CWNP CWSP-207 Exam Practice Test Instant Access

Question 1

Given: The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.

What single WLAN security feature should be implemented to comply with these requirements?

AMutual authentication

BCaptive portal

CRole-based access control

DGroup authentication

ERADIUS policy accounting

Answer : C

Question 2

Given: ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication.

How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

AImport all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.

BImplement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.

CMirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.

DImplement a RADIUS server and query user authentication requests through the LDAP server.

Answer : D

Question 3

Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.

What security best practices should be followed in this deployment scenario?

AAn encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.

BAPs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

CRADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.

DRemote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.

Answer : A

Question 4

Given: A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication.

For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

AWPA2-Enterprise authentication/encryption

BInternal RADIUS server

CWIPS support and integration

D802.1Q VLAN trunking

ESNMPv3 support

Answer : B

Question 5

Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

AMinimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.

BAllow access to specific files and applications based on the user's WMM access category.

CProvide two or more user groups connected to the same SSID with different levels of network privileges.

DAllow simultaneous support for multiple EAP types on a single access point.

Answer : C

Question 6

Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization.

What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)

AThe RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.

BThe RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.

CRADIUS can reassign a client's 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.

DRADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.

ERADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.

Answer : B, E

Question 7

What protocols allow a network administrator to securely manage the configuration of WLAN controllers and access points? (Choose 2)

ASNMPv1

BHTTPS

CTelnet

DTFTP

EFTP

FSSHv2

Answer : B, F

CWNP CWSP-207 Certified Wireless Security Professional Exam Practice Test