CWNP CWSP-207 Certified Wireless Security Professional (CWSP) Exam Practice Test

Enabling encryption to prevent MAC addresses from being sent in clear text

How to prevent non-IT employees from learning about and reading the user security policy

End-user training for password selection and acceptable network use

The exact passwords to be used for administration interfaces on infrastructure devices

Social engineering recognition and mitigation techniques

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

EAP-TLS must be implemented in such scenarios.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

A trained employee should install and configure a WIPS for rogue detection and response measures.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

In home networks in which file and printer sharing is enabled

At public hot-spots in which many clients use diverse applications

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

In university environments using multicast video training sourced from professor’s laptops

Awareness of the exact vendor devices being installed

Management support for the process

End-user training manuals for the policies to be created

Security policy generation software

Require Port Address Translation (PAT) on each laptop.

Require secure applications such as POP, HTTP, and SSH.

Require VPN software for connectivity to the corporate network.

Require WPA2-Enterprise as the minimal WLAN security solution.

All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.

A location chipset (GPS) must be installed with it.

At least six antennas must be installed in each sensor.

The RF environment must be sampled during an RF calibration process.

WIPS sensor software installed on a laptop computer

Spectrum analyzer software installed on a laptop computer

An autonomous AP mounted on a mobile cart and configured to operate in monitor mode

Laptop-based protocol analyzer with multiple 802.11n adapters

WPA2-Enterprise authentication

WPA2-Personal authentication

802.11 Open System authentication

802.1X with Dynamic WEP

Wi-Fi Protected Setup with PIN

Active Scanning

4-Way Handshake

EAP-MD5

EAP-TLS

LEAP

PEAPv0/MSCHAPv2

EAP-TTLS

Use an IPSec VPN for connectivity to the office network

Use only HTTPS when agreeing to acceptable use terms on public networks

Use enterprise WIPS on the corporate office network

Use WIPS sensor software on the laptop to monitor for risks and attacks

Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots

Use secure protocols, such as FTP, for remote file transfers.

On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.

During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.

In the WLAN controller’s local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.

Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.

The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.

The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.

The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.

The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.

EAP-TTLS sends encrypted supplicant credentials to the authentication server, but EAP-TLS uses unencrypted user credentials.

EAP-TTLS supports client certificates, but EAP-TLS does not.

EAP-TTLS does not require an authentication server, but EAP-TLS does.

EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP-TLS does.

Only the members of the executive team that are part of the multicast group configured on the media server

All clients that are associated to the AP using the ABCData SSID

All clients that are associated to the AP using any SSID

All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.

RSNA connections require TKIP or CCMP.

RSNA connections require BIP and do not support TKIP, CCMP or WEP.

RSNA connections require CCMP and do not support TKIP or WEP.

RSNA connections do not work in conjunction with VLANs.

A data retrieval protocol used by an authentication service such as RADIUS

An IEEE X.500 standard compliant database that participates in the 802.1X port-based access control process

A SQL compliant authentication service capable of dynamic key generation and distribution

A role-based access control protocol for filtering data to/from authenticated stations.

An Authentication Server (AS) that communicates directly with, and provides authentication for, the Supplicant.

Implement separate controllers for the corporate and guest WLANs.

Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.

Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.

Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.

Force all guest users to use a common VPN protocol to connect.

Authenticator nonce

Supplicant nonce

Authenticator address (BSSID)

GTKSA

Authentication Server nonce

John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.

John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.

John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.

The bank’s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Before connecting to the bank’s website, John’s association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank’s web server and has decrypted John’s login credentials in near real-time.

Weak-IV

Forgery

Replay

Bit-flipping

Session hijacking

All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.

Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.

Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.

The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.

RF jamming device and a wireless radio card

A low-gain patch antenna and terminal emulation software

A wireless workgroup bridge and a protocol analyzer

DHCP server software and access point software

MAC spoofing software and MAC DoS software

Transmitting a deauthentication frame to disconnect a user from the AP.

Auditing the configuration and functionality of a WIPS by simulating common attack sequences

Probing the RADIUS server and authenticator to expose the RADIUS shared secret

Cracking the authentication or encryption processes implemented poorly in some WLANs

MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

MS-CHAPv2 is subject to offline dictionary attacks.

LEAP’s use of MS-CHAPv2 is only secure when combined with WEP.

MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

MS-CHAPv2 uses AES authentication, and is therefore secure.

When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

Management interface exploit attacks are attacks that use social engineering to gain credentials from managers.

Zero-day attacks are always authentication or encryption cracking attacks.

RF DoS attacks prevent successful wireless communication on a specific frequency or frequency range.

Hijacking attacks interrupt a user’s legitimate connection and introduce a new connection with an evil twin AP.

Social engineering attacks are performed to collect sensitive information from unsuspecting users

Association flood attacks are Layer 3 DoS attacks performed against authenticated client stations

Offline dictionary attacks

MAC Spoofing

ASLEAP

DoS