CWNP CWSP-207 Exam Practice Test Instant Access

Question 1

Given: The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.

What single WLAN security feature should be implemented to comply with these requirements?

AMutual authentication

BCaptive portal

CRole-based access control

DGroup authentication

ERADIUS policy accounting

Answer : C

Question 2

While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does not use significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth.

What kind of signal is described?

AA high-power, narrowband signal

BA 2.4 GHz WLAN transmission using transmit beam forming

CAn HT-OFDM access point

DA frequency hopping wireless device in discovery mode

EA deauthentication flood from a WIPS blocking an AP

FA high-power ultra wideband (UWB) Bluetooth transmission

Answer : A

Question 3

Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.

In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

AIntruders can send spam to the Internet through the guest VLAN.

BPeer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

CUnauthorized users can perform Internet-based network attacks through the WLAN.

DGuest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

EOnce guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

Answer : A, C

Question 4

You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)

AGenerating passwords for WLAN infrastructure equipment logins

BGenerating PMKs that can be imported into 802.11 RSN-compatible devices

CGenerating secret keys for RADIUS servers and WLAN infrastructure devices

DGenerating passphrases for WLAN systems secured with WPA2-Personal

EGenerating dynamic session keys used for IPSec VPNs

Answer : A, C, D

Question 5

Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity.

What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?

AConfigure WPA2-Enterprise security on the access point

BBlock TCP port 25 and 80 outbound on the Internet router

CRequire client STAs to have updated firewall and antivirus software

DAllow only trusted patrons to use the WLAN

EUse a WIPS to monitor all traffic and deauthenticate malicious stations

FImplement a captive portal with an acceptable use disclaimer

Answer : F

Question 6

Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.

What security best practices should be followed in this deployment scenario?

AAn encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.

BAPs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

CRADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.

DRemote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.

Answer : A

Question 7

Given: A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication.

For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

AWPA2-Enterprise authentication/encryption

BInternal RADIUS server

CWIPS support and integration

D802.1Q VLAN trunking

ESNMPv3 support

Answer : B

CWNP CWSP-207 Certified Wireless Security Professional Exam Practice Test