
[2024年06月06日]CWSP-207試験問題集で100%合格率CWSP-207試験!
試験問題集リアルCWNP CWSP問題集122解答を試そう!
質問 # 41
What attack cannot be detected by a Wireless Intrusion Prevention System (WIPS)?
- A. EAP flood
- B. Eavesdropping
- C. Soft AP
- D. Hot-spotter
- E. MAC Spoofing
- F. Deauthentication flood
正解:B
質問 # 42
Given: You view a protocol analyzer capture decode with the following protocol frames listed in the following order (excluding the ACK frames):
1) 802.11 Probe Request and 802.11 Probe Response
2) 802.11 Auth and another 802.11 Auth
2) 802.11 Assoc Req and 802.11 Assoc Rsp
4) EAPOL-Start
5) EAP Request and EAP Response
6) EAP Request and EAP Response
7) EAP Request and EAP Response
8) EAP Request and EAP Response
9) EAP Request and EAP Response
10) EAP Success
19) EAPOL-Key (4 frames in a row)
What are you seeing in the capture file? (Choose 4)
- A. 802.11 Open System authentication
- B. Wi-Fi Protected Setup with PIN
- C. 4-Way Handshake
- D. WPA2-Enterprise authentication
- E. WPA2-Personal authentication
- F. Active Scanning
- G. 802.1X with Dynamic WEP
正解:A、C、D、F
質問 # 43
Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.
In this remote scenario, what single wireless security practice will provide the greatest security for Fred?
- A. Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots
- B. Use enterprise WIPS on the corporate office network
- C. Use only HTTPS when agreeing to acceptable use terms on public networks
- D. Use WIPS sensor software on the laptop to monitor for risks and attacks
- E. Use an IPSec VPN for connectivity to the office network
- F. Use secure protocols, such as FTP, for remote file transfers.
正解:E
質問 # 44
You must support a TSN as you have older wireless equipment that will not support the required processing of AES encryption. Which one of the following technologies will you use on the network so that a TSN can be implemented that would not be required in a network compliant with 802.11-2012 non-deprecated technologies?
- A. WPA2
- B. WEP
- C. RC4
- D. CCMP
正解:C
質問 # 45
What 802.11 WLAN security problem is directly addressed by mutual authentication?
- A. Offline dictionary attacks
- B. Wireless hijacking attacks
- C. MAC spoofing
- D. Weak password policies
- E. Disassociation attacks
- F. Weak Initialization Vectors
正解:B
質問 # 46
Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.
What security characteristics and/or components play a role in preventing data decryption? (Choose 2)
- A. Encrypted Passphrase Protocol (EPP)
- B. 4-Way Handshake
- C. PLCP Cyclic Redundancy Check (CRC)
- D. Multi-factor authentication
- E. Group Temporal Keys
- F. Integrity Check Value (ICV)
正解:B、E
質問 # 47
What type of WLAN attack is prevented with the use of a per-MPDU TKIP sequence counter (TSC)?
- A. Replay
- B. Session hijacking
- C. Weak-IV
- D. Bit-flipping
- E. Forgery
正解:A
質問 # 48
The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?
- A. DHCP Discovery
- B. 4-Way Handshake
- C. RADIUS shared secret lookup
- D. Passphrase-to-PSK mapping
- E. 802.1X/EAP authentication
- F. Group Key Handshake
正解:E
質問 # 49
Given: You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution.
In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)
- A. Session hijacking
- B. Layer 3 peer-to-peer
- C. Application eavesdropping
- D. Offline dictionary attacks
- E. Encryption cracking
- F. Layer 1 DoS
正解:D、F
質問 # 50
Given: The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.
What single WLAN security feature should be implemented to comply with these requirements?
- A. RADIUS policy accounting
- B. Group authentication
- C. Captive portal
- D. Mutual authentication
- E. Role-based access control
正解:E
質問 # 51
For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?
- A. A location chipset (GPS) must be installed with it.
- B. All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.
- C. At least six antennas must be installed in each sensor.
- D. The RF environment must be sampled during an RF calibration process.
正解:D
質問 # 52
Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?
- A. Allow access to specific files and applications based on the user's WMM access category.
- B. Provide two or more user groups connected to the same SSID with different levels of network privileges.
- C. Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.
- D. Allow simultaneous support for multiple EAP types on a single access point.
正解:B
質問 # 53
While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does notuse significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth.
What kind of signal is described?
- A. An HT-OFDM access point
- B. A high-power, narrowband signal
- C. A 2.4 GHz WLAN transmission using transmit beam forming
- D. A high-power ultra wideband (UWB) Bluetooth transmission
- E. A deauthentication flood from a WIPS blocking an AP
- F. A frequency hopping wireless device in discovery mode
正解:B
質問 # 54
Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other users' traffic, the attacker must obtain certain information from the 4-way handshake of the other users.
