CWSP-205 Online Practice Questions and Answers

You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer-grade wireless routers. The wireless routers will connect to a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.

To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?

A. WPA-Enterprise

B. 802.1X/EAP-PEAP

C. WPA2-Enterprise

D. WPA2-Personal

What is a primary criteria for a network to qualify as a Robust Security Network (RSN)?

A. Token cards must be used for authentication.

B. Dynamic WEP-104 encryption must be enabled.

C. WEP may not be used for encryption.

D. WPA-Personal must be supported for authentication and encryption.

E. WLAN controllers and APs must not support SSHv1.

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

A. Require Port Address Translation (PAT) on each laptop.

B. Require secure applications such as POP, HTTP, and SSH.

C. Require VPN software for connectivity to the corporate network.

D. Require WPA2-Enterprise as the minimal WLAN security solution.

What disadvantage does EAP-TLS have when compared with PEAPv0 EAP/MSCHAPv2 as an 802.11 WLAN security solution?

A. Fast/secure roaming in an 802.11 RSN is significantly longer when EAP-TLS is in use.

B. EAP-TLS does not protect the client's username and password inside an encrypted tunnel.

C. EAP-TLS cannot establish a secure tunnel for internal EAP authentication.

D. EAP-TLS is supported only by Cisco wireless infrastructure and client devices.

E. EAP-TLS requires extensive PKI use to create X.509 certificates for both the server and all clients, which increases administrative overhead.

Given: AAA is an architectural framework used to provide three separate security components in a network. Listed below are three phrases that each describe one aspect of the AAA framework. Option-1 -This AAA function is performed first and validates user identify prior to determining the network resources to which they will be granted access. Option-2 -- This function is used for monitoring and auditing purposes and includes the collection of data that identifies what a user has done while connected. Option-3 -- This function is used to designate permissions to a particular user.

What answer correctly pairs the AAA component with the descriptions provided above?

A. Option-1 Access Control Option-2 Authorization Option-3 Accounting

B. Option-1 Authentication Option-2 Accounting Option-3 Association

C. Option-1 Authorization Option-2 Access Control Option-3 Association

D. Option-1 Authentication Option-2 Accounting Option-3 Authorization

Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.

What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

A. Multi-factor authentication

B. 4-Way Handshake

C. PLCP Cyclic Redundancy Check (CRC)

D. Encrypted Passphrase Protocol (EPP)

E. Integrity Check Value (ICV)

F. Group Temporal Keys

Given: A network security auditor is preparing to perform a comprehensive assessment of an 802.11ac network's security.

What task should be performed at the beginning of the audit to maximize the auditor's ability to expose network vulnerabilities?

A. Identify the IP subnet information for each network segment.

B. Identify the manufacturer of the wireless intrusion prevention system.

C. Identify the skill level of the wireless network security administrator(s).

D. Identify the manufacturer of the wireless infrastructure hardware.

E. Identify the wireless security solution(s) currently in use.

You have been recently hired as the wireless network administrator for an organization spread across seven locations. They have deployed more than 100 APs, but they have not been managed in either an automated or manual process for more than 18 months. Given this length of time, what is one of the first things you should evaluate from a security perspective?

A. The channel widths configured

B. The channels in use

C. The VLANs in use

D. The firmware revision

Select the answer option that arranges the numbered events in the correct time sequence (first to last) for a client associating to a BSS using EAP-PEAPv0/MSCHAPv2.

1.

Installation of PTK

2.

Initiation of 4-way handshake

3.

Open system authentication

4.

802.11 association

5.

802.1X controlled port is opened for data traffic

6.

Client validates server certificate

7.

AS validates client credentials

A. 3--4--6--7--2--1--5

B. 4--3--5--2--7--6--1

C. 5--3--4--2--6--7--1

D. 6--1--3--4--2--7--5

E. 4--3--2--7--6--1--5

F. 3--4--7--6--5--2--1

Given: You have implemented strong authentication and encryption mechanisms for your enterprise

802.11 WLAN using 802.1X/EAP with AES-CCMP.

For users connecting within the headquarters office, what other security solution will provide continuous monitoring of both clients and APs with 802.11-specific tracking?

A. IPSec VPN client and server software

B. Internet firewall software

C. Wireless intrusion prevention system

D. WLAN endpoint agent software

E. RADIUS proxy server