Which one of the following describes the correct hierarchy of 802.1X authentication key derivation?
A. The MSK is generated from the 802.1X/EAP authentication. The PMK is derived from the MSK. The PTK is derived from the PMK, and the keys used for actual data encryption are a part of the PTK.
B. If passphrase-based client authentication is used by the EAP type, the PMK is mapped directly from the user's passphrase. The PMK is then used during the 4-way handshake to create data encryption keys.
C. After successful EAP authentication, the RADIUS server generates a PMK. A separate key, the MSK, is derived from the AAA key and is hashed with the PMK to create the PTK and GTK.
D. The PMK is generated from a successful mutual EAP authentication. When mutual authentication is not used, an MSK is created. Either of these two keys may be used to derive the temporal data encryption keys during the 4-way handshake.
What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?
A. The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.
B. The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.
C. The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.
D. The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.
Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)
A. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.
B. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.
C. In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.
D. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.
Given: XYZ Company has recently installed an 802.11ac WLAN. The company needs the ability to control access to network services, such as file shares, intranet web servers, and Internet access based on an employee's job responsibilities.
What WLAN security solution meets this requirement?
A. An autonomous AP system with MAC filters
B. WPA2-Personal with support for LDAP queries
C. A VPN server with multiple DHCP scopes
D. A WLAN controller with RBAC features
E. A WLAN router with wireless VLAN support
When used as part of a WLAN authentication solution, what is the role of LDAP?
A. A data retrieval protocol used by an authentication service such as RADIUS
B. An IEEE X.500 standard compliant database that participates in the 802.1X port-based access control process
C. A SQL compliant authentication service capable of dynamic key generation and distribution
D. A role-based access control protocol for filtering data to/from authenticated stations.
E. An Authentication Server (AS) that communicates directly with, and provides authentication for, the Supplicant.
When implementing a WPA2-Enterprise security solution, what protocol must the selected RADIUS server support?
A. LWAPP, GRE, or CAPWAP
B. IPSec/ESP
C. EAP
D. CCMP and TKIP
E. LDAP
Given: You are using WEP as an encryption solution. You are using VLANs for network segregation.
Why can you not establish an RSNA?
A. RSNA connections require TKIP or CCMP.
B. RSNA connections require BIP and do not support TKIP, CCMP or WEP.
C. RSNA connections require CCMP and do not support TKIP or WEP.
D. RSNA connections do not work in conjunction with VLANs.
What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?
A. Fast/secure roaming in an 802.11 RSN is significantly longer when EAP-TLS is in use.
B. EAP-TLS does not protect the client's username and password inside an encrypted tunnel.
C. EAP-TLS cannot establish a secure tunnel for internal EAP authentication.
D. EAP-TLS is supported only by Cisco wireless infrastructure and client devices.
E. EAP-TLS requires extensive PKI use to create X.509 certificates for both the server and all clients, which increases administrative overhead.
Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company's employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.
What security implementation will allow the network administrator to achieve this goal?
A. Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect.
B. Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect.
C. Implement two separate SSIDs on the AP--one for WPA-Personal using TKIP and one for WPA2Personal using AES-CCMP.
D. Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP.
What wireless security protocol provides mutual authentication without using an X.509 certificate?
A. EAP-FAST
B. EAP-MD5
C. EAP-TLS
D. PEAPv0/EAP-MSCHAPv2
E. EAP-TTLS
F. PEAPv1/EAP-GTC
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CWNP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CWSP-205 exam preparations and CWNP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.