Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller- based APs.
Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use
the same RADIUS server. The SSIDs are configured as follows:
SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite SSID Red - VLAN 20 PEAPv0/EAP-TLS authentication - TKIP cipher suite The consultant's computer can successfully
authenticate and browse the Internet when using the Blue SSID. The same computer cannot authenticate
when using the Red SSID.
What is a possible cause of the problem?
A. The Red VLAN does not use server certificate, but the client requires one.
B. The TKIP cipher suite is not a valid option for PEAPv0 authentication.
C. The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.
D. The consultant does not have a valid Kerberos ID on the Blue VLAN.
Given: Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies.
Which one of the following statements is true related to this implementation?
A. The client will be the authenticator in this scenario.
B. The client STAs must use a different, but complementary, EAP type than the AP STAs.
C. The client STAs may communicate over the uncontrolled port in order to authenticate as soon as Open System authentication completes.
D. The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.
What TKIP feature was introduced to counter the weak integrity check algorithm used in WEP?
A. 32-bit ICV (CRC-32)
B. Sequence counters
C. RC5 stream cipher
D. Michael
E. Block cipher support
Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?
A. It does not support the outer identity.
B. It is not a valid EAP type.
C. It does not support mutual authentication.
D. It does not support a RADIUS server.
What are the three roles of the 802.1X framework, as defined by the 802.1X standard, that are performed by the client STA, the AP (or WLAN controller), and the RADIUS server? (Choose 3)
A. Enrollee
B. Registrar
C. AAA Server
D. Authentication Server
E. Supplicant
F. Authenticator
G. Control Point
Given: You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet. What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)
A. User external antennas.
B. Use internal antennas.
C. Power the APs using PoE.
D. Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.
Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.
In this remote scenario, what single wireless security practice will provide the greatest security for Fred?
A. Use an IPSec VPN for connectivity to the office network
B. Use only HTTPS when agreeing to acceptable use terms on public networks
C. Use enterprise WIPS on the corporate office network
D. Use WIPS sensor software on the laptop to monitor for risks and attacks
E. Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots
F. Use secure protocols, such as FTP, for remote file transfers.
What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?
A. H-REAP
B. EAP-GTC
C. EAP-TTLS
D. PEAP
E. LEAP
Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).
Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?
A. Fragmentation threshold
B. Administrative password
C. Output power
D. Cell radius
You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:
1.
SSID: Guest VLAN 90 Security: Open with captive portal authentication 2 current clients
2.
SSID: ABCData VLAN 10 Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP 5 current clients
3.
SSID: ABCVoice VLAN 60 Security: WPA2-Personal 2 current clients
Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.
What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?
A. Only the members of the executive team that are part of the multicast group configured on the media server
B. All clients that are associated to the AP using the ABCData SSID
C. All clients that are associated to the AP using any SSID
D. All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-205 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.