CWSP-206 Online Practice Questions and Answers

In order to acquire credentials of a valid user on a public hotspot network, what attacks may be conducted? Choose the single completely correct answer.

A. MAC denial of service and/or physical theft

B. Social engineering and/or eavesdropping

C. Authentication cracking and/or RF DoS

D. Code injection and/or XSS

E. RF DoS and/or physical theft

The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions. Which one of the following would not be a suitable penetration testing action taken with this tool?

A. Auditing the configuration and functionality of a WIPS by simulating common attack sequences.

B. Transmitting a deauthentication frame to disconnect a user from the AP.

C. Cracking the authentication or encryption processes implemented poorly in some WLANs.

D. Probing the RADIUS server and authenticator to expose the RADIUS shared secret.

You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution. In this configuration, the wireless network is initially susceptible to what type of attack?

A. Offline dictionary attacks

B. Application eavesdropping

C. Session hijacking

D. Layer 3 peer-to-peer

E. Encryption cracking

You perform a protocol capture using Wireshark and a compatible 802.11 adapter in Linux. When viewing the capture, you see an auth req frame and an auth rsp frame. Then you see an assoc req frame and an assoc rsp frame. Shortly after, you see DHCP communications and then ISAKMP protocol packets. What security solution is represented?

A. 802.1X/EAP-TTLS

B. WPA2-Personal with AES-CCMP

C. 802.1X/PEAPv0/MS-CHAPv2

D. EAP-MD5

E. Open 802.11 authentication with IPSec

Which of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

A. It does not support a RADIUS server.

B. It is not a valid EAP type.

C. It does not support mutual authentication.

D. It does not support the outer identity.

A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication. For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

A. SNMPv3 support

B. 802.1Q VLAN trunking

C. Internal RADIUS server

D. WIPS support and integration

E. WPA2-Enterprise authentication/encryption

ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering). How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

A. The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.

B. The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.

C. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.

D. The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.

You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used?

A. Generating PMKs that can be imported into 802.11 RSN-compatible devices.

B. Generating passwords for WLAN infrastructure equipment logins.

C. Generating dynamic session keys used for IPSec VPNs.

D. Generating GTKs for broadcast traffic encryption.

You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured. In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?

A. CTS

B. Beacon

C. RTS

D. Data frames

E. Probe request

What preventative measures are performed by a WIPS against intrusions?

A. Uses SNMP to disable the switch port to which rogue APs connect.

B. Evil twin attack against a rogue AP.

C. EAPoL Reject frame flood against a rogue AP.

D. Deauthentication attack against a classified neighbor AP.

E. ASLEAP attack against a rogue AP.