Practice Free CWSP-207 Exam Online Questions
In a guest firewall policy, what are some of the ports that are recommended to be permitted? (Choose all that apply.)
- A . TCP 22
- B . UDP 53
- C . TCP 443
- D . TCP 110
- E . UDP 4500
Which encryption types can be used to encrypt and decrypt unicast traffic with the pairwise transient key (PTK) that is generated from a 4-Way Handshake? (Choose all that apply.)
- A . Temporal Key Integrity Protocol
- B . 3-DES
- C . Dynamic WEP
- D . CCMP
- E . Proprietary encryption
- F . Static WEP
In a robust security network (RSN), which 802.11 management frames are used by client stations to inform an access point about the RSNA security capabilities of the client STAs? (Choose all that apply.)
- A . Beacon management frame
- B . Probe request frame
- C . Probe response frame
- D . Association request frame
- E . Reassociation response frame
- F . Reassociation request frame
- G . Association response frame
Which of these devices serve as a key holder for the PMK-R1 key created during a fast BSS transition? (Choose all that apply.)
- A . WLAN controller
- B . Client stations
- C . Access points
- D . RADIUS server
- E . Access layer switch
When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?
- A . The 802.1X Controlled Port is always blocked, but the Uncontrolled Port opens after the EAP authentication process completes.
- B . The 802.1X Controlled Port remains blocked until an IP address is requested and accepted by the Supplicant.
- C . The 4-Way Handshake must be performed before the 802.1X Controlled Port changes to the unblocked state.
- D . The 802.1X Controlled Port is blocked until Vender Specific Attributes (VSAs) are exchanged inside a RADIUS packet between the Authenticator and Authentication Server.
Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems.
While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.
As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)
- A . MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.
- B . MS-CHAPv2 is subject to offline dictionary attacks.
- C . LEAP’s use of MS-CHAPv2 is only secure when combined with WEP.
- D . MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.
- E . MS-CHAPv2 uses AES authentication, and is therefore secure.
- F . When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.
You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions.
Which of the following statements is true regarding integrated WIPS solutions?
- A . Integrated WIPS always perform better from a client throughput perspective because the same radio that performs the threat scanning also services the clients.
- B . Integrated WIPS use special sensors installed alongside the APs to scan for threats.
- C . Many integrated WIPS solutions that detect Voice over Wi-Fi traffic will cease scanning altogether to accommodate the latency sensitive client traffic.
- D . Integrated WIPS is always more expensive than overlay WIPS.
When you are troubleshooting client connectivity problems with a client using 802.1X/EAP security, what is the first action you should take to investigate a potential Layer 1 problem?
- A . Reboot the WLAN client.
- B . Verify the root CA certificate.
- C . Verify the EAP protocol.
- D . Disable and re-enable the client radio network interface.
- E . Verify the server certificate.
What type of WLAN attacks might be detected by a distributed WIDS/WIPS solution using a behavioral analysis software engine? (Choose all that apply.)
- A . EAP flood attack
- B . Deauthentication attack
- C . Protocol fuzzing
- D . Fake AP attack
- E . CTS flood attack
- F . Zero day attack
Given: ABC Corporation’s 802.11 WLAN is comprised of a redundant WLAN controller pair (N+1) and 30 access points implemented in 2004.
ABC implemented WEP encryption with IPSec VPN technology to secure their wireless communication because it was the strongest security solution available at the time it was implemented.
IT management has decided to upgrade the WLAN infrastructure and implement Voice over Wi- Fi and is concerned with security because most Voice over Wi-Fi phones do not support IPSec.
As the wireless network administrator, what new security solution would be best for protecting ABC’s data?
- A . Migrate corporate data clients to WPA-Enterprise and segment Voice over Wi-Fi phones by assigning them to a different frequency band.
- B . Migrate corporate data and Voice over Wi-Fi devices to WPA2-Enterprise with fast secure roaming support, and segment Voice over Wi-Fi data on a separate VLAN.
- C . Migrate to a multi-factor security solution to replace IPSec; use WEP with MAC filtering, SSID hiding, stateful packet inspection, and VLAN segmentation.
- D . Migrate all 802.11 data devices to WPA-Personal, and implement a secure DHCP server to allocate addresses from a segmented subnet for the Voice over Wi-Fi phones.