
[2024年06月]更新のCWSP-207試験問題集合格させるのは2024年最新のCWNP Wireless Security Professional (CWSP)
無料で使えるCWSP-207試験問題集で合格させるお手軽に試験合格
質問 # 64
You have been recently hired as the wireless network administrator for an organization spread across seven locations. They have deployed more than 100 APs, but they have not been managedin either an automated or manual process for more than 18 months. Given this length of time, what is one of the first things you should evaluate from a security perspective?
- A. The channels in use
- B. The channel widths configured
- C. The VLANs in use
- D. The firmware revision
正解:D
質問 # 65
Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.
What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?
- A. Before connecting to the bank's website, John's association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank's web server and has decrypted John's login credentials in near real-time.
- B. John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.
- C. John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.
- D. The bank's web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
- E. John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.
正解:C
質問 # 66
Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization.
What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)
- A. The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.
- B. RADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.
- C. RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.
- D. RADIUS can reassign a client's 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.
- E. The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.
正解:B、E
質問 # 67
Given: You have implemented strong authentication and encryption mechanisms for your enterprise 802.11 WLAN using 802.1X/EAP with AES-CCMP.
For users connecting within the headquarters office, what other security solution will provide continuous monitoring of both clients and APs with 802.11-specific tracking?
- A. RADIUS proxy server
- B. Wireless intrusion prevention system
- C. WLAN endpoint agent software
- D. IPSec VPN client and server software
- E. Internet firewall software
正解:B
質問 # 68
Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).
How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?
- A. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.
- B. The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.
- C. The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a
4-Way Handshake prior to user authentication. - D. The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.
正解:A
質問 # 69
In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?
- A. In home networks in which file and printer sharing is enabled
- B. In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities
- C. In university environments using multicast video training sourced from professor's laptops
- D. At public hot-spots in which many clients use diverse applications
正解:D
質問 # 70
When monitoring APs within a LAN using a Wireless Network Management System (WNMS), what secure protocol may be used by the WNMS to issue configuration changes to APs?
- A. 802.1X/EAP
- B. PPTP
- C. IPSec/ESP
- D. TFTP
- E. SNMPv3
正解:E
質問 # 71
Given: ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS-CHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hot-spot include:
* Cannot access corporate network resources
* Network permissions are limited to Internet access
* All stations must be authenticated
What security controls would you suggest? (Choose the single best answer.)
- A. Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.
- B. Force all guest users to use a common VPN protocol to connect.
- C. Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.
- D. Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.
- E. Implement separate controllers for the corporate and guest WLANs.
正解:C
質問 # 72
Given: XYZ Company has recently installed an 802.11ac WLAN. The company needs the ability to control access to network services, such as file shares, intranet web servers, and Internet access based on an employee's job responsibilities.
What WLAN security solution meets this requirement?
- A. A VPN server with multiple DHCP scopes
- B. WPA2-Personal with support for LDAP queries
- C. A WLAN router with wireless VLAN support
- D. A WLAN controller with RBAC features
- E. An autonomous AP system with MAC filters
正解:D
質問 # 73
Given: A WLAN protocol analyzer trace reveals the following sequence of frames (excluding the ACK frames):
1) 802.11 Probe Req and 802.11 Probe Rsp
2) 802.11 Auth and then another 802.11 Auth
3) 802.11 Assoc Req and 802.11 Assoc Rsp
4) EAPOL-KEY
5) EAPOL-KEY
6) EAPOL-KEY
7) EAPOL-KEY
What security mechanism is being used on the WLAN?
- A. WPA-Enterprise
- B. 802.1X/LEAP
- C. WEP-128
- D. WPA2-Personal
- E. EAP-TLS
正解:D
質問 # 74
When used as part of a WLAN authentication solution, what is the role of LDAP?
- A. A role-based access control protocol for filtering data to/from authenticated stations.
- B. An IEEE X.500 standard compliant database that participates in the 802.1X port-based access control process
- C. A data retrieval protocol used by an authentication service such as RADIUS
- D. A SQL compliant authentication service capable of dynamic key generation and distribution
- E. An Authentication Server (AS) that communicates directly with, and provides authentication for, the Supplicant.
正解:C
質問 # 75
ABC Company has deployed a Single Channel Architecture (SCA) solution to help overcome some of the common problems with client roaming. In such a network, all APs are configured with the same channel and BSSID. PEAPv0/EAP-MSCHAPv2 is the only supported authentication mechanism.
As the Voice over Wi-Fi (STA-1) client moves throughout this network, what events are occurring?
- A. The WLAN controller controls the AP to which STA-1 is associated and transparently moves this association in accordance with the physical location of STA-1.
- B. STA-1 initiates open authentication and 802.11 association with each AP prior to roaming.
- C. STA-1 controls when and where to roam by using signal and performance metrics in accordance with the chipset drivers and 802.11k.
- D. The WLAN controller is querying the RADIUS server for authentication before the association of STA-1 is moved from one AP to the next.
正解:A
質問 # 76
An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?
- A. Man-in-the-middle
- B. DoS
- C. Hijacking
- D. ASLEAP
正解:B
質問 # 77
Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data.
What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?
- A. Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.
- B. The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.
- C. Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.
- D. All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.
- E. Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.
正解:A
質問 # 78
What TKIP feature was introduced to counter the weak integrity check algorithm used in WEP?
- A. Michael
- B. RC5 stream cipher
- C. Block cipher support
- D. 32-bit ICV (CRC-32)
- E. Sequence counters
正解:A
質問 # 79
......
CWSP-207試験問題集、CWSP-207練習テスト問題:https://jp.fast2test.com/CWSP-207-premium-file.html