Free Certified Wireless Security Professional (CWSP) Exam CWSP-208 Exam Practice Test

Given: ABC Company secures their network with WPA2-Personal authentication and AES-CCMP encryption.What part of the 802.11 frame is always protected from eavesdroppers by this type of security?

• All MSDU contents
• All MPDU contents
• All PPDU contents
• All PSDU contents

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.Before creating the WLAN security policy, what should you ensure you possess?

• Awareness of the exact vendor devices being installed
• Management support for the process
• End-user training manuals for the policies to be created
• Security policy generation software

What elements should be addressed by a WLAN security policy? (Choose 2)

• Enabling encryption to prevent MAC addresses from being sent in clear text
• How to prevent non-IT employees from learning about and reading the user security policy
• End-user training for password selection and acceptable network use
• The exact passwords to be used for administration interfaces on infrastructure devices
• Social engineering recognition and mitigation techniques

Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank’s website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John’s bank account user ID and password and exploit this information.What likely scenario could have allowed the hacker to obtain John’s bank account user ID and password?

• John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.
• John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.
• John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.
• The bank’s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
• Before connecting to the bank’s website, John’s association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank’s web server and has decrypted John’s login credentials in near real-time.

The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

• Group Key Handshake
• 802.1X/EAP authentication
• DHCP Discovery
• 4-Way Handshake
• Passphrase-to-PSK mapping
• RADIUS shared secret lookup

Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.In this remote scenario, what single wireless security practice will provide the greatest security for Fred?

• Use an IPSec VPN for connectivity to the office network
• Use only HTTPS when agreeing to acceptable use terms on public networks
• Use enterprise WIPS on the corporate office network
• Use WIPS sensor software on the laptop to monitor for risks and attacks
• Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots
• Use secure protocols, such as FTP, for remote file transfers.

Given: The Marketing department’s WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.What single WLAN security feature should be implemented to comply with these requirements?

• Mutual authentication
• Captive portal
• Role-based access control
• Group authentication
• RADIUS policy accounting

You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions. Which of the following statements is true regarding integrated WIPS solutions?

• Integrated WIPS always perform better from a client throughput perspective because the same radio that performs the threat scanning also services the clients.
• Integrated WIPS use special sensors installed alongside the APs to scan for threats.
• Many integrated WIPS solutions that detect Voice over Wi-Fi traffic will cease scanning altogether to accommodate the latency sensitive client traffic.
• Integrated WIPS is always more expensive than overlay WIPS.

What protocols allow a network administrator to securely manage the configuration of WLAN controllers and access points? (Choose 2)

• SNMPv1
• HTTPS
• Telnet
• TFTP
• FTP
• SSHv2

Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other users’ traffic, the attacker must obtain certain information from the 4-way handshake of the other users.In addition to knowing the Pairwise Master Key (PMK) and the supplicant’s address (SA), what other three inputs must be collected with a protocol analyzer to recreate encryption keys? (Choose 3)

• Authenticator nonce
• Supplicant nonce
• Authenticator address (BSSID)
• GTKSA
• Authentication Server nonce