Want to know Examcollection CWSP-205 Exam practice test features? Want to lear more about CWNA Certified Wireless Security Professional certification experience? Study Printable CWNA CWSP-205 answers to Up to the minute CWSP-205 questions at Examcollection. Gat a success with an absolute guarantee to pass CWNA CWSP-205 (Certified Wireless Security Professional) test on your first attempt.
2021 Feb CWSP-205 practice exam
Q41. What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?
A. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.
B. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.
C. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.
D. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.
Q42. Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks. In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)
A. Intruders can send spam to the Internet through the guest VLAN.
B. Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.
C. Unauthorized users can perform Internet-based network attacks through the WLAN.
D. Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.
E. Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.
Q43. While seeking the source of interference on channel 11 in your 802.11n WLAN running within
2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does not use significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth. What kind of signal is described?
A. A high-power, narrowband signal
B. A 2.4 GHz WLAN transmission using transmit beam forming
C. An HT-OFDM access point
D. A frequency hopping wireless device in discovery mode
E. A deauthentication flood from a WIPS blocking an AP
F. A high-power ultra wideband (UWB) Bluetooth transmission
Q44. Given: You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution. In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)
A. Encryption cracking
B. Offline dictionary attacks
C. Layer 3 peer-to-peer
D. Application eavesdropping
E. Session hijacking
F. Layer 1 DoS
Answer: B, F
Q45. Given: You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured. In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?
A. Probe request
E. Data frames
Updated CWSP-205 free question:
Q46. Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization. What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)
A. The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.
B. The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.
C. RADIUS can reassign a client's 802.11 association to a new SSID by referencing a username- to-SSID mapping table in the LDAP user database.
D. RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.
E. RADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.
Answer: B, E
Q47. Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data. What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?
A. All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.
B. Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.
C. Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.
D. Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.
E. The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.
Q48. What are the three roles of the 802.1X framework, as defined by the 802.1X standard, that are performed by the client STA, the AP (or WLAN controller), and the RADIUS server? (Choose 3)
C. AAA Server
D. Authentication Server
G. Control Point
Answer: D, E, F
Q49. You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:
1. SSID: Guest VLAN 90 Security: Open with captive portal authentication 2 current clients
2. SSID: ABCData VLAN 10 Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP 5 current clients
3. SSID: ABCVoice VLAN 60 Security: WPA2-Personal 2 current clients Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients. What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?
A. Only the members of the executive team that are part of the multicast group configured on the media server
B. All clients that are associated to the AP using the ABCData SSID
C. All clients that are associated to the AP using any SSID
D. All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.
Q50. Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console. What kind of system should be installed to provide the required compliance reporting and forensics features?
B. WIPS overlay
C. WIPS integrated
D. Cloud management platform
see more CWSP-205 dumps