CWSP-205 Online Practice Questions and Answers

Given: You are using a Wireless Aggregator utility to combine multiple packet captures. One capture exists for each of channels 1, 6 and 11. What kind of troubleshooting are you likely performing with such a tool?

A. Wireless adapter failure analysis.

B. Interference source location.

C. Fast secure roaming problems.

D. Narrowband DoS attack detection.

What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?

A. Fast/secure roaming in an 802.11 RSN is significantly longer when EAP-TLS is in use.

B. EAP-TLS does not protect the client's username and password inside an encrypted tunnel.

C. EAP-TLS cannot establish a secure tunnel for internal EAP authentication.

D. EAP-TLS is supported only by Cisco wireless infrastructure and client devices.

E. EAP-TLS requires extensive PKI use to create X.509 certificates for both the server and all clients, which increases administrative overhead.

What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?

A. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.

B. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.

C. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.

D. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.

What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?

A. Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.

B. Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.

C. Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.

D. The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.

Given: You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet. What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)

A. User external antennas.

B. Use internal antennas.

C. Power the APs using PoE.

D. Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.

Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.

In this remote scenario, what single wireless security practice will provide the greatest security for Fred?

A. Use an IPSec VPN for connectivity to the office network

B. Use only HTTPS when agreeing to acceptable use terms on public networks

C. Use enterprise WIPS on the corporate office network

D. Use WIPS sensor software on the laptop to monitor for risks and attacks

E. Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots

F. Use secure protocols, such as FTP, for remote file transfers.

You must support a TSN as you have older wireless equipment that will not support the required processing of AES encryption. Which one of the following technologies will you use on the network so that a TSN can be implemented that would not be required in a network compliant with 802.11-2012 non-deprecated technologies?

A. WEP

B. RC4

C. CCMP

D. WPA2

You work as the security administrator for your organization. In relation to the WLAN, you are viewing a dashboard that shows security threat, policy compliance and rogue threat charts. What type of system is in view?

A. Wireshark Protocol Analyzer

B. Wireless VPN Management Systems

C. Wireless Intrusion Prevention System

D. Distributed RF Spectrum Analyzer

E. WLAN Emulation System