최신 CWSP-207 무료덤프 - CWNP Wireless Security Professional (CWSP)

문제1

Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console.
What kind of system should be installed to provide the required compliance reporting and forensics features?

A. WIPS overlay

B. WNMS

C. WIPS integrated

D. Cloud management platform

정답: A

문제2

What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

A. PEAP

B. EAP-TTLS

C. H-REAP

D. LEAP

E. EAP-GTC

정답: A

문제3

Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

A. DoS

B. Eavesdropping

C. Rogue APs

D. Social engineering

정답: B,D

문제4

Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.
What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?

A. John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.

B. John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.

C. John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.

D. Before connecting to the bank's website, John's association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank's web server and has decrypted John's login credentials in near real-time.

E. The bank's web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

정답: C

문제5

You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions. Which of the following statements is true regarding integrated WIPS solutions?

A. Many integrated WIPS solutions that detect Voice over Wi-Fi traffic will cease scanning altogether to accommodate the latency sensitive client traffic.

B. Integrated WIPS use special sensors installed alongside the APs to scan for threats.

C. Integrated WIPS is always more expensive than overlay WIPS.

D. Integrated WIPS always perform better from a client throughput perspective because the same radio that performs the threat scanning also services the clients.

정답: A

문제6

What statement accurately describes the functionality of the IEEE 802.1X standard?

A. Port-based access control with support for authenticated-user VLANs only

B. Port-based access control, which allows three frame types to traverse the uncontrolled port: EAP, DHCP, and DNS.

C. Port-based access control with mandatory support of AES-CCMP encryption

D. Port-based access control with EAP encapsulation over the LAN (EAPoL)

E. Port-based access control with dynamic encryption key management and distribution

정답: D

문제7

The following numbered items show some of the contents of each of the four frames exchanged during the
4-way handshake:
1. Encrypted GTK sent
2. Confirmation of temporal key installation
3. Anonce sent from authenticator to supplicant
4. Snonce sent from supplicant to authenticator, MIC included
Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.

A. 2, 3, 4, 1

B. 4, 3, 1, 2

C. 1, 2, 3, 4

D. 3, 4, 1, 2

정답: D

문제8

Given: In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.
What statement about the WLAN security of this company is true?

A. A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.

B. An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.

C. Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.

D. An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user's 4-Way Handshake.

E. Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.

정답: A

문제9

Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

A. In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.

B. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.

C. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.

D. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.

정답: A,C,D

문제10

In the IEEE 802.11-2012 standard, what is the purpose of the 802.1X Uncontrolled Port?

A. To block unencrypted user traffic after a 4-Way Handshake completes

B. To allow only authentication frames to flow between the Supplicant and Authentication Server

C. To pass general data traffic after the completion of 802.11 authentication and key management

D. To block authentication traffic until the 4-Way Handshake completes

정답: B

최신 CWSP-207 무료덤프 - CWNP Wireless Security Professional (CWSP)

우리와 연락하기

유용한 링크

최신 업데이트