Practice Free CWSP-207 Exam Online Questions
An employee has installed his own AP on your network. Each day when he leaves, he unplugs the AP and plugs it back in the morning. He has not implemented any security on the AP.
After months of being on the network, this “rogue” AP finally leads to a compromise of corporate secrets. Corporate security policy prohibits the installation of APs without approval.
What other requirement(s) should be added to the security policy that could have prevented this compromise? (Choose all that apply.)
- A . Monitoring for rogue devices
- B . Rogue device remediation
- C . User training
- D . Policy enforcement procedures
Before an 802.11 client STA can pass traffic through the AP, which two of the following must occur? (Choose two answers.)
- A . 802.1X
- B . EAP
- C . Association
- D . Authentication
- E . WEP keys must match
Tammy, the WLAN security engineer, has recommended to management that WPA-Personal security not be deployed within the ACME Company’s WLAN.
What are some of the reasons for Tammy’s recommendation? (Choose all that apply.)
- A . Static passphrases and PSKs are susceptible to social engineering attacks.
- B . WPA-Personal is susceptible to brute-force dictionary attacks, but WPA-Personal is not at risk.
- C . WPA-Personal uses static encryption keys.
- D . WPA-Personal uses weaker TKIP encryption.
- E . 802.11 data frames can be decrypted if the passphrase is compromised.
When configuring an 802.1X/EAP solution, what must be configured on the RADIUS server for RADIUS protocol communications with an access point? (Choose all that apply.)
- A . NAS IP addresses
- B . Digital certificates
- C . EAP protocols
- D . LDAP integration settings
- E . Authentication and authorization ports
- F . Shared secret
When used as part of a WLAN authentication solution, what is the role of LDAP?
- A . A data retrieval protocol used by an authentication service such as RADIUS
- B . An IEEE X.500 standard compliant database that participates in the 802.1X port-based access control process
- C . A SQL compliant authentication service capable of dynamic key generation and distribution
- D . A role-based access control protocol for filtering data to/from authenticated stations.
- E . An Authentication Server (AS) that communicates directly with, and provides authentication for, the Supplicant.
WLAN administrator Tammy O’Connell has been tasked with securing the corporate WLAN with 802.1X/EAP security. She has chosen to use the EAP-PEAPv0 (MSCHAPv2) protocol on the RADIUS servers and supplicants. Tammy created a root certificate using the company’s internal private Certificate Authority (CA) solution.
She also created a server certificate, which was signed by the internal private CA. The wireless clients connecting to the WLAN include a mixture of corporate Windows laptops. Employees will also be connecting with personal devices such as Android phones and tablets.
What other steps must Tammy take to ensure full functionality with 802.1X/EAP security? (Choose all that apply.)
- A . Install the server certificate on the RADIUS server.
- B . Distribute and install the server certificate to Windows laptops with GPO.
- C . Distribute and install the root CA certificate to Windows laptops with GPO.
- D . Distribute and install the server certificate to employee devices with GPO.
- E . Distribute and install the root CA certificate to employee devices with GPO.
- F . Distribute and install the server certificate to employee devices with MDM.
- G . Distribute and install the root CA certificate to employee devices with MDM.
If an 802.1X/EAP solution is not available in the enterprise, which of these security credentials should be used instead?
- A . MAC filter
- B . WPA passphrase with at least 62 bits of entropy
- C . WPA2 passphrase with at least 62 bits of entropy
- D . Static WEP key
Given: A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):
1) 802.11 Probe Req and 802.11 Probe Rsp
2) 802.11 Auth and then another 802.11 Auth
3) 802.11 Assoc Req and 802.11 Assoc Rsp
4) EAPOL-KEY
5) EAPOL-KEY
6) EAPOL-KEY
7) EAPOL-KEY
What security mechanism is being used on the WLAN?
- A . WEP-128
- B . WPA2-Personal
- C . EAP-TLS
- D . WPA-Enterprise
- E . 802.1X/LEAP
What must occur in order for dynamic TKIP/ARC4 or CCMP/AES encryption keys to be generated? (Choose all that apply.)
- A . Shared Key authentication and 4-Way Handshake
- B . 802.1X/EAP authentication and 4-Way Handshake
- C . Open System authentication and 4-Way Handshake
- D . PSK authentication and 4-Way Handshake
When deploying 802.1X/EAP security, which IETF standard RADIUS attribute can be used to encapsulate up to 255 custom RADIUS attributes?
- A . (11) Filter-id
- B . (26) Vendor-Specific
- C . (79) EAP-Message
- D . (80) Message-Authenticator
- E . (97) Frame-Encapsulator