CWAP-404 Online Practice Questions and Answers

Correct Answer: C

Explanation: One of the information that is communicated by bits in the PHY header is data rate. Data rate is the speed at which data is transmitted or received over the wireless medium. Data rate depends on factors such as modulation, coding, channel width, spatial streams, and guard interval. Data rate is indicated by bits in different fields of the PHY header, depending on the type of PPDU (e.g., OFDM, HT, VHT, HE). The receiver uses these bits to determine how to decode and demodulate the rest of the PPDU. The other options are not correct, as they are not communicated by bits in the PHY header. SNR (Signal-to-Noise Ratio), noise, and signal strengthare measured by the receiver based on its own capabilities and environment. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 4: 802.11 Physical Layer, page 101-105

Correct Answer: C

Explanation: The value of the Listen Interval field in an Association Request frame indicates how often a STA in power save mode wakes up to listen to Beacon frames. The Listen Interval is expressed in units of Beacon Intervals (typically 100 TU or 102.4 ms). For example, if the Listen Interval is set to 10, it means that the STA will wake up every 10 Beacon Intervals (or about 1 second) to check for buffered frames at the AP. The Listen Interval is used by the AP to determine how long it can hold frames for a STA in power save mode before discarding them . References: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 197; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 198.

Correct Answer: C

Explanation: A PHY header is added to the PSDU at the PHY layer. A PHY header is a part of the PPDU that contains information such as modulation, coding, and data rate. The PHY header is added by the PHY layer when it converts a PSDU to a PPDU for transmission, or removed by the PHY layer when it converts a PPDU to a PSDU for reception. The other layers do not add or remove a PHY header. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 4: 802.11 Physical Layer, page 97-98

Correct Answer: A

Explanation: The FFT plot is a spectrum analysis plot that shows the RF power present at a particular frequency over a short period of time. It can help identify the sources and characteristics of RF signals in the spectrum. By looking at the FFT plot, you can determine which ZigBee channels are used by the lighting system and whether they overlap with the WLAN channels in the 2.4 GHz band. ZigBee channels are 5 MHz wide and WLAN channels are 20 MHz or 40 MHz wide, so there is a possibility of overlap and interference between them. The other questions cannot be answered by looking at the FFT plot alone, as they require other types of plots or analysis tools, such as duty cycle plot, airtime utilization plot, or protocol analyzer. References: [Wireless Analysis Professional Study Guide], Chapter 3: Spectrum Analysis, page 69-70

Correct Answer: C

Explanation: Display filters are applied after the capture is completed and they only hide the packets from view. The filtered packets are still present in the capture file and can be enabled for view later by changing or removing the display filter.

This is an advantage over capture-time filters, which discard the packets that do not match the filter criteria and cannot be recovered later34 References:

CWAP-403 Study Guide, Chapter 2: Protocol Analysis, page 37 CWAP-403 Objectives, Section 2.3: Apply display filters

Correct Answer: A

Explanation: An 802.11 wireless adaptor is required for Wi-Fi integration in laptop-based spectrum analyzer software in addition to the spectrum analysis adapter. The spectrum analysis adapter is a hardware device that captures the RF signals in the wireless environment and sends them to the spectrum analyzer software for analysis and display. The 802.11 wireless adapter is a hardware device that connects the laptop to the wireless network and allows the spectrum analyzer software to correlate the RF data with the Wi-Fi data, such as SSID, channel, and BSSID. This enables the spectrum analyzer software to provide more context and insight into the spectrum activity and its impact on the Wi-Fi network. A firmware upgrade for the spectrum analysis adapter is not required for Wi-Fi integration, but it may be needed to fix bugs or add features to the device. A directional antenna is an antenna that focuses the RF energy in a specific direction and has a high gain and a narrow beamwidth. A directional antenna can be used with a spectrum analysis adapter to pinpoint the location or source of interference or noise in the wireless environment, but it is not required for Wi-Fi integration. SNMP read credentials to the WLAN controller or APs are not required for Wi-Fi integration, but they may be useful for obtaining additional information about the wireless network configuration and performance from the network devices.References: CWAP-404 Study Guide, Chapter 4: Spectrum Analysis and Troubleshooting, page 123 CWAP-404 Objectives, Section 4.2: Integrate Wi-Fi data with spectrum analysis data CWAP-404 Study Guide, Chapter 4: Spectrum Analysis and Troubleshooting, page 131

