A single AP is configured with three separate WLAN profiles, as follows:
1.
SSID: ABCData BSSID: 00:11:22:00:1F:C3 VLAN 10 Security: PEAPv0/EAP- MSCHAPv2 with AESCCMP 3 current clients
2.
SSID: ABCVoice BSSID: 00:11:22:00:1F:C4 VLAN 60 Security: WPA2-Personal with AES-CCMP 2 current clients
3.
SSID: Guest BSSID: 00:11:22:00:1F:C5 VLAN 90 Security: Open with captive portal authentication 3 current clients Three STAs are connected to ABCData. Three STAs are connected to Guest. Two STAs are connected to ABCVoice.
How many unique GTKs and PTKs are currently in place in this scenario?
A. 1 GTK 8 PTKs
B. 2 GTKs 5 PTKs
C. 2 GTKs 8 PTKs
D. 3 GTKs 8 PTKs
Given: When the CCMP cipher suite is used for protection of data frames, 16 bytes of overhead are added to the Layer 2 frame. 8 of these bytes comprise the MIC.
What purpose does the encrypted MIC play in protecting the data frame?
A. The MIC is used as a first layer of validation to ensure that the wireless receiver does not incorrectly process corrupted signals.
B. The MIC provides for a cryptographic integrity check against the data payload to ensure that it matches the original transmitted data.
C. The MIC is a hash computation performed by the receiver against the MAC header to detect replay attacks prior to processing the encrypted payload.
D. The MIC is a random value generated during the 4-way handshake and is used for key mixing to enhance the strength of the derived PTK.
What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?
A. Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.
B. Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.
C. Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.
D. The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.
What security benefits are provided by endpoint security solution software? (Choose 3)
A. Can prevent connections to networks with security settings that do not conform to company policy
B. Can collect statistics about a user's network use and monitor network threats while they are connected
C. Can restrict client connections to networks with specific SSIDs and encryption types
D. Can be used to monitor for and prevent network attacks by nearby rogue clients or APs
Given: AAA is an architectural framework used to provide three separate security components in a network. Listed below are three phrases that each describe one aspect of the AAA framework. Option-1 -This AAA function is performed first and validates user identify prior to determining the network resources to which they will be granted access. Option-2 -- This function is used for monitoring and auditing purposes and includes the collection of data that identifies what a user has done while connected. Option-3 -- This function is used to designate permissions to a particular user.
What answer correctly pairs the AAA component with the descriptions provided above?
A. Option-1 Access Control Option-2 Authorization Option-3 Accounting
B. Option-1 Authentication Option-2 Accounting Option-3 Association
C. Option-1 Authorization Option-2 Access Control Option-3 Association
D. Option-1 Authentication Option-2 Accounting Option-3 Authorization
What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)
A. 802.11w frame protection protects against some Layer 2 denial-of-service (DoS) attacks, but it cannot prevent all types of Layer 2 DoS attacks.
B. When frame protection is in use, the PHY preamble and header as well as the MAC header are encrypted with 256- or 512-bit AES.
C. Authentication, association, and acknowledgment frames are protected if management frame protection is enabled, but deauthentication and disassociation frames are not.
D. Management frame protection protects disassociation and deauthentication frames.
Given: ABC Company secures their network with WPA2-Personal authentication and AES- CCMP encryption.
What part of the 802.11 frame is always protected from eavesdroppers by this type of security?
A. All MSDU contents
B. All MPDU contents
C. All PPDU contents
D. All PSDU contents
When TKIP is selected as the pairwise cipher suite, what frame types may be protected with data confidentiality? (Choose 2)
A. Robust broadcast management
B. Robust unicast management
C. Control
D. Data
E. ACK
F. QoS Data
When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?
A. The 802.1X Controlled Port is always blocked, but the Uncontrolled Port opens after the EAP authentication process completes.
B. The 802.1X Controlled Port remains blocked until an IP address is requested and accepted by the Supplicant.
C. The 4-Way Handshake must be performed before the 802.1X Controlled Port changes to the unblocked state.
D. The 802.1X Controlled Port is blocked until Vender Specific Attributes (VSAs) are exchanged inside a RADIUS packet between the Authenticator and Authentication Server.
What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?
A. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.
B. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.
C. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.
D. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-205 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.