CWNA CWNA certification is regarded since one of the most extremely demanded certifications around the globe. Within the field associated with IT, CWNA CWSP-205 certification is something every person is eager to get. When you attempt to get promotion as well as change job, you will have the advantage over various other workmates or candidates in case you have a CWNA CWNA certification inside hand.

2021 Oct CWSP-205 sample question

Q51. You have been recently hired as the wireless network administrator for an organization spread across seven locations. They have deployed more than 100 APs, but they have not been managed in either an automated or manual process for more than 18 months. Given this length of time, what is one of the first things you should evaluate from a security perspective? 

A. The channel widths configured 

B. The channels in use 

C. The VLANs in use 

D. The firmware revision 

Answer:


Q52. Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company's employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity. What security implementation will allow the network administrator to achieve this goal? 

A. Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect. 

B. Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect. 

C. Implement two separate SSIDs on the AP--one for WPA-Personal using TKIP and one for WPA2-Personal using AES-CCMP. 

D. Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP. 

Answer:


Q53. What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots? 

A.  Require Port Address Translation (PAT) on each laptop. 

B.  Require secure applications such as POP, HTTP, and SSH. 

C. Require VPN software for connectivity to the corporate network. 

D. Require WPA2-Enterprise as the minimal WLAN security solution. 

Answer:


Q54. Given: An 802.1X/EAP implementation includes an Active Directory domain controller running Windows Server 2012 and an AP from a major vendor. A Linux server is running RADIUS and it queries the domain controller for user credentials. A Windows client is accessing the network. What device functions as the EAP Supplicant? 

A. Linux server 

B. Windows client 

C. Access point 

D. Windows server 

E. An unlisted switch 

F. An unlisted WLAN controller 

Answer:


Q55. Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks. In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2) 

A. Intruders can send spam to the Internet through the guest VLAN. 

B. Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented. 

C. Unauthorized users can perform Internet-based network attacks through the WLAN. 

D. Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked. 

E. Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs. 

Answer: AC 


Abreast of the times CWSP-205 practice test:

Q56. A WLAN is implemented using WPA-Personal and MAC filtering. To what common wireless network attacks is this network potentially vulnerable? (Choose 3) 

A. Offline dictionary attacks 

B. MAC Spoofing 

C. ASLEAP 

D. DoS 

Answer: A, B, D 


Q57. ABC Company has deployed a Single Channel Architecture (SCA) solution to help overcome some of the common problems with client roaming. In such a network, all APs are configured with the same channel and BSSID. PEAPv0/EAP-MSCHAPv2 is the only supported authentication mechanism. As the Voice over Wi-Fi (STA-1) client moves throughout this network, what events are occurring? 

A. STA-1 initiates open authentication and 802.11 association with each AP prior to roaming. 

B. The WLAN controller is querying the RADIUS server for authentication before the association of STA-1 is moved from one AP to the next. 

C. STA-1 controls when and where to roam by using signal and performance metrics in accordance with the chipset drivers and 802.11k. 

D. The WLAN controller controls the AP to which STA-1 is associated and transparently moves this association in accordance with the physical location of STA-1. 

Answer:


Q58. You work as the security administrator for your organization. In relation to the WLAN, you are viewing a dashboard that shows security threat, policy compliance and rogue threat charts. 

What type of system is in view? 

A. Wireshark Protocol Analyzer 

B. Wireless VPN Management Systems 

C. Wireless Intrusion Prevention System 

D. Distributed RF Spectrum Analyzer 

E. WLAN Emulation System 

Answer:


Q59. Given: ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication. How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution? 

A. Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool. 

B. Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server. 

C. Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases. 

D. Implement a RADIUS server and query user authentication requests through the LDAP server. 

Answer:


Q60. After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats? 

A. Authorized PEAP usernames must be added to the WIPS server's user database. 

B. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices. 

C. Separate security profiles must be defined for network operation in different regulatory domains D. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met. 

Answer: