Certified Wireless Security Professional (CWSP) (CWSP-208) Free Practice Test

Question 1

What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?

A. EAP-TLS cannot establish a secure tunnel for internal EAP authentication.

B. EAP-TLS does not protect the client's username and password inside an encrypted tunnel.

C. EAP-TLS requires extensive PKI use to create X.509 certificates for both the server and all clients, which increases administrative overhead.

D. Fast/secure roaming in an 802.11 RSN is significantly longer when EAP-TLS is in use.

E. EAP-TLS is supported only by Cisco wireless infrastructure and client devices.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

What protocols allow a network administrator to securely manage the configuration of WLAN controllers and access points? (Choose 2)

A. HTTPS

B. FTP

C. TFTP

D. SSHv2

E. SNMPv1

F. Telnet

Correct Answer: A,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?

A. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

B. Authorized PEAP usernames must be added to the WIPS server's user database.

C. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

D. Separate security profiles must be defined for network operation in different regulatory domains

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?

A. The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.

B. The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.

C. The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.

D. The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?

A. Server credentials

B. X.509 certificates

C. User credentials

D. RADIUS shared secret

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Given: Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM.
What device functions as the 802.1X/EAP Authenticator?

A. SRV21

B. MacBook Pro

C. WLAN Controller/AP

D. RADIUS server

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

Given: The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.
What single WLAN security feature should be implemented to comply with these requirements?

A. Role-based access control

B. RADIUS policy accounting

C. Captive portal

D. Mutual authentication

E. Group authentication

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

A. Pairwise Cipher Suite List

B. Group Cipher Suite

C. RSN Capabilities

D. AKM Suite List

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

Given: During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text.
From a security perspective, why is this significant?

A. The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.

B. The username can be looked up in a dictionary file that lists common username/password combinations.

C. 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.

D. The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4- way handshake.
Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)

A. STA1 is a reassociation and STA2 is an initial association.

B. STA1 and STA2 are using different cipher suites.

C. STA1 is a TSN, and STA2 is an RSN.

D. STA1 and STA2 are using different EAP types.

E. STA2 has retransmissions of EAP frames.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

CWNP Certified Wireless Security Professional (CWSP) (CWSP-208) Free Practice Test