CWSP-207 Sample Questions Answers

802.1X/EAP-TTLS

Open 802.11 authentication with IPSec

802.1X/PEAPv0/MS-CHAPv2

WPA2-Personal with AES-CCMP

EAP-MD5

All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.

Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.

Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.

The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.

Awareness of the exact vendor devices being installed

Management support for the process

End-user training manuals for the policies to be created

Security policy generation software

Enabling encryption to prevent MAC addresses from being sent in clear text

How to prevent non-IT employees from learning about and reading the user security policy

End-user training for password selection and acceptable network use

The exact passwords to be used for administration interfaces on infrastructure devices

Social engineering recognition and mitigation techniques

Only the members of the executive team that are part of the multicast group configured on the media server

All clients that are associated to the AP using the ABCData SSID

All clients that are associated to the AP using any SSID

All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.

They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.

The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).

They are added together and used as the GMK, from which the GTK is derived.

They are input values used in the derivation of the Pairwise Transient Key.

They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.

An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.

APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

RADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.

Remote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.

Implement separate controllers for the corporate and guest WLANs.

Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.

Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.

Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.

Force all guest users to use a common VPN protocol to connect.

1 GTK – 8 PTKs

2 GTKs – 5 PTKs

2 GTKs – 8 PTKs

3 GTKs – 8 PTKs

EAP-FAST

EAP-TLS

PEAPv0/EAP-MSCHAPv2

LEAP

PEAPv0/EAP-TLS

EAP-TTLS/MSCHAPv2

The client will be the authenticator in this scenario.

The client STAs must use a different, but complementary, EAP type than the AP STAs.

The client STAs may communicate over the uncontrolled port in order to authenticate as soon as Open System authentication completes.

The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.

AKM Suite List

Group Cipher Suite

RSN Capabilities

Pairwise Cipher Suite List

EAPoL Reject frame flood against a rogue AP

Evil twin attack against a rogue AP

Deauthentication attack against a classified neighbor AP

ASLEAP attack against a rogue AP

Uses SNMP to disable the switch port to which rogue APs connect

WIPS sensor software installed on a laptop computer

Spectrum analyzer software installed on a laptop computer

An autonomous AP mounted on a mobile cart and configured to operate in monitor mode

Laptop-based protocol analyzer with multiple 802.11n adapters

STA-1 initiates open authentication and 802.11 association with each AP prior to roaming.

The WLAN controller is querying the RADIUS server for authentication before the association of STA-1 is moved from one AP to the next.

STA-1 controls when and where to roam by using signal and performance metrics in accordance with the chipset drivers and 802.11k.

The WLAN controller controls the AP to which STA-1 is associated and transparently moves this association in accordance with the physical location of STA-1.

Configuration distribution for autonomous APs

Wireless vulnerability assessment

Application-layer traffic inspection

Analysis and reporting of AP CPU utilization

Policy enforcement and compliance management

Time Difference of Arrival (TDoA)

Angle of Arrival (AoA)

Trilateration of RSSI measurements

GPS Positioning

RF Fingerprinting

Authorized PEAP usernames must be added to the WIPS server’s user database.

WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

Separate security profiles must be defined for network operation in different regulatory domains

Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

MAC Spoofing

Eavesdropping

Hot-spotter

Soft AP

Deauthentication flood

EAP flood

IPSec VPN client and server software

Internet firewall software

Wireless intrusion prevention system

WLAN endpoint agent software

RADIUS proxy server

Require Port Address Translation (PAT) on each laptop.

Require secure applications such as POP, HTTP, and SSH.

Require VPN software for connectivity to the corporate network.

Require WPA2-Enterprise as the minimal WLAN security solution.

In home networks in which file and printer sharing is enabled

At public hot-spots in which many clients use diverse applications

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

In university environments using multicast video training sourced from professor’s laptops

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

EAP-TLS must be implemented in such scenarios.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

A trained employee should install and configure a WIPS for rogue detection and response measures.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.