Download CWSP Certified Wireless Security Professional.CWSP-206.VCEplus.2019-11-28.60q.vcex

Vendor: CWNP
Exam Code: CWSP-206
Exam Name: CWSP Certified Wireless Security Professional
Date: Nov 28, 2019
File Size: 43 KB
Downloads: 1

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data. What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?
  1. Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.
  2. Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.
  3. Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.
  4. All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.
  5. The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.
Correct answer: A
Question 2
In order to acquire credentials of a valid user on a public hotspot network, what attacks may be conducted? Choose the single completely correct answer.
  1. MAC denial of service and/or physical theft
  2. Social engineering and/or eavesdropping
  3. Authentication cracking and/or RF DoS
  4. Code injection and/or XSS
  5. RF DoS and/or physical theft
Correct answer: B
Question 3
What WLAN client device behavior is exploited by an attacker during a hijacking attack?
  1. After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.
  2. Client drivers scan for and connect to access point in the 2.4 GHz band before scanning the 5 GHz band.
  3. When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.
  4. When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.
  5. As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-to-client connections, even in an infrastructure BSS.
Correct answer: C
Question 4
What software and hardware tools are used in the process performed to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network?
  1. A low-gain patch antenna and terminal emulation software
  2. MAC spoofing software and MAC DoS software
  3. RF jamming device and a wireless radio card 
  4. A wireless workgroup bridge and a protocol analyzer
Correct answer: C
Question 5
Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication. While using an airport hotspot with this security solution, to what type of wireless attack is a user susceptible?
  1. Wi-Fi phishing
  2. Management interface exploits
  3. UDP port redirection
  4. IGMP snooping
Correct answer: A
Question 6
During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text. From a security perspective, why is this significant?
  1. The username can be looked up in a dictionary file that lists common username/password combinations.
  2. The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.
  3. 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.
  4. The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.
Correct answer: D
Question 7
In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal. What statement about the WLAN security of this company is true?
  1. Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.
  2. Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.
  3. A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.
  4. An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.
  5. An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user's 4-Way Handshake.
Correct answer: C
Question 8
The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions. Which one of the following would not be a suitable penetration testing action taken with this tool?
  1. Auditing the configuration and functionality of a WIPS by simulating common attack sequences.
  2. Transmitting a deauthentication frame to disconnect a user from the AP.
  3. Cracking the authentication or encryption processes implemented poorly in some WLANs.
  4. Probing the RADIUS server and authenticator to expose the RADIUS shared secret.
Correct answer: D
Question 9
You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution. In this configuration, the wireless network is initially susceptible to what type of attack?
  1. Offline dictionary attacks
  2. Application eavesdropping
  3. Session hijacking
  4. Layer 3 peer-to-peer
  5. Encryption cracking
Correct answer: A
Question 10
ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MSCHAPv2 has proven vulnerable in improper implementations. As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication?
  1. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.
  2. When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.
  3. MS-CHAPv2 uses AES authentication, and is therefore secure.
  4. MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.
  5. LEAP's use of MS-CHAPv2 is only secure when combined with WEP.
Correct answer: A

Use VCE Exam Simulator to open VCE files


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!