• Home
  • Articles
  • [Aug 22, 2024] CWSP-207 Exam Brain Dumps - Study Notes and Theory [Q51-Q67]

[Aug 22, 2024] CWSP-207 Exam Brain Dumps - Study Notes and Theory [Q51-Q67]

Share

[Aug 22, 2024] CWSP-207 Exam Brain Dumps - Study Notes and Theory

Pass CWNP CWSP-207 Test Practice Test Questions Exam Dumps

NEW QUESTION # 51
Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).
Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

  • A. Administrative password
  • B. Output power
  • C. Cell radius
  • D. Fragmentation threshold

Answer: A


NEW QUESTION # 52
You are implementing a wireless LAN that will be used by point-of-sale (PoS) systems in a retail environment. Thirteen PoS computers will be installed. To what industry requirement should you ensure you adhere?

  • A. Directive 8500.01
  • B. PCI-DSS
  • C. ISA99
  • D. HIPAA

Answer: B


NEW QUESTION # 53
Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

  • A. Provide two or more user groups connected to the same SSID with different levels of network privileges.
  • B. Allow access to specific files and applications based on the user's WMM access category.
  • C. Allow simultaneous support for multiple EAP types on a single access point.
  • D. Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.

Answer: A


NEW QUESTION # 54
Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.
Before creating the WLAN security policy, what should you ensure you possess?

  • A. Security policy generation software
  • B. End-user training manuals for the policies to be created
  • C. Management support for the process
  • D. Awareness of the exact vendor devices being installed

Answer: C


NEW QUESTION # 55
You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:
1. SSID: Guest - VLAN 90 - Security: Open with captive portal authentication - 2 current clients
2. SSID: ABCData - VLAN 10 - Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP - 5 current clients
3. SSID: ABCVoice - VLAN 60 - Security: WPA2-Personal - 2 current clients Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.
What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?

  • A. All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.
  • B. Only the members of the executive team that are part of the multicast group configured on the media server
  • C. All clients that are associated to the AP using any SSID
  • D. All clients that are associated to the AP using the ABCData SSID

Answer: D


NEW QUESTION # 56
Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data.
What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

  • A. The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.
  • B. Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.
  • C. Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.
  • D. Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.
  • E. All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

Answer: B


NEW QUESTION # 57
Given: You are using a Wireless Aggregator utility to combine multiple packet captures. One capture exists for each of channels 1, 6 and 11. What kind of troubleshooting are you likely performing with such a tool?

  • A. Narrowband DoS attack detection.
  • B. Interference source location.
  • C. Wireless adapter failure analysis.
  • D. Fast secure roaming problems.

Answer: D


NEW QUESTION # 58
What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?

  • A. Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.
  • B. Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.
  • C. The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.
  • D. Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.

Answer: D


NEW QUESTION # 59
You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer-grade wireless routers. The wireless routers will connect to a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.
To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?

  • A. 802.1X/EAP-PEAP
  • B. WPA2-Enterprise
  • C. WPA-Enterprise
  • D. WPA2-Personal

Answer: D


NEW QUESTION # 60
Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly. When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful. Before using the WLAN protocol analyzer, Mary's laptop connected to the network without any problems.
What statement indicates why Mary cannot access the network from her laptop computer?

  • A. Mary's supplicant software is using PEAPv0/EAP-MSCHAPv2, and the access point is using PEAPv1/EAP-GTC.
  • B. The PEAP client's certificate was voided when the protocol analysis software assumed control of the wireless adapter.
  • C. The nearby WIPS sensor categorized Mary's protocol analyzer adapter as a threat and is performing a deauthentication flood against her computer.
  • D. The protocol analyzer's network interface card (NIC) drivers are still loaded and do not support the version of PEAP being used.

Answer: D


NEW QUESTION # 61
Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.
What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?

  • A. Before connecting to the bank's website, John's association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank's web server and has decrypted John's login credentials in near real-time.
  • B. The bank's web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
  • C. John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.
  • D. John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.
  • E. John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.

Answer: D


NEW QUESTION # 62
What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)

  • A. LEAP
  • B. PEAPv0/MSCHAPv2
  • C. EAP-TLS
  • D. EAP-MD5
  • E. EAP-TTLS

Answer: B,C,E


NEW QUESTION # 63
A WLAN is implemented using WPA-Personal and MAC filtering.
To what common wireless network attacks is this network potentially vulnerable? (Choose 3)

  • A. ASLEAP
  • B. Offline dictionary attacks
  • C. DoS
  • D. MAC Spoofing

Answer: B,C,D


NEW QUESTION # 64
What statement accurately describes the functionality of the IEEE 802.1X standard?

  • A. Port-based access control with mandatory support of AES-CCMP encryption
  • B. Port-based access control with support for authenticated-user VLANs only
  • C. Port-based access control, which allows three frame types to traverse the uncontrolled port: EAP, DHCP, and DNS.
  • D. Port-based access control with EAP encapsulation over the LAN (EAPoL)
  • E. Port-based access control with dynamic encryption key management and distribution

Answer: D


NEW QUESTION # 65
Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

  • A. It does not support a RADIUS server.
  • B. It does not support mutual authentication.
  • C. It does not support the outer identity.
  • D. It is not a valid EAP type.

Answer: B


NEW QUESTION # 66
What WLAN client device behavior is exploited by an attacker during a hijacking attack?

  • A. When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.
  • B. As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-to-client connections, even in an infrastructure BSS.
  • C. Client drivers scan for and connect to access points in the 2.4 GHz band before scanning the 5 GHz band.
  • D. When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.
  • E. After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.

Answer: D


NEW QUESTION # 67
......

Verified CWSP-207 dumps Q&As - CWSP-207 dumps with Correct Answers: https://examcollection.bootcamppdf.com/CWSP-207-exam-actual-tests.html

Related Articles

more
CWNP CWSP-207 Certification Practice Exam

As a professional IT certification exam braindumps provider we offer you not only exam questions and answers but also the most accurate test bootcamp and money guarantee. Latest exam collection materials guarantee you 100% pass.

Latest Bootcamp Pdf

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 BootcampPDF NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy