CWNP CWSP-207 Exam Practice Test Instant Access

Question 1

After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?

AAuthorized PEAP usernames must be added to the WIPS server's user database.

BWLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

CSeparate security profiles must be defined for network operation in different regulatory domains

DUpstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

Answer : B

Question 2

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

AGroup Key Handshake

B802.1X/EAP authentication

CDHCP Discovery

D4-Way Handshake

EPassphrase-to-PSK mapping

FRADIUS shared secret lookup

Answer : B

Question 3

In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce? (Choose 2)

AThey are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.

BThe IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).

CThey are added together and used as the GMK, from which the GTK is derived.

DThey are input values used in the derivation of the Pairwise Transient Key.

EThey allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.

Answer : D, E

Question 4

The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?

APhase Shift Key (PSK)

BGroup Master Key (GMK)

CPairwise Master Key (PMK)

DGroup Temporal Key (GTK)

EPeerKey (PK)

FKey Confirmation Key (KCK)

Answer : C

Question 5

Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.

What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

AMulti-factor authentication

B4-Way Handshake

CPLCP Cyclic Redundancy Check (CRC)

DEncrypted Passphrase Protocol (EPP)

EIntegrity Check Value (ICV)

FGroup Temporal Keys

Answer : B, F

Question 6

Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).

How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

AThe WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.

BThe RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.

CThe RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.

DThe RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.

Answer : B

Question 7

Given: ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication.

How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

AImport all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.

BImplement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.

CMirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.

DImplement a RADIUS server and query user authentication requests through the LDAP server.

Answer : D

CWNP CWSP-207 Certified Wireless Security Professional Exam Practice Test