CWSP-206 Online Practice Questions and Answers

During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text. From a security perspective, why is this significant?

A. The username can be looked up in a dictionary file that lists common username/password combinations.

B. The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.

C. 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.

D. The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.

In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation's wireless network. Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user's connections. XYZ's legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices. With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?

A. When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant's software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software AP.

B. If the consultant's software AP broadcasts Beacon frames that advertise 802.11g data rates that are faster rates than XYZ's current 802.11b data rates, all WLAN clients will reassociate to the faster AP.

C. A higher SSID priority value configured in the Beacon frames of the consultant's software AP will take priority over the SSID in the authorized AP, causing the clients to reassociate.

D. All WLAN clients will reassociate to the consultant's software AP if the consultant's software AP provides the same SSID on any channel with a 10 dB SNR improvement over the authorized AP.

What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

A. EAP-GTC

B. PEAP

C. EAP-TTLS

D. LEAP

E. H-REAP

What TKIP feature was introduced to counter the weak integrity check algorithm used in WEP?

A. RC5 stream cipher

B. Block cipher support

C. Sequence counters

D. 32-bit ICV (CRC-32)

E. Michael

Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies. Which one of the following statements is true related to this implementation?

A. The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.

B. The client STAs may communicate over the uncontrolled port in order to authenticate as soon as the Open System authentication completes.

C. The client STAs may use a different, but complementary, EAP type than the AP STAs.

D. The client will be the authenticator in this scenario.

When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?

A. Server credentials

B. User credentials

C. RADIUS shared secret

D. X.509 certificates

Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks. In this deployment, what risk is still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering feature enabled?

A. Intruders can send spam to the Internet through the guest VLAN.

B. Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

C. Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

D. Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

XYZ Hospital plans to improve the security and performance of their Voice over Wi-Fi implementation and will be upgrading to 802.11n phones with 802.1X/EAP authentication. XYZ would like to support fast secure roaming for the phones and will require the ability to troubleshoot reassociations that are delayed or dropped during inter-channel roaming. What portable solution would be recommended for XYZ to troubleshoot roaming problems?

A. Spectrum analyzer software installed on a laptop computer.

B. An autonomous AP mounted on a mobile cart and configured to operate in monitor mode.

C. Laptop-based protocol analyzer with multiple 802.11n adapters.

D. WIPS sensor software installed on a laptop computer.

For which one of the following purposes would a WIPS not be a good solution?

A. Enforcing wireless network security policy.

B. Detecting and defending against eavesdropping attacks.

C. Performance monitoring and troubleshooting.

D. Security monitoring and notification.

After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify the security threats?

A. Separate security profiles must be defined for network operation in different regulatory domains.

B. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

C. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

D. Authorized PEAP usernames must be added to the WIPS server's user database.