrastructure and implement Voice over Wi-Fi and is concerned with security because most Voice over Wi-Fi phones do not support IPSec.

As the wireless network administrator, what new security solution would be best for protecting ABC's data?

AMigrate corporate data clients to WPA-Enterprise and segment Voice over Wi-Fi phones by assigning them to a different frequency band.

BMigrate corporate data and Voice over Wi-Fi devices to WPA2-Enterprise with fast secure roaming support, and segment Voice over Wi-Fi data on a separate VLAN.

CMigrate to a multi-factor security solution to replace IPSec; use WEP with MAC filtering, SSID hiding, stateful packet inspection, and VLAN segmentation.

DMigrate all 802.11 data devices to WPA-Personal, and implement a secure DHCP server to allocate addresses from a segmented subnet for the Voice over Wi-Fi phones.

Answer : B

CWNP Certified Wireless Security Professional (CWSP) CWSP-208 Exam Questions