Our staff members have got spent a lot of hours developing the CWNA practice questions and also software with the highest rated good quality to train an individual for the CWNA CWNA exam. Many of us guarantee that you will pass the CWNA real check by employing our CWNA training materials. Examcollection gives a quickest and also cheapest way on the CWNA CWNA CWSP-205 certification. It?¡¥s never a faster and also easier activity to get ready the CWNA CWNA exam without having any support. Our elaborately designed CWSP-205 exam questions with comprehensive answers are of the great support for you to acquire the CWNA CWNA certificate. The particular CWNA practice questions and answers are generally revised and verified simply by our professionals and also bear 100% accuracy. The sort of questions will be as the exact same as the real CWNA CWNA exam, that is multiple choice.
2021 Nov CWSP-205 test question
Q41. In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from 802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC's facility. ABC has always been highly security conscious, but due to budget limitations, they have not yet updated their overlay WIPS solution to 802.11n or 802.11ac. Given ABC's deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?
A. Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client
B. Rogue AP operating in Greenfield 40 MHz-only mode
C. 802.11a STA performing a deauthentication attack against 802.11n APs
D. 802.11n client spoofing the MAC address of an authorized 802.11n client
Answer: B
Q42. Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?
A. It does not support the outer identity.
B. It is not a valid EAP type.
C. It does not support mutual authentication.
D. It does not support a RADIUS server.
Answer: C
Q43. What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?
A. The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.
B. The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.
C. The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.
D. The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.
Answer: B
Q44. Given: XYZ Company has recently installed an 802.11ac WLAN. The company needs the ability to control access to network services, such as file shares, intranet web servers, and Internet access based on an employee's job responsibilities. What WLAN security solution meets this requirement?
A. An autonomous AP system with MAC filters
B. WPA2-Personal with support for LDAP queries
C. A VPN server with multiple DHCP scopes
D. A WLAN controller with RBAC features
E. A WLAN router with wireless VLAN support
Answer: D
Q45. You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4- way handshake. Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)
A. STA1 and STA2 are using different cipher suites.
B. STA2 has retransmissions of EAP frames.
C. STA1 is a reassociation and STA2 is an initial association.
D. STA1 is a TSN, and STA2 is an RSN.
E. STA1 and STA2 are using different EAP types.
Answer: E
Renewal CWSP-205 simulations:
Q46. A single AP is configured with three separate WLAN profiles, as follows:
1. SSID: ABCData BSSID: 00:11:22:00:1F:C3 VLAN 10 Security: PEAPv0/EAP- MSCHAPv2 with AES-CCMP 3 current clients
2. SSID: ABCVoice BSSID: 00:11:22:00:1F:C4 VLAN 60 Security: WPA2-Personal with AES-CCMP 2 current clients
3. SSID: Guest BSSID: 00:11:22:00:1F:C5 VLAN 90 Security: Open with captive portal authentication 3 current clients Three STAs are connected to ABCData. Three STAs are connected to Guest. Two STAs are connected to ABCVoice. How many unique GTKs and PTKs are currently in place in this scenario?
A. 1 GTK 8 PTKs
B. 2 GTKs 5 PTKs
C. 2 GTKs 8 PTKs
D. 3 GTKs 8 PTKs
Answer: B
Q47. As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods. When writing the 802.11 security policy, what password-related items should be addressed?
A. MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.
B. Password complexity should be maximized so that weak WEP IV attacks are prevented.
C. Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.
D. Certificates should always be recommended instead of passwords for 802.11 client authentication.
E. EAP-TLS must be implemented in such scenarios.
Answer: C
Q48. Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection. What security characteristics and/or components play a role in preventing data decryption? (Choose 2)
A. Multi-factor authentication
B. 4-Way Handshake
C. PLCP Cyclic Redundancy Check (CRC)
D. Encrypted Passphrase Protocol (EPP)
E. Integrity Check Value (ICV)
F. Group Temporal Keys
Answer: B, F
Q49. Given: ABC Hospital wishes to create a strong security policy as a first step in securing their
802.11 WLAN. Before creating the WLAN security policy, what should you ensure you possess?
A. Awareness of the exact vendor devices being installed
B. Management support for the process
C. End-user training manuals for the policies to be created
D. Security policy generation software
Answer: B
Q50. As a part of a large organization's security policy, how should a wireless security professional address the problem of rogue access points?
A. Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.
B. Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.
C. Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.
D. A trained employee should install and configure a WIPS for rogue detection and response measures.
E. Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.
Answer: D