CWSP-207 Practice Exam Questions with Answers Certified Wireless Security Professional (CWSP) Certification

Configuration distribution for autonomous APs

Wireless vulnerability assessment

Application-layer traffic inspection

Analysis and reporting of AP CPU utilization

Policy enforcement and compliance management

All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.

A location chipset (GPS) must be installed with it.

At least six antennas must be installed in each sensor.

The RF environment must be sampled during an RF calibration process.

MAC Spoofing

Eavesdropping

Hot-spotter

Soft AP

Deauthentication flood

EAP flood

Time Difference of Arrival (TDoA)

Angle of Arrival (AoA)

Trilateration of RSSI measurements

GPS Positioning

RF Fingerprinting

Token cards must be used for authentication.

Dynamic WEP-104 encryption must be enabled.

WEP may not be used for encryption.

WPA-Personal must be supported for authentication and encryption.

WLAN controllers and APs must not support SSHv1.

Social engineering and/or eavesdropping

RF DoS and/or physical theft

MAC denial of service and/or physical theft

Authentication cracking and/or RF DoS

Code injection and/or XSS

Wireless adapter failure analysis.

Interference source location.

Fast secure roaming problems.

Narrowband DoS attack detection.

Management interface exploit attacks are attacks that use social engineering to gain credentials from managers.

Zero-day attacks are always authentication or encryption cracking attacks.

RF DoS attacks prevent successful wireless communication on a specific frequency or frequency range.

Hijacking attacks interrupt a user’s legitimate connection and introduce a new connection with an evil twin AP.

Social engineering attacks are performed to collect sensitive information from unsuspecting users

Association flood attacks are Layer 3 DoS attacks performed against authenticated client stations

Man-in-the-middle

Hijacking

ASLEAP

DoS

Weak-IV

Forgery

Replay

Bit-flipping

Session hijacking

802.1X/EAP-TTLS

Open 802.11 authentication with IPSec

802.1X/PEAPv0/MS-CHAPv2

WPA2-Personal with AES-CCMP

EAP-MD5

Rogue APs

DoS

Eavesdropping

Social engineering

The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.

The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.

4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.

The username can be looked up in a dictionary file that lists common username/password combinations.

Intruders can send spam to the Internet through the guest VLAN.

Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

Unauthorized users can perform Internet-based network attacks through the WLAN.

Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

Enrollee

Registrar

AAA Server

Authentication Server

Supplicant

Authenticator

Control Point

EAP-TTLS sends encrypted supplicant credentials to the authentication server, but EAP-TLS uses unencrypted user credentials.

EAP-TTLS supports client certificates, but EAP-TLS does not.

EAP-TTLS does not require an authentication server, but EAP-TLS does.

EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP-TLS does.

Can prevent connections to networks with security settings that do not conform to company policy

Can collect statistics about a user’s network use and monitor network threats while they are connected

Can restrict client connections to networks with specific SSIDs and encryption types

Can be used to monitor for and prevent network attacks by nearby rogue clients or APs

Option-1 – Access Control

Option-2 – Authorization

Option-3 – Accounting

Option-1 – Authentication

Option-2 – Accounting

Option-3 – Association

Option-1 – Authorization

Option-2 – Access Control

Option-3 – Association

Option-1 – Authentication

Option-2 – Accounting

Option-3 – Authorization

Configure WPA2-Enterprise security on the access point

Block TCP port 25 and 80 outbound on the Internet router

Require client STAs to have updated firewall and antivirus software

Allow only trusted patrons to use the WLAN

Use a WIPS to monitor all traffic and deauthenticate malicious stations

Implement a captive portal with an acceptable use disclaimer

The MIC is used as a first layer of validation to ensure that the wireless receiver does not incorrectly process corrupted signals.

The MIC provides for a cryptographic integrity check against the data payload to ensure that it matches the original transmitted data.

The MIC is a hash computation performed by the receiver against the MAC header to detect replay attacks prior to processing the encrypted payload.

The MIC is a random value generated during the 4-way handshake and is used for key mixing to enhance the strength of the derived PTK.

Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.

Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.

Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.

The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.

User external antennas.

Use internal antennas.

Power the APs using PoE.

Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

A trained employee should install and configure a WIPS for rogue detection and response measures.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Awareness of the exact vendor devices being installed

Management support for the process

End-user training manuals for the policies to be created

Security policy generation software

Enabling encryption to prevent MAC addresses from being sent in clear text

How to prevent non-IT employees from learning about and reading the user security policy

End-user training for password selection and acceptable network use

The exact passwords to be used for administration interfaces on infrastructure devices

Social engineering recognition and mitigation techniques

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

EAP-TLS must be implemented in such scenarios.

In home networks in which file and printer sharing is enabled

At public hot-spots in which many clients use diverse applications

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

In university environments using multicast video training sourced from professor’s laptops

Require Port Address Translation (PAT) on each laptop.

Require secure applications such as POP, HTTP, and SSH.

Require VPN software for connectivity to the corporate network.

Require WPA2-Enterprise as the minimal WLAN security solution.