PW0-204 - Certified Wireless Security Professional (CWSP)
Go back to CWNP - Certified Wireless Security Professional
Which of the following attacks saturates network resources and disrupts services to a specific computer?
Denial-of-Service (DoS) attack
Which of the following would be the most help against Denial of Service (DOS) attacks?
Stateful Packet Inspection (SPI) firewall
Your client has a brand new laptop. He is trying to connect to his home network, which is using an older (802.11b) wireless router. The router is set for encryption but not MAC filtering. What is the most likely problem?
His laptop is using the WPA encryption protocol.
You are setting up small offices for a major insurance carrier. The company policy states that all wireless configurations must fully implement the 802.11i standard. Based on this requirement, which encryption algorithm should you implement?
Which of the following keys is derived from Group Master Key (GMK)?
Group Temporal Key
What penetative measures are performed by a WIPS against intrusions?
Uses SNMP to disable the switch port to which rogue APs connect
Deauthentication attack against a classified neighbor AP
Which of the following are the layers of physical security? Each correct answer represents a complete solution. Choose all that apply.
Procedural access control
Intrusion detection system
You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate the DoS attack on a computer network of SecureEnet Inc. Which of the following methods will you perform to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.
Look for core files or crash dumps on the affected systems.
Sniff network traffic to the failing machine.
Look for unusual traffic on Internet connections and network segments.
Which of the following is a wireless device that is created to allow a cracker to conduct a man-in the- middle attack?
Rogue access point
When using a tunneled EAP type, what is protected from clear text across the wireless medium?
After completing the installation of new overlay WIPS, what baseline function MUST be performed?
Classify the authorized, neighbor, and rogue WLAN devices.
Which of the following methods can be used to detect a rogue access point in order to enhance the security of the network? Each correct answer represents a complete solution. Choose all that apply.
Check in the managed AP list
Use of wireless sniffing tools
Given: WLAN protocol analyzers can read and reject many wireless frame parameters. What parameter is needed to physically locate rogue APs with a protocol analyzer?
Which of the following tools is John using to crack the wireless encryption keys?
When opportunistic key caching (OKC) is supported on the wireless network, what steps must occur before a successful roam is completed? (Choose 2)
EAP authentication must be conducted between the supplicant and AS
The authenticator must query the RADIUS server to validate the supplicant
You work as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain-based network. The company has a main office and several branch offices. You want to centralize the administration. Therefore, you implement a Remote Authentication Dial-In Service (RADIUS) server. Each branch office supports its own Routing and Remote Access Server. You remove the default remote access policy, as you want to secure communications and implement a single policy that requires all dial-up communications to use a 40-bit encryption. What will you do to accomplish this? Each correct answer represents a part of the solution. Choose two.
Set the level of encryption to Basic in the remote access policy.
Create a remote access policy on the RADIUS server.
Which of the following security protocols uses a single, manually configured, static key for data encryption that is shared by the client and the WAP?
Which of the following monitors program activities and modifies malicious activities on a system?
Which of the following attacks is used to obtain a user's authentication credentials?
Brute force attack
Given: A WLAN protocol analyzer captured the illustrated frame trace of an 802.11g (ERP) client station connecting to an 802.11g access point. What is shown in included frame trace? (Choose 4)
802.11 open system authentication
The IEEE 802.11 pairwise transient key (PTK) is derived from what cryptographic element?
Pairwise master key (PMK)
Which of the following methods are capable of operating in wireless networks? Each correct answer represents a complete solution. Choose all that apply.
Which of the following is an application protocol that is used to query and modify data using directory services running over TCP/IP?
What different security benefits are provided by endpoint security solution software? (Choose 3)
Can collect statistics about a user’s network use and monitor network threats while they are connected.
Can prevent connections to networks with security settings that do not confirm to company policy.
Can restrict client connections to network with specific SSIDs and encryption types.
Which of the following security methods can be used to detect the DoS attack in order to enhance the security of the network?
Which of the following wireless security policies helps to prevent the wireless enabled laptops from peer-to-peer attacks when the laptops are used in public access network?
Use security protocols.
Which of the following types of attacks come under the category of hacker attacks? Each correct answer represents a complete solution. Choose all that apply.
