CWNP CWSP-207 Exam Practice Test Instant Access

Question 1

You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions. Which of the following statements is true regarding integrated WIPS solutions?

AIntegrated WIPS always perform better from a client throughput perspective because the same radio that performs the threat scanning also services the clients.

BIntegrated WIPS use special sensors installed alongside the APs to scan for threats.

CMany integrated WIPS solutions that detect Voice over Wi-Fi traffic will cease scanning altogether to accommodate the latency sensitive client traffic.

DIntegrated WIPS is always more expensive than overlay WIPS.

Answer : C

Question 2

Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.

In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

AIntruders can send spam to the Internet through the guest VLAN.

BPeer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

CUnauthorized users can perform Internet-based network attacks through the WLAN.

DGuest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

EOnce guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

Answer : A, C

Question 3

You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)

AGenerating passwords for WLAN infrastructure equipment logins

BGenerating PMKs that can be imported into 802.11 RSN-compatible devices

CGenerating secret keys for RADIUS servers and WLAN infrastructure devices

DGenerating passphrases for WLAN systems secured with WPA2-Personal

EGenerating dynamic session keys used for IPSec VPNs

Answer : A, C, D

Question 4

Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity.

What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?

AConfigure WPA2-Enterprise security on the access point

BBlock TCP port 25 and 80 outbound on the Internet router

CRequire client STAs to have updated firewall and antivirus software

DAllow only trusted patrons to use the WLAN

EUse a WIPS to monitor all traffic and deauthenticate malicious stations

FImplement a captive portal with an acceptable use disclaimer

Answer : F

Question 5

Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server.

Where must the X.509 server certificate and private key be installed in this network?

ASupplicant devices

BLDAP server

CController-based APs

DWLAN controller

ERADIUS server

Answer : E

Question 6

When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?

AX.509 certificates

BUser credentials

CServer credentials

DRADIUS shared secret

Answer : B

Question 7

Given: Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM.

What device functions as the 802.1X/EAP Authenticator?

ASRV21

BWLAN Controller/AP

CMacBook Pro

DRADIUS server

Answer : B

CWNP CWSP-207 Certified Wireless Security Professional Exam Practice Test