CWSP-206 Online Practice Questions and Answers

What WLAN client device behavior is exploited by an attacker during a hijacking attack?

A. After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.

B. Client drivers scan for and connect to access point in the 2.4 GHz band before scanning the 5 GHz band.

C. When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.

D. When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.

E. As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-toclient connections, even in an infrastructure BSS.

What software and hardware tools are used in the process performed to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network?

A. A low-gain patch antenna and terminal emulation software

B. MAC spoofing software and MAC DoS software

C. RF jamming device and a wireless radio card

D. A wireless workgroup bridge and a protocol analyzer

During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text. From a security perspective, why is this significant?

A. The username can be looked up in a dictionary file that lists common username/password combinations.

B. The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.

C. 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.

D. The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.

You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution. In this configuration, the wireless network is initially susceptible to what type of attack?

A. Offline dictionary attacks

B. Application eavesdropping

C. Session hijacking

D. Layer 3 peer-to-peer

E. Encryption cracking

Which one of the following is not a role defined in the 802.1X authentication procedures used in 802.11 and 802.3 networks for port-based authentication?

A. AAA Server

B. Authentication Server

C. Supplicant

D. Authenticator

Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

A. Provide two or more user groups connected to the same SSID with different levels of network privileges.

B. Allow access to specific files and applications based on the user's WMM access category.

C. Allow simultaneous support for multiple EAP types on a single access point.

D. Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.

A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication. For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

A. SNMPv3 support

B. 802.1Q VLAN trunking

C. Internal RADIUS server

D. WIPS support and integration

E. WPA2-Enterprise authentication/encryption

Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP- compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server. Where must the X.509 server certificate and private key be installed in this network?

A. Controller-based APs

B. WLAN controller

C. RADIUS server

D. Supplicant devices

E. LDAP server

While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does not use significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth. What kind of signal is described?

A. A high-power ultra wideband (UWB) Bluetooth transmission.

B. A 2.4 GHz WLAN transmission using transmit beam forming.

C. A high-power, narrowband signal.

D. A deauthentication flood from a WIPS blocking an AP.

E. An HT-OFDM access point.

F. A frequency hopping wireless device in discovery mode.

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

A. Group Cipher Suite

B. Pairwise Cipher Suite List

C. AKM Suite List

D. RSN Capabilities