Certified Wireless Security Professional (CWSP) (CWSP-205) Free Practice Test

Question 1

What WLAN client device behavior is exploited by an attacker during a hijacking attack?

A. When the RF signal between a client and an access point is disrupted for more than a
few seconds, the client device will attempt to associate to an access point with better signal quality.

B. After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.

C. As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-to-client connections, even in an infrastructure BSS.

D. When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.

E. Client drivers scan for and connect to access points in the 2.4 GHz band before scanning the 5 GHz band.

Correct Answer: A

Question 2

Given: WLAN protocol analyzers can read and record many wireless frame parameters.
What parameter is needed to physically locate rogue APs with a protocol analyzer?

A. Signal strength

B. IP Address

C. Noise floor

D. SSID

E. RSN IE

F. BSSID

Correct Answer: A

Question 3

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.
Before creating the WLAN security policy, what should you ensure you possess?

A. Awareness of the exact vendor devices being installed

B. End-user training manuals for the policies to be created

C. Security policy generation software

D. Management support for the process

Correct Answer: D

Question 4

While performing a manual scan of your environment using a spectrum analyzer on a laptop computer, you notice a signal in the real time FFT view. The signal is characterized by having peak power centered on channel 11 with an approximate width of 20 MHz at its peak. The signal widens to approximately 40 MHz after it has weakened by about 30 dB.
What kind of signal is displayed in the spectrum analyzer?

A. A frequency hopping device is being used as a signal jammer in 5 GHz

B. An 802.11a AP operating normally in 5 GHz

C. An 802.11g AP operating normally in 2.4 GHz

D. A low-power wideband RF attack is in progress in 2.4 GHz, causing significant 802.11 interference

Correct Answer: C

Question 5

Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization.
What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)

A. The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.

B. The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.

C. RADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.

D. RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.

E. RADIUS can reassign a client's 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.

Correct Answer: B,C

Question 6

Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

A. Social engineering

B. DoS

C. Eavesdropping

D. Rogue APs

Correct Answer: A,C

Question 7

Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console.
What kind of system should be installed to provide the required compliance reporting and forensics features?

A. WIPS integrated

B. WIPS overlay

C. Cloud management platform

D. WNMS

Correct Answer: B

Question 8

What elements should be addressed by a WLAN security policy? (Choose 2)

A. Enabling encryption to prevent MAC addresses from being sent in clear text

B. End-user training for password selection and acceptable network use

C. The exact passwords to be used for administration interfaces on infrastructure devices

D. Social engineering recognition and mitigation techniques

E. How to prevent non-IT employees from learning about and reading the user security policy

Correct Answer: B,D

Question 9

Given: During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text.
From a security perspective, why is this significant?

A. The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.

B. The username can be looked up in a dictionary file that lists common username/password combinations.

C. 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.

D. The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.

Correct Answer: A

Question 10

Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United
States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.
What security best practices should be followed in this deployment scenario?

A. RADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.

B. Remote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.

C. An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.

D. APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

Correct Answer: C

Welcome to TestSimulate

CWNP Certified Wireless Security Professional (CWSP) (CWSP-205) Free Practice Test