1. Home
  2. CWNP
  3. CWSP
  4. CWSP-207
  5. Certified Wireless Security Professional (CWSP) Questions and Answers

Pass the CWNP CWSP CWSP-207 Questions and answers with CertsForce

 CWNP Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 4 pages
Viewing questions 1-10 out of questions
Questions # 1:

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

Options:
A.

Group Key Handshake

B.

802.1X/EAP authentication

C.

DHCP Discovery

D.

4-Way Handshake

E.

Passphrase-to-PSK mapping

F.

RADIUS shared secret lookup

Questions # 2:

What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

Options:
A.

H-REAP

B.

EAP-GTC

C.

EAP-TTLS

D.

PEAP

E.

LEAP

Questions # 3:

While performing a manual scan of your environment using a spectrum analyzer on a laptop computer, you notice a signal in the real time FFT view. The signal is characterized by having peak power centered on channel 11 with an approximate width of 20 MHz at its peak. The signal widens to approximately 40 MHz after it has weakened by about 30 dB.

What kind of signal is displayed in the spectrum analyzer?

Options:
A.

A frequency hopping device is being used as a signal jammer in 5 GHz

B.

A low-power wideband RF attack is in progress in 2.4 GHz, causing significant 802.11 interference

C.

An 802.11g AP operating normally in 2.4 GHz

D.

An 802.11a AP operating normally in 5 GHz

Questions # 4:

Given: ABC Corporation’s 802.11 WLAN is comprised of a redundant WLAN controller pair (N+1) and 30 access points implemented in 2004. ABC implemented WEP encryption with IPSec VPN technology to secure their wireless communication because it was the strongest security solution available at the time it was implemented. IT management has decided to upgrade the WLAN infrastructure and implement Voice over Wi-Fi and is concerned with security because most Voice over Wi-Fi phones do not support IPSec.

As the wireless network administrator, what new security solution would be best for protecting ABC’s data?

Options:
A.

Migrate corporate data clients to WPA-Enterprise and segment Voice over Wi-Fi phones by assigning them to a different frequency band.

B.

Migrate corporate data and Voice over Wi-Fi devices to WPA2-Enterprise with fast secure roaming support, and segment Voice over Wi-Fi data on a separate VLAN.

C.

Migrate to a multi-factor security solution to replace IPSec; use WEP with MAC filtering, SSID hiding, stateful packet inspection, and VLAN segmentation.

D.

Migrate all 802.11 data devices to WPA-Personal, and implement a secure DHCP server to allocate addresses from a segmented subnet for the Voice over Wi-Fi phones.

Questions # 5:

Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.

In this remote scenario, what single wireless security practice will provide the greatest security for Fred?

Options:
A.

Use an IPSec VPN for connectivity to the office network

B.

Use only HTTPS when agreeing to acceptable use terms on public networks

C.

Use enterprise WIPS on the corporate office network

D.

Use WIPS sensor software on the laptop to monitor for risks and attacks

E.

Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots

F.

Use secure protocols, such as FTP, for remote file transfers.

Questions # 6:

What statement accurately describes the functionality of the IEEE 802.1X standard?

Options:
A.

Port-based access control with EAP encapsulation over the LAN (EAPoL)

B.

Port-based access control with dynamic encryption key management and distribution

C.

Port-based access control with support for authenticated-user VLANs only

D.

Port-based access control with mandatory support of AES-CCMP encryption

E.

Port-based access control, which allows three frame types to traverse the uncontrolled port: EAP, DHCP, and DNS.

Questions # 7:

Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).

Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

Options:
A.

Fragmentation threshold

B.

Administrative password

C.

Output power

D.

Cell radius

Questions # 8:

Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.

In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

Options:
A.

Intruders can send spam to the Internet through the guest VLAN.

B.

Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

C.

Unauthorized users can perform Internet-based network attacks through the WLAN.

D.

Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

E.

Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

Questions # 9:

What are the three roles of the 802.1X framework, as defined by the 802.1X standard, that are performed by the client STA, the AP (or WLAN controller), and the RADIUS server? (Choose 3)

Options:
A.

Enrollee

B.

Registrar

C.

AAA Server

D.

Authentication Server

E.

Supplicant

F.

Authenticator

G.

Control Point

Questions # 10:

You are implementing a wireless LAN that will be used by point-of-sale (PoS) systems in a retail environment. Thirteen PoS computers will be installed. To what industry requirement should you ensure you adhere?

Options:
A.

ISA99

B.

HIPAA

C.

PCI-DSS

D.

Directive 8500.01

Viewing page 1 out of 4 pages
Viewing questions 1-10 out of questions