Free CWNP CWSP-208 Exam Questions

Question 1

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

A : Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B : Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C : Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D : A trained employee should install and configure a WIPS for rogue detection and response measures.

E : Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Answer: D

Question 2

Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering). How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

A : The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.

B : The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.

C : The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.

D : The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.

Answer: B

Question 3

What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?

A : Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.

B : Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.

C : Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.

D : The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.

Answer: B

Question 4

Given: In a security penetration exercise, a WLAN consultant obtains the WEP key of XYZ Corporation’s wireless network. Demonstrating the vulnerabilities of using WEP, the consultant uses a laptop running a software AP in an attempt to hijack the authorized user’s connections. XYZ’s legacy network is using 802.11n APs with 802.11b, 11g, and 11n client devices. With this setup, how can the consultant cause all of the authorized clients to establish Layer 2 connectivity with the software access point?

A : All WLAN clients will reassociate to the consultant’s software AP if the consultant’s software AP provides the same SSID on any channel with a 10 dB SNR improvement over the authorized AP.

B : A higher SSID priority value configured in the Beacon frames of the consultant’s software AP will take priority over the SSID in the authorized AP, causing the clients to reassociate.

C : When the RF signal between the clients and the authorized AP is temporarily disrupted and the consultant’s software AP is using the same SSID on a different channel than the authorized AP, the clients will reassociate to the software AP.

D : If the consultant’s software AP broadcasts Beacon frames that advertise 802.11g data rates that are faster rates than XYZ’s current 802.11b data rates, all WLAN clients will reassociate to the faster AP.

Answer: C

Question 5