IP address spoofing
Which of the following attacks are examples of Denial-of-service attacks (DoS)? Each correct answer represents a complete solution. Choose all that apply.
Ping flood attack
Which of the following are the components of wireless intrusion prevention system (WIPS)? Each correct answer represents a complete solution. Choose all that apply.
A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department. What security risk does this present?
An unauthorized WAP is one way for hackers to get into a network.
Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer? Each correct answer represents a complete solution. Choose two.
Information of probing for networks can be viewed using a wireless analyzer and may be used to gain access.
Attacker by creating a fake wireless network with high power antenna cause Victor's computer to associate with his network to gain access.
You work as a network administrator for Web Perfect Inc. You configure both WPA and EAP authentications on a client computer in the company's wireless network. Where will the encryption key be located during the active user session? Each correct answer represents a part of the solution. Choose two.
On the AP
On the client
What limitations are present with PMK caching (or PMKSA caching) when 802.1X/EAP authentication is in use?
PMK caching allows to fast roaming between APs when they are managed by a single controller, but it does not support inter-controller handoffs
Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2- Enterprise security. The administrator has confirmed a security profile on the WLAN controller for each group within the company (manufacturing, sales, and engineering) How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?
The RADIUS server forwards a request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.
What WLAN client device behavior is exploited by an attacker during a hijacking attack?
When the RF signal between a client and in an access point is disrupted for more than a few seconds, the client device will repeatedly attempt the reestablish both layer 2 and layer 3 connections.
The following numbered items show the contents of the four frames exchanged during the 4-way handshake. Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.
3, 4, 1, 2
Role-based access control (RBAC) allows a WLAN administrator to perform that network function?
Provide differing levels of management access to a WLAN controller based on the user account.
Which of the following keys is derived by Pairwise Master Key (PMK)?
Pairwise Transient Key
What security weakness is presented in pre-RSNA system using 802.1X with dynamic WEP?
There is support for authentication of individual users.
You are the Administrator for a corporate network. You are concerned about denial of service attacks. Which of the following would be the most help against Denial of Service (DOS) attacks?
Stateful Packet Inspection (SPI) firewall
What elements should be addressed by a WLAN security policy? (Choose 2)
End user training for password selection and acceptable network use
Social engineering recognition and mitigation technique.
Which of the following is a common Windows authentication protocol used by the IEEE 802.1X security standard?
What one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in 802.11WLAN?
EAP-TTLS does not require the use of PKI.
In an effort to optimize WLAN performance ABC Company has already upgraded their infrastructure from 802 11b/gto802 11n. ABC has always been highly security conscious but they are concerned with security threats introduced by incompatibilities between 802.11n and 802.11a/g in the past.ABC has performed manual and automated scans with products that were originally designed for use in 802 11a/g networks.Including laptop-based spectrum and protocol analyzers as well as an overlay 802 11a/g WIPS solution.ABC has sought your input to understand and respond to potential security threats. In ABC’s network environment, what type of devices would be capable of identifying rouge APs that use HT Greenfield 40 MHZ channels? (Choose 3)
802.11n WPS sensor with a single 2x2 radio
The company’s current laptop-based protocol analysis tools
WIPS solution that is integrated in the company’s AP infrastructure
What type of system is installed in graphics?
Wireless Intrusion Prevention System
ABC Company uses the wireless network for highly sensitive network traffic. For that reason they intend to protect there network in all possible ways. They are continually researching new network threats and new preventative measure. They are interested in the security benefits of 802.11w, but would like to know its limitations. What types of wireless attacks are protected by 802.11w? (Choose 2)
Layer 2 Disassociation attacks
Robust management frame replay attacks
Which of the following protocols is used to provide on-demand authentication within an ongoing data transmission?
Which of the following are the three main intended goals of WEP encryption? Each correct answer represents a complete solution. Choose all that apply.
Which of the following provides the best protection against a man-in-the-middle attack?
Which of the following key types are defined in the 802.11i Authentication and Key Management (AKM)? Each correct answer represents a complete solution. Choose all that apply.
A. Pairwise Master Key (PMK)
Group Master Key (GMK)
Pairwise Transient Key (PTK
Group Temporal Key (GTK)