CWSP-206 Online Practice Questions and Answers

During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text. From a security perspective, why is this significant?

A. The username can be looked up in a dictionary file that lists common username/password combinations.

B. The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.

C. 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.

D. The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.

You must implement 7 APs for a branch office location in your organizations. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).

Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

A. Output power

B. Fragmentation threshold

C. Administrative password

D. Cell radius

You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet. What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)

A. Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.

B. Use internal antennas.

C. Use external antennas.

D. Power the APs using PoE.

Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

A. Provide two or more user groups connected to the same SSID with different levels of network privileges.

B. Allow access to specific files and applications based on the user's WMM access category.

C. Allow simultaneous support for multiple EAP types on a single access point.

D. Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.

ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection. What security characteristic and/or component plays a role in preventing data decryption?

A. 4-Way Handshake

B. PLCP Cyclic Redundancy Check (CRC)

C. Multi-factor authentication

D. Encrypted Passphrase Protocol (EPP)

E. Integrity Check Value (ICV)

Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP- compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server. Where must the X.509 server certificate and private key be installed in this network?

A. Controller-based APs

B. WLAN controller

C. RADIUS server

D. Supplicant devices

E. LDAP server

You support a coffee shop and have recently installed a free 802.11ac wireless hotspot for the benefit of your customers. You want to minimize legal risk in the event that the hotspot is used for illegal Internet activity. What option specifies the best approach to minimize legal risk at this public hotspot while maintaining an open venue for customer Internet access?

A. Require client STAs to have updated firewall and antivirus software.

B. Block TCP port 25 and 80 outbound on the Internet router.

C. Use a WIPS to monitor all traffic and deauthenticate malicious stations.

D. Implement a captive portal with an acceptable use disclaimer.

E. Allow only trusted patrons to use the WLAN.

F. Configure WPA2-Enterprise security on the access point.

A network security auditor is preparing to perform a comprehensive assessment of an 802.11ac network's security. What task should be performed at the beginning of the audit to maximize the auditor's ability to expose network vulnerabilities?

A. Identify the IP subnet information for each network segment.

B. Identify the manufacturer of the wireless infrastructure hardware.

C. Identify the skill level of the wireless network security administrator(s).

D. Identify the manufacturer of the wireless intrusion prevention system.

E. Identify the wireless security solution(s) currently in use.

What security vulnerability may result from a lack of staging, change management, and installation procedures for WLAN infrastructure equipment?

A. The WLAN system may be open to RF Denial-of-Service attacks.

B. Authentication cracking of 64-bit Hex WPA-Personal PSK.

C. AES-CCMP encryption keys may be decrypted.

D. WIPS may not classify authorized, rogue, and neighbor APs accurately.

After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify the security threats?

A. Separate security profiles must be defined for network operation in different regulatory domains.

B. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

C. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

D. Authorized PEAP usernames must be added to the WIPS server's user database.