최신 CWSP-207 무료덤프 - CWNP Wireless Security Professional (CWSP)

문제1

Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

A. In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.

B. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.

C. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.

D. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.

정답: A,C,D

문제2

Given: In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.
What statement about the WLAN security of this company is true?

A. A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.

B. An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.

C. Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.

D. An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user's 4-Way Handshake.

E. Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.

정답: A

문제3

Given: A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):
1) 802.11 Probe Req and 802.11 Probe Rsp
2) 802.11 Auth and then another 802.11 Auth
3) 802.11 Assoc Req and 802.11 Assoc Rsp
4) EAPOL-KEY
5) EAPOL-KEY
6) EAPOL-KEY
7) EAPOL-KEY
What security mechanism is being used on the WLAN?

A. WPA-Enterprise

B. EAP-TLS

C. 802.1X/LEAP

D. WPA2-Personal

E. WEP-128

정답: D

문제4

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

A. Pairwise Cipher Suite List

B. RSN Capabilities

C. AKM Suite List

D. Group Cipher Suite

정답: C

문제5

Given: WLAN attacks are typically conducted by hackers to exploit a specific vulnerability within a network.
What statement correctly pairs the type of WLAN attack with the exploited vulnerability? (Choose 3)

A. Zero-day attacks are always authentication or encryption cracking attacks.

B. Social engineering attacks are performed to collect sensitive information from unsuspecting users

C. Association flood attacks are Layer 3 DoS attacks performed against authenticated client stations

D. RF DoS attacks prevent successful wireless communication on a specific frequency or frequency range.

E. Hijacking attacks interrupt a user's legitimate connection and introduce a new connection with an evil twin AP.

F. Management interface exploit attacks are attacks that use social engineering to gain credentials from managers.

정답: B,D,E

문제6

The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?

A. Phase Shift Key (PSK)

B. Group Temporal Key (GTK)

C. Group Master Key (GMK)

D. PeerKey (PK)

E. Pairwise Master Key (PMK)

F. Key Confirmation Key (KCK)

정답: E

문제7

What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)

A. EAP-TLS

B. EAP-TTLS

C. PEAPv0/MSCHAPv2

D. LEAP

E. EAP-MD5

정답: A,B,C

문제8

Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)

A. Analysis and reporting of AP CPU utilization

B. Application-layer traffic inspection

C. Policy enforcement and compliance management

D. Wireless vulnerability assessment

E. Configuration distribution for autonomous APs

정답: C,D

문제9

When TKIP is selected as the pairwise cipher suite, what frame types may be protected with data confidentiality? (Choose 2)

A. Data

B. QoS Data

C. Control

D. Robust broadcast management

E. Robust unicast management

F. ACK

정답: A,B

문제10

Given: ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS-CHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hot-spot include:
* Cannot access corporate network resources
* Network permissions are limited to Internet access
* All stations must be authenticated
What security controls would you suggest? (Choose the single best answer.)

A. Force all guest users to use a common VPN protocol to connect.

B. Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.

C. Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.

D. Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.

E. Implement separate controllers for the corporate and guest WLANs.

정답: C

최신 CWSP-207 무료덤프 - CWNP Wireless Security Professional (CWSP)

우리와 연락하기

유용한 링크

최신 업데이트