CWNP CWSP-207 問題集

質問 1：
Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other users' traffic, the attacker must obtain certain information from the 4-way handshake of the other users.
In addition to knowing the Pairwise Master Key (PMK) and the supplicant's address (SA), what other three inputs must be collected with a protocol analyzer to recreate encryption keys? (Choose 3)
A. Supplicant nonce
B. Authenticator address (BSSID)
C. Authenticator nonce
D. Authentication Server nonce
E. GTKSA
正解：A,B,C

質問 2：
Wireless Intrusion Prevention Systems (WIPS) are used for what purposes? (Choose 3)
A. Preventing physical carrier sense attacks
B. Security monitoring and notification
C. Detecting and defending against eavesdropping attacks
D. Performance monitoring and troubleshooting
E. Classifying wired client devices
F. Enforcing wireless network security policy
正解：B,D,F

質問 3：
ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.
What types of wireless attacks are protected by 802.11w? (Choose 2)
A. Robust management frame replay attacks
B. Social engineering attacks
C. Layer 2 Disassociation attacks
D. RF DoS attacks
正解：A,C

質問 4：
Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.
In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)
A. Intruders can send spam to the Internet through the guest VLAN.
B. Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.
C. Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.
D. Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.
E. Unauthorized users can perform Internet-based network attacks through the WLAN.
正解：A,E

質問 5：
Given: XYZ Hospital plans to improve the security and performance of their Voice over Wi-Fi implementation and will be upgrading to 802.11n phones with 802.1X/EAP authentication. XYZ would like to support fast secure roaming for the phones and will require the ability to troubleshoot reassociations that are delayed or dropped during inter-channel roaming.
What portable solution would be recommended for XYZ to troubleshoot roaming problems?
A. An autonomous AP mounted on a mobile cart and configured to operate in monitor mode
B. Laptop-based protocol analyzer with multiple 802.11n adapters
C. WIPS sensor software installed on a laptop computer
D. Spectrum analyzer software installed on a laptop computer
正解：B

質問 6：
Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).
How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?
A. The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a
4-Way Handshake prior to user authentication.
B. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.
C. The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.
D. The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.
正解：B

質問 7：
Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)
A. Wireless vulnerability assessment
B. Policy enforcement and compliance management
C. Configuration distribution for autonomous APs
D. Application-layer traffic inspection
E. Analysis and reporting of AP CPU utilization
正解：A,B