Correct Answer: C

Explanation: The data rate at which the PHY preamble was transmitted is 6 Mbps. The PHY preamble is a part of the PPDU that is transmitted before the PHY header and the PSDU. The PHY preamble consists of a series of training fields that help the receiver to detect and synchronize with the signal. The PHY preamble is always transmitted at a fixed data rate that depends on the type of PPDU (e.g., OFDM, HT, VHT, HE). For an 802.1 lac data frame on channel 52, which uses VHT PPDUs, the data rate for the PHY preamble is 6 Mbps. This data rate does not depend on MCS (Modulation and Coding Scheme), which only affects the data rate for the PSDU. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 4: 802.11 Physical Layer, page 99-100

Correct Answer: D

Explanation: Open Authentication without encryption is not allowed when operating a BSS in the 6 GHz band, according to the 802.11 standard. Open Authentication is a type of authentication method that does not require any credentials or security information from a STA (station) to join a BSS (Basic Service Set). Open Authentication can be used with or without encryption, depending on the configuration of the BSS and the STA. Encryption is a technique that scrambles the data frames using an algorithm and a key to prevent unauthorized access or eavesdropping. However, in the 6 GHz band, which is a newly available frequency band for WLANs, OpenAuthentication without encryption is prohibited by the

802.11 standard, as it poses security and interference risks for other users and services in the band. The 6 GHz band requires all WLANs to use WPA3-Personal or WPA3-Enterprise encryption methods, which are more secure and robust than previous encryption methods such as WPA2 or WEP. The other options are not correct, as they do not describe scenarios where Open Authentication without encryption is not allowed by the 802.11 standard. When operating a BSS in the CBRS band, which is another newly available frequency band for WLANs, Open Authentication without encryption is allowed, but not recommended, as it also poses security and interference risks for other users and services in the band. When operating a BSS in FIPS mode, which is a mode that complies with the Federal Information Processing Standards for cryptographic security, Open Authentication without encryption is allowed, but not compliant, as it does not meet the FIPS requirements for encryption algorithms and keys. When operating a BSS in a government facility, Open Authentication without encryption is allowed, but not advisable, as it may violate the government policies or regulations for wireless security. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 8: Security Analysis, page 220-221

Correct Answer: B

Explanation: The most likely cause of higher airtime utilization on the first 20 MHz of the 80 MHz channel is non-Wi-Fi interference. Non-Wi-Fi interference can prevent an AP from using its full channel width, as it will degrade the signal quality and increase the noise floor on some parts of the channel. This will force the AP to fall back to a narrower channel width, such as 20 MHz or 40 MHz, to maintain communication with its clients. The waterfall plot can help identify non-Wi-Fi interference by showing spikes or bursts of RF energy on specific frequencies or sub-channels. The other options are not correct, as they do not explain why only the first 20 MHz of the channel has higher airtime utilization. References: [Wireless Analysis Professional Study Guide], Chapter 3: Spectrum Analysis, page 74-75

Correct Answer: B

Explanation: The users on floor 5 are being subjected to a denial of service attack, as this is happening across the entire floor it is likely to be a misconfigured WIPS solution belonging to the tenants on the floor below. This is because the

Deauthentication frames have a source address that matches the BSSIDs of the customer's APs and a destination address that is a broadcast address (FF:FF:FF:FF:FF:FF). This indicates that someone is sending spoofed Deauthentication

frames to all STAs associated with the customer's APs, causing them to disconnect from the wireless network. This is a common type of DoS attack on wireless networks, and it could be caused by a rogue device or a WIPS solution that is

configured to protect the wireless network of another tenant on the floor below12. References: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 13: Troubleshooting Common Wi-Fi Issues, page 4961;

CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 14:

Troubleshooting Tools, page 5272.