Given: The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.
What single WLAN security feature should be implemented to comply with these requirements?
A. Mutual authentication
B. Captive portal
C. Role-based access control
D. Group authentication
E. RADIUS policy accounting
While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does not use significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth.
What kind of signal is described?
A. A high-power, narrowband signal
B. A 2.4 GHz WLAN transmission using transmit beam forming
C. An HT-OFDM access point
D. A frequency hopping wireless device in discovery mode
E. A deauthentication flood from a WIPS blocking an AP
F. A high-power ultra wideband (UWB) Bluetooth transmission
Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.
In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)
A. Intruders can send spam to the Internet through the guest VLAN.
B. Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.
C. Unauthorized users can perform Internet-based network attacks through the WLAN.
D. Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.
E. Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.
You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)
A. Generating passwords for WLAN infrastructure equipment logins
B. Generating PMKs that can be imported into 802.11 RSN-compatible devices
C. Generating secret keys for RADIUS servers and WLAN infrastructure devices
D. Generating passphrases for WLAN systems secured with WPA2-Personal
E. Generating dynamic session keys used for IPSec VPNs
Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server.
Where must the X.509 server certificate and private key be installed in this network?
A. Supplicant devices
B. LDAP server
C. Controller-based APs
D. WLAN controller
E. RADIUS server
Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity.
What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?
A. Configure WPA2-Enterprise security on the access point
B. Block TCP port 25 and 80 outbound on the Internet router
C. Require client STAs to have updated firewall and antivirus software
D. Allow only trusted patrons to use the WLAN
E. Use a WIPS to monitor all traffic and deauthenticate malicious stations
F. Implement a captive portal with an acceptable use disclaimer
The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?
A. Group Key Handshake
B. 802.1X/EAP authentication
C. DHCP Discovery
D. 4-Way Handshake
E. Passphrase-to-PSK mapping
F. RADIUS shared secret lookup
Given: ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS- CHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hot-spot include:
Cannot access corporate network resources
Network permissions are limited to Internet access
All stations must be authenticated
What security controls would you suggest? (Choose the single best answer.)
A. Implement separate controllers for the corporate and guest WLANs.
B. Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.
C. Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.
D. Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.
E. Force all guest users to use a common VPN protocol to connect.
The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?
A. Phase Shift Key (PSK)
B. Group Master Key (GMK)
C. Pairwise Master Key (PMK)
D. Group Temporal Key (GTK)
E. PeerKey (PK)
F. Key Confirmation Key (KCK)
In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce? (Choose 2)
A. They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.
B. The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).
C. They are added together and used as the GMK, from which the GTK is derived.
D. They are input values used in the derivation of the Pairwise Transient Key.
E. They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-205 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.