CWNP CWSP-205 問題集

質問 1：
The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?
A. Passphrase-to-PSK mapping
B. RADIUS shared secret lookup
C. 4-Way Handshake
D. Group Key Handshake
E. DHCP Discovery
F. 802.1X/EAP authentication
正解：F

質問 2：
Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly. When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful. Before using the WLAN protocol analyzer, Mary's laptop connected to the network without any problems.
What statement indicates why Mary cannot access the network from her laptop computer?
A. The nearby WIPS sensor categorized Mary's protocol analyzer adapter as a threat and is performing a deauthentication flood against her computer.
B. The PEAP client's certificate was voided when the protocol analysis software assumed control of the wireless adapter.
C. The protocol analyzer's network interface card (NIC) drivers are still loaded and do not support the version of PEAP being used.
D. Mary's supplicant software is using PEAPv0/EAP-MSCHAPv2, and the access point is using PEAPv1/EAP-GTC.
正解：C

質問 3：
Given: You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution.
In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)
A. Offline dictionary attacks
B. Session hijacking
C. Encryption cracking
D. Layer 3 peer-to-peer
E. Layer 1 DoS
F. Application eavesdropping
正解：A,E

質問 4：
What security benefits are provided by endpoint security solution software? (Choose 3)
A. Can restrict client connections to networks with specific SSIDs and encryption types
B. Can be used to monitor for and prevent network attacks by nearby rogue clients or APs
C. Can prevent connections to networks with security settings that do not conform to company policy
D. Can collect statistics about a user's network use and monitor network threats while they are connected
正解：A,C,D

質問 5：
Given: Your organization is using EAP as an authentication framework with a specific type that meets the requirements of your corporate policies.
Which one of the following statements is true related to this implementation?
A. The client STAs may communicate over the controlled port in order to authenticate as soon as the Open System authentication completes.
B. The client STAs must use a different, but complementary, EAP type than the AP STAs.
C. The client STAs may communicate over the uncontrolled port in order to authenticate as soon as Open System authentication completes.
D. The client will be the authenticator in this scenario.
正解：C

質問 6：
Select the answer option that arranges the numbered events in the correct time sequence (first to last) for a client associating to a BSS using EAP-PEAPv0/MSCHAPv2.
1.Installation of PTK
2.Initiation of 4-way handshake
3.Open system authentication
4.802.11 association
5.802.1X controlled port is opened for data traffic
6.Client validates server certificate
7.AS validates client credentials
A. 4-3-5-2-7-6-1
B. 4-3-2-7-6-1-5
C. 5-3-4-2-6-7-1
D. 6-1-3-4-2-7-5
E. 3-4-7-6-5-2-1
F. 3-4-6-7-2-1-5
正解：F

質問 7：
A WLAN is implemented using WPA-Personal and MAC filtering.
To what common wireless network attacks is this network potentially vulnerable? (Choose 3)
A. ASLEAP
B. Offline dictionary attacks
C. MAC Spoofing
D. DoS
正解：B,C,D

質問 8：
What security vulnerabilities may result from a lack of staging, change management, and installation procedures for WLAN infrastructure equipment? (Choose 2)
A. The WLAN system may be open to RF Denial-of-Service attacks
B. WIPS may not classify authorized, rogue, and neighbor APs accurately
C. AES-CCMP encryption keys may be decrypted
D. Authentication cracking of 64-bit Hex WPA-Personal PSK
E. Management interface exploits due to the use of default usernames and passwords for AP management
正解：B,E

質問 9：
What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?
A. Pairwise Cipher Suite List
B. AKM Suite List
C. RSN Capabilities
D. Group Cipher Suite
正解：B