Certified Wireless Security Professional (CWSP) v6.0 (CWSP-205)

Page:    1 / 8   
Total 119 questions

Given: AAA is an architectural framework used to provide three separate security components in a network. Listed below are three phrases that each describe one aspect of the AAA framework.
Option-1 This AAA function is performed first and validates user identify prior to determining the network resources to which they will be granted access.
Option-2 This function is used for monitoring and auditing purposes and includes the collection of data that identifies what a user has done while connected.
Option-3 This function is used to designate permissions to a particular user.
What answer correctly pairs the AAA component with the descriptions provided above?

  • A. Option-1 – Access Control Option-2 – Authorization Option-3 – Accounting
  • B. Option-1 – Authentication Option-2 – Accounting Option-3 – Association
  • C. Option-1 – Authorization Option-2 – Access Control Option-3 – Association
  • D. Option-1 – Authentication Option-2 – Accounting Option-3 – Authorization

Answer : D

When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the
802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?

  • A. The 802.1X Controlled Port is always blocked, but the Uncontrolled Port opens after the EAP authentication process completes.
  • B. The 802.1X Controlled Port remains blocked until an IP address is requested and accepted by the Supplicant.
  • C. The 4-Way Handshake must be performed before the 802.1X Controlled Port changes to the unblocked state.
  • D. The 802.1X Controlled Port is blocked until Vender Specific Attributes (VSAs) are exchanged inside a RADIUS packet between the Authenticator and Authentication Server.

Answer : C

Given: XYZ Company has recently installed a controller-based WLAN and is using a
RADIUS server to query authentication requests to an LDAP server. XYZ maintains user- based access policies and would like to use the RADIUS server to facilitate network authorization.
What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)

  • A. The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.
  • B. The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.
  • C. RADIUS can reassign a clients 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.
  • D. RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.
  • E. RADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.

Answer : B,E

You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)

  • A. Generating passwords for WLAN infrastructure equipment logins
  • B. Generating PMKs that can be imported into 802.11 RSN-compatible devices
  • C. Generating secret keys for RADIUS servers and WLAN infrastructure devices
  • D. Generating passphrases for WLAN systems secured with WPA2-Personal
  • E. Generating dynamic session keys used for IPSec VPNs

Answer : A,C,D

Given: XYZ Company has recently installed an 802.11ac WLAN. The company needs the ability to control access to network services, such as file shares, intranet web servers, and
Internet access based on an employee's job responsibilities.
What WLAN security solution meets this requirement?

  • A. An autonomous AP system with MAC filters
  • B. WPA2-Personal with support for LDAP queries
  • C. A VPN server with multiple DHCP scopes
  • D. A WLAN controller with RBAC features
  • E. A WLAN router with wireless VLAN support

Answer : D

You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other
(STA2) used 11 EAP frames (excluding ACK frames) before the 4-way handshake.
Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful?
(Choose the single most probable answer given a stable WLAN.)

  • A. STA1 and STA2 are using different cipher suites.
  • B. STA2 has retransmissions of EAP frames.
  • C. STA1 is a reassociation and STA2 is an initial association.
  • D. STA1 is a TSN, and STA2 is an RSN.
  • E. STA1 and STA2 are using different EAP types.

Answer : E

What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?

  • A. The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.
  • B. The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.
  • C. The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.
  • D. The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.

Answer : B

What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE
802.11 4 Way Handshake?

  • A. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.
  • B. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.
  • C. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.
  • D. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.

Answer : A

Given: When the CCMP cipher suite is used for protection of data frames, 16 bytes of overhead are added to the Layer 2 frame. 8 of these bytes comprise the MIC.
What purpose does the encrypted MIC play in protecting the data frame?

  • A. The MIC is used as a first layer of validation to ensure that the wireless receiver does not incorrectly process corrupted signals.
  • B. The MIC provides for a cryptographic integrity check against the data payload to ensure that it matches the original transmitted data.
  • C. The MIC is a hash computation performed by the receiver against the MAC header to detect replay attacks prior to processing the encrypted payload.
  • D. The MIC is a random value generated during the 4-way handshake and is used for key mixing to enhance the strength of the derived PTK.

Answer : B

Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.
What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?

  • B. EAP-TLS
  • D. LEAP

Answer : B

Given: You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet. What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)

  • A. User external antennas.
  • B. Use internal antennas.
  • C. Power the APs using PoE.
  • D. Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.

Answer : D

What drawbacks initially prevented the widespread acceptance and use of Opportunistic
Key Caching (OKC)?

  • A. Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.
  • B. Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.
  • C. Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.
  • D. The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.

Answer : B

What protocols allow a network administrator to securely manage the configuration of
WLAN controllers and access points? (Choose 2)

  • A. SNMPv1
  • B. HTTPS
  • C. Telnet
  • D. TFTP
  • E. FTP
  • F. SSHv2

Answer : B,F

A single AP is configured with three separate WLAN profiles, as follows:
1. SSID: ABCData BSSID: 00:11:22:00:1F:C3 VLAN 10 Security: PEAPv0/EAP-
MSCHAPv2 with AES-CCMP 3 current clients
2. SSID: ABCVoice BSSID: 00:11:22:00:1F:C4 VLAN 60 Security: WPA2-Personal with AES-CCMP 2 current clients
3. SSID: Guest BSSID: 00:11:22:00:1F:C5 VLAN 90 Security: Open with captive portal authentication 3 current clients
Three STAs are connected to ABCData. Three STAs are connected to Guest. Two STAs are connected to ABCVoice.
How many unique GTKs and PTKs are currently in place in this scenario?

  • A. 1 GTK – 8 PTKs
  • B. 2 GTKs – 5 PTKs
  • C. 2 GTKs – 8 PTKs
  • D. 3 GTKs – 8 PTKs

Answer : B

Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.
In this remote scenario, what single wireless security practice will provide the greatest security for Fred?

  • A. Use an IPSec VPN for connectivity to the office network
  • B. Use only HTTPS when agreeing to acceptable use terms on public networks
  • C. Use enterprise WIPS on the corporate office network
  • D. Use WIPS sensor software on the laptop to monitor for risks and attacks
  • E. Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots
  • F. Use secure protocols, such as FTP, for remote file transfers.

Answer : A

Page:    1 / 8   
Total 119 questions