In addition to knowing the Pairwise Master Key (PMK) and the supplicant's address (SA), what other three inputs must be collected with a protocol analyzer to recreate encryption keys? (Choose 3)
- A. Supplicant nonce
- B. Authentication Server nonce
- C. GTKSA
- D. Authenticator address (BSSID)
- E. Authenticator nonce
正解:A、D、E
質問 # 55
Given: An 802.1X/EAP implementation includes an Active Directory domain controller running Windows Server 2012 and an AP from a major vendor. A Linux server is running RADIUS and it queries the domain controller for user credentials. A Windows client is accessing the network.
What device functions as the EAP Supplicant?
- A. Access point
- B. Windows client
- C. Linux server
- D. An unlisted WLAN controller
- E. An unlisted switch
- F. Windows server
正解:B
質問 # 56
ABC Company has deployed a Single Channel Architecture (SCA) solution to help overcome some of the common problems with client roaming. In such a network, all APs are configured with the same channel and BSSID. PEAPv0/EAP-MSCHAPv2 is the only supported authentication mechanism.
As the Voice over Wi-Fi (STA-1) client moves throughout this network, what events are occurring?
- A. The WLAN controller controls the AP to which STA-1 is associated and transparently moves this association in accordance with the physical location of STA-1.
- B. STA-1 controls when and where to roam by using signal and performance metrics in accordance with the chipset drivers and 802.11k.
- C. The WLAN controller is querying the RADIUS server for authentication before the association of STA-1 is moved from one AP to the next.
- D. STA-1 initiates open authentication and 802.11 association with each AP prior to roaming.
正解:A
質問 # 57
What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)
- A. EAP-TTLS
- B. LEAP
- C. EAP-TLS
- D. EAP-MD5
- E. PEAPv0/MSCHAPv2
正解:A、C、E
質問 # 58
Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)
- A. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.
- B. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.
- C. In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.
- D. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.
正解:A、C、D
質問 # 59
What are the three roles of the 802.1X framework, as defined by the 802.1X standard, that are performed by the client STA, the AP (or WLAN controller), and the RADIUS server? (Choose 3)
- A. Control Point
- B. Enrollee
- C. Registrar
- D. Authenticator
- E. Supplicant
- F. AAA Server
- G. Authentication Server
正解:D、E、G
質問 # 60
Given: ABC Corporation's 802.11 WLAN is comprised of a redundant WLAN controller pair (N+1) and 30 access points implemented in 2004. ABC implemented WEP encryption with IPSec VPN technology to secure their wireless communication because it was the strongest security solution available at the time it was implemented. IT management has decided to upgrade the WLAN infrastructure and implement Voice over Wi-Fi and is concerned with security because most Voice over Wi-Fi phones do not support IPSec.
As the wireless network administrator, what new security solution would be best for protecting ABC's data?
- A. Migrate corporate data and Voice over Wi-Fi devices to WPA2-Enterprise with fast secure roaming support, and segment Voice over Wi-Fi data on a separate VLAN.
- B. Migrate corporate data clients to WPA-Enterprise and segment Voice over Wi-Fi phones by assigning them to a different frequency band.
- C. Migrate all 802.11 data devices to WPA-Personal, and implement a secure DHCP server to allocate addresses from a segmented subnet for the Voice over Wi-Fi phones.
- D. Migrate to a multi-factor security solution to replace IPSec; use WEP with MAC filtering, SSID hiding, stateful packet inspection, and VLAN segmentation.
正解:A
質問 # 61
What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?
- A. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.
- B. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.
- C. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.
- D. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.
正解:C
質問 # 62
Given: ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service toexisting customers in some public access areas and would like to use their existing database for authentication.
How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?
- A. Implement a RADIUS server and query user authentication requests through the LDAP server.
- B. Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.
- C. Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.
- D. Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.
正解:A
質問 # 63
The following numbered items show some of the contents of each of the four frames exchanged during the
4-way handshake:
1. Encrypted GTK sent
2. Confirmation of temporal key installation
3. Anonce sent from authenticator to supplicant
4. Snonce sent from supplicant to authenticator, MIC included
Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.
- A. 1, 2, 3, 4
- B. 3, 4, 1, 2
- C. 2, 3, 4, 1
- D. 4, 3, 1, 2
正解:B
質問 # 64
Which one of the following describes the correct hierarchy of 802.1X authentication key derivation?
- A. If passphrase-based client authentication is used by the EAP type, the PMK is mapped directly from the user's passphrase. The PMK is then used during the 4-way handshake to create data encryption keys.
- B. The PMK is generated from a successful mutual EAP authentication. When mutual authentication is not used, an MSK is created. Either of these two keys may be used to derive the temporal data encryption keys during the 4-way handshake.
- C. After successful EAP authentication, the RADIUS server generates a PMK. A separate key, the MSK, is derived from the AAA key and is hashed with the PMK to create the PTK and GTK.
- D. The MSK is generated from the 802.1X/EAP authentication. The PMK is derived from the MSK. The PTK is derived from the PMK, and the keys used for actual data encryption are a part of the PTK.
正解:D
質問 # 65
......
あなたを余裕でCWSP-207試験合格させます!100%高合格率保証:https://jp.fast2test.com/CWSP-207-premium-file.html