New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CWSP-207 Questions and Answers

Question # 6

Given: Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.

While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)

A.

Man-in-the-Middle

B.

Wi-Fi phishing

C.

Management interface exploits

D.

UDP port redirection

E.

IGMP snooping

Full Access
Question # 7

Given: In XYZ’s small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.

What statement about the WLAN security of this company is true?

A.

Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.

B.

A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.

C.

An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.

D.

An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user’s 4-Way Handshake.

E.

Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.

Full Access
Question # 8

Given: WLAN attacks are typically conducted by hackers to exploit a specific vulnerability within a network.

What statement correctly pairs the type of WLAN attack with the exploited vulnerability? (Choose 3)

A.

Management interface exploit attacks are attacks that use social engineering to gain credentials from managers.

B.

Zero-day attacks are always authentication or encryption cracking attacks.

C.

RF DoS attacks prevent successful wireless communication on a specific frequency or frequency range.

D.

Hijacking attacks interrupt a user’s legitimate connection and introduce a new connection with an evil twin AP.

E.

Social engineering attacks are performed to collect sensitive information from unsuspecting users

F.

Association flood attacks are Layer 3 DoS attacks performed against authenticated client stations

Full Access
Question # 9

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

A.

Require Port Address Translation (PAT) on each laptop.

B.

Require secure applications such as POP, HTTP, and SSH.

C.

Require VPN software for connectivity to the corporate network.

D.

Require WPA2-Enterprise as the minimal WLAN security solution.

Full Access
Question # 10

Given: During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text.

From a security perspective, why is this significant?

A.

The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.

B.

The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.

C.

4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.

D.

The username can be looked up in a dictionary file that lists common username/password combinations.

Full Access
Question # 11

Given: The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions.

What are three uses for such a tool? (Choose 3)

A.

Transmitting a deauthentication frame to disconnect a user from the AP.

B.

Auditing the configuration and functionality of a WIPS by simulating common attack sequences

C.

Probing the RADIUS server and authenticator to expose the RADIUS shared secret

D.

Cracking the authentication or encryption processes implemented poorly in some WLANs

Full Access
Question # 12

What WLAN client device behavior is exploited by an attacker during a hijacking attack?

A.

When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.

B.

When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.

C.

After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.

D.

As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-to-client connections, even in an infrastructure BSS.

E.

Client drivers scan for and connect to access points in the 2.4 GHz band before scanning the 5 GHz band.

Full Access
Question # 13

Given: In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation’s wireless network. Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user’s connections. XYZ’s legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices.

With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?

A.

All WLAN clients will reassociate to the consultant’s software AP if the consultant’s software AP provides the same SSID on any channel with a 10 dB SNR improvement over the authorized AP.

B.

A higher SSID priority value configured in the Beacon frames of the consultant’s software AP will take priority over the SSID in the authorized AP, causing the clients to reassociate.

C.

When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant’s software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software AP.

D.

If the consultant’s software AP broadcasts Beacon frames that advertise 802.11g data rates that are faster rates than XYZ’s current 802.11b data rates, all WLAN clients will reassociate to the faster AP.

Full Access
Question # 14

You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer-grade wireless routers. The wireless routers will connect to a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.

To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?

A.

WPA-Enterprise

B.

802.1X/EAP-PEAP

C.

WPA2-Enterprise

D.

WPA2-Personal

Full Access
Question # 15

An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?

A.

Man-in-the-middle

B.

Hijacking

C.

ASLEAP

D.

DoS

Full Access
Question # 16

The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?

A.

Phase Shift Key (PSK)

B.

Group Master Key (GMK)

C.

Pairwise Master Key (PMK)

D.

Group Temporal Key (GTK)

E.

PeerKey (PK)

F.

Key Confirmation Key (KCK)

Full Access
Question # 17

Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).

Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

A.

Fragmentation threshold

B.

Administrative password

C.

Output power

D.

Cell radius

Full Access
Question # 18

What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?

A.

The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.

B.

The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.

C.

The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.

D.

The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.

Full Access
Question # 19

After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?

A.

Authorized PEAP usernames must be added to the WIPS server’s user database.

B.

WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

C.

Separate security profiles must be defined for network operation in different regulatory domains

D.

Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

Full Access
Question # 20

Given: A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):

1) 802.11 Probe Req and 802.11 Probe Rsp

2) 802.11 Auth and then another 802.11 Auth

3) 802.11 Assoc Req and 802.11 Assoc Rsp

4) EAPOL-KEY

5) EAPOL-KEY

6) EAPOL-KEY

7) EAPOL-KEY

What security mechanism is being used on the WLAN?

A.

WEP-128

B.

WPA2-Personal

C.

EAP-TLS

D.

WPA-Enterprise

E.

802.1X/LEAP

Full Access
Question # 21

Given: A network security auditor is preparing to perform a comprehensive assessment of an 802.11ac network’s security.

What task should be performed at the beginning of the audit to maximize the auditor’s ability to expose network vulnerabilities?

A.

Identify the IP subnet information for each network segment.

B.

Identify the manufacturer of the wireless intrusion prevention system.

C.

Identify the skill level of the wireless network security administrator(s).

D.

Identify the manufacturer of the wireless infrastructure hardware.

E.

Identify the wireless security solution(s) currently in use.

Full Access
Question # 22

Given: WLAN protocol analyzers can read and record many wireless frame parameters.

What parameter is needed to physically locate rogue APs with a protocol analyzer?

A.

SSID

B.

IP Address

C.

BSSID

D.

Signal strength

E.

RSN IE

F.

Noise floor

Full Access
Question # 23

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

A.

AKM Suite List

B.

Group Cipher Suite

C.

RSN Capabilities

D.

Pairwise Cipher Suite List

Full Access
Question # 24

ABC Company requires the ability to identify and quickly locate rogue devices. ABC has chosen an overlay WIPS solution with sensors that use dipole antennas to perform this task. Use your knowledge of location tracking techniques to answer the question.

In what ways can this 802.11-based WIPS platform determine the location of rogue laptops or APs? (Choose 3)

A.

Time Difference of Arrival (TDoA)

B.

Angle of Arrival (AoA)

C.

Trilateration of RSSI measurements

D.

GPS Positioning

E.

RF Fingerprinting

Full Access
Question # 25

What security vulnerabilities may result from a lack of staging, change management, and installation procedures for WLAN infrastructure equipment? (Choose 2)

A.

The WLAN system may be open to RF Denial-of-Service attacks

B.

WIPS may not classify authorized, rogue, and neighbor APs accurately

C.

Authentication cracking of 64-bit Hex WPA-Personal PSK

D.

Management interface exploits due to the use of default usernames and passwords for AP management

E.

AES-CCMP encryption keys may be decrypted

Full Access
Question # 26

You must locate non-compliant 802.11 devices. Which one of the following tools will you use and why?

A.

A spectrum analyzer, because it can show the energy footprint of a device using WPA differently from a device using WPA2.

B.

A spectrum analyzer, because it can decode the PHY preamble of a non-compliant device.

C.

A protocol analyzer, because it can be used to view the spectrum energy of non-compliant 802.11 devices, which is always different from compliant devices.

D.

A protocol analyzer, because it can be used to report on security settings and regulatory or rule compliance

Full Access
Question # 27

What attack cannot be detected by a Wireless Intrusion Prevention System (WIPS)?

A.

MAC Spoofing

B.

Eavesdropping

C.

Hot-spotter

D.

Soft AP

E.

Deauthentication flood

F.

EAP flood

Full Access