[2023] Use Valid New CWSP-206 Test Notes & CWSP-206 Valid Exam Guide [Q61-Q78]

Rate this post

[2023] Use Valid New CWSP-206 Test Notes & CWSP-206 Valid Exam Guide

CWSP-206 Actual Questions Answers PDF 100% Cover Real Exam Questions

The CWSP-206 exam covers a range of topics, including wireless LAN security, wireless network attacks, security policies, regulatory compliance, and much more. CWSP-206 exam is designed to test the candidate’s knowledge and understanding of wireless security best practices, protocols, and technologies.

NO.61 Which of the following key types are defined in the 802.11i Authentication and Key Management (AKM)?
Each correct answer represents a complete solution. Choose all that apply.

Pairwise Master Key (PMK)

Group Master Key (GMK)

Pairwise Transient Key (PTK)

Group Temporal Key (GTK)

NO.62 Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

Provide two or more user groups connected to the same SSID with different levels of network privileges.

Allow access tospecific files and applications based on the user’s WMM access category.

Allow simultaneous support for multiple EAP types on a single access point.

Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.

NO.63 A Cisco Unified Wireless Network has an access point (AP) that provides a single point of management and reduces the security concern of a stolen access point.
Which type of access point has this characteristic?

Rouge AP

Autonomous AP

Lightweight AP

LWAPP

NO.64 Which of the following wireless security protocols is defined in IEEE 802.11 pre-RSNA security?

TKIP

WEP

EAP

CCMP

NO.65 Which of the following DoS attacks affects mostly Windows computers by sending corrupt UDP packets?

Fraggle

Smurf

Bonk

Ping flood

NO.66 In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce?

They are added together and used as the GMK, fromwhich the GTK is derived.

They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.

The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).

They are input values used in the derivation of the Pairwise Transient Key.

NO.67 ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each groupwithin the company (Marketing, Sales, and Engineering). How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a
4-Way Handshake prior to user authentication.

The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.

The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.

The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.

NO.68 Which of the following protocols is designed to provide more secure encryption than the weak wired encryption privacy?

LEAP

TKIP

PEAP

CCMP

NO.69 Many corporations configure guest VLANs on their WLAN controllers that allowvisitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks. In this deployment, what risk is still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering featureenabled?

Intruders can send spam to the Internet through the guest VLAN.

Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

NO.70 After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify the security threats?

Separate security profiles must be defined for network operation in different regulatory domains.

WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

Authorized PEAP usernames must be added to the WIPS server’s user database.

NO.71 Which of the following are the three main intended goals of WEP encryption? Each correct answer represents a complete solution. Choose all that apply.

Access control

Authentication

Data integrity

Confidentiality

NO.72 Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies. Which one of the following statements is true related to this implementation?

The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.

The client STAs may communicate over the uncontrolled port in order to authenticate as soon as the Open System authentication completes.

The client STAs may use a different, but complementary, EAP type than the AP STAs.

The client will be the authenticator in this scenario.

NO.73 ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS-CHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hotspot include:
* Cannot access corporate network resources
* Network permissions are limited to Internet access
* All stations must be authenticated
What security controls would you suggest? (Choose the single best answer.)

Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.

Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.

Implement separate controllers for the corporate and guest WLANs.

Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.

Force all guest users to use a common VPN protocol to connect.

NO.74 Peter works as a Network Administrator for the uCertify Inc. The company has a Windows-based network. All client computers run the Windows XP operating system. The employees of the company complain that suddenly all of the client computers have started working slowly. Peter finds that a malicious hacker is attempting to slow down the computers by flooding the network with a large number of requests. Which of the following attacks is being implemented by the malicious hacker?

Buffer overflow attack

Denial-of-Service (DoS) attack

SQL injection attack

Man-in-the-middle attack

NO.75 Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM.
What device functions as the 802.1X/ EAP Authenticator?

WLAN Controller/AP

MacBook Pro

SRV21

RADIUS server

NO.76 Which of the following keys is derived from Group Master Key (GMK)?

Private Key

Group Temporal Key

Public Key

Pairwise Transient Key

NO.77 Which of the following attacks on wireless LAN is performed to shut down the wireless network?

Active attack

Man-in-the-middle attack

Passive attack

Jamming attack

NO.78 A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs.
Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:
1. SSID Blue – VLAN 10 – Lightweight EAP (LEAP) authentication – CCMP
cipher suite
2. SSID Red – VLAN 20 – PEAPv0/EAP-TLS authentication – TKIP cipher
suite
The consultant’s computer can successfully authenticate and browse the Internet when using the Blue SSID. The same computer cannot authenticate when using the Red SSID. What is a possible cause of the problem?

The consultant does not have a valid Kerberos ID on the Blue VLAN.

The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.

The TKIP cipher suite is not a valid option for PEAPv0 authentication.

The Red VLAN does not use server certificate, but the client requires one.

CWSP-206 Exam questions and answers: https://www.dumpstorrent.com/CWSP-206-exam-dumps-torrent.html

[2023] Use Valid New CWSP-206 Test Notes & CWSP-206 Valid Exam Guide [Q61-Q78]

admin

Leave a Reply Cancel reply