Certified Wireless Security Professional (CWSP) v6.0

Page:    1 / 8   
Exam contains 119 questions

Given: A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying
Active Directory for user authentication.
For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

  • A. WPA2-Enterprise authentication/encryption
  • B. Internal RADIUS server
  • C. WIPS support and integration
  • D. 802.1Q VLAN trunking
  • E. SNMPv3 support


Answer : B

What TKIP feature was introduced to counter the weak integrity check algorithm used in
WEP?

  • A. 32-bit ICV (CRC-32)
  • B. Sequence counters
  • C. RC5 stream cipher
  • D. Michael
  • E. Block cipher support


Answer : D

In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the
ANonce and SNonce? (Choose 2)

  • A. They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.
  • B. The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).
  • C. They are added together and used as the GMK, from which the GTK is derived.
  • D. They are input values used in the derivation of the Pairwise Transient Key.
  • E. They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.


Answer : D,E

Given: ABC Company is an Internet Service Provider with thousands of customers. ABCs customers are given login credentials for network access when they become a customer.
ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication.
How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

  • A. Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.
  • B. Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.
  • C. Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.
  • D. Implement a RADIUS server and query user authentication requests through the LDAP server.


Answer : D

What are the three roles of the 802.1X framework, as defined by the 802.1X standard, that are performed by the client STA, the AP (or WLAN controller), and the RADIUS server?
(Choose 3)

  • A. Enrollee
  • B. Registrar
  • C. AAA Server
  • D. Authentication Server
  • E. Supplicant
  • F. Authenticator
  • G. Control Point


Answer : D,E,F

What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)

  • A. EAP-MD5
  • B. EAP-TLS
  • C. LEAP
  • D. PEAPv0/MSCHAPv2
  • E. EAP-TTLS


Answer : B,D,E

Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

  • A. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.
  • B. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.
  • C. In the WLAN controllers local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.
  • D. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.


Answer : B,C,D

Given: ABC Company has recently installed a WLAN controller and configured it to support
WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).
How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

  • A. The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.
  • B. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.
  • C. The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.
  • D. The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.


Answer : B

Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).
Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

  • A. Fragmentation threshold
  • B. Administrative password
  • C. Output power
  • D. Cell radius


Answer : B

You must support a TSN as you have older wireless equipment that will not support the required processing of AES encryption. Which one of the following technologies will you use on the network so that a TSN can be implemented that would not be required in a network compliant with 802.11-2012 non-deprecated technologies?

  • A. WEP
  • B. RC4
  • C. CCMP
  • D. WPA2


Answer : B

Given: Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a
MacBook Pro with 8 GB RAM.
What device functions as the 802.1X/EAP Authenticator?

  • A. SRV21
  • B. WLAN Controller/AP
  • C. MacBook Pro
  • D. RADIUS server


Answer : B

When TKIP is selected as the pairwise cipher suite, what frame types may be protected with data confidentiality? (Choose 2)

  • A. Robust broadcast management
  • B. Robust unicast management
  • C. Control
  • D. Data
  • E. ACK
  • F. QoS Data


Answer : D,F

Given: The Marketing departments WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.
What single WLAN security feature should be implemented to comply with these requirements?

  • A. Mutual authentication
  • B. Captive portal
  • C. Role-based access control
  • D. Group authentication
  • E. RADIUS policy accounting


Answer : C

Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server.
Where must the X.509 server certificate and private key be installed in this network?

  • A. Supplicant devices
  • B. LDAP server
  • C. Controller-based APs
  • D. WLAN controller
  • E. RADIUS server


Answer : E

Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.
In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

  • A. Intruders can send spam to the Internet through the guest VLAN.
  • B. Peer-to-peer attacks can still be conducted between guest users unless application- layer monitoring and filtering are implemented.
  • C. Unauthorized users can perform Internet-based network attacks through the WLAN.
  • D. Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.
  • E. Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.


Answer : A,C

Page:    1 / 8   
Exam contains 119 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.