CWNP CWSP-205 問題集

質問 1：
What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?
A. Pairwise Cipher Suite List
B. AKM Suite List
C. RSN Capabilities
D. Group Cipher Suite
正解：B

質問 2：
Given: Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM.
What device functions as the 802.1X/EAP Authenticator?
A. MacBook Pro
B. RADIUS server
C. SRV21
D. WLAN Controller/AP
正解：D

質問 3：
Given: ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication.
How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?
A. Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.
B. Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.
C. Implement a RADIUS server and query user authentication requests through the LDAP server.
D. Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.
正解：C

質問 4：
Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.
What security characteristics and/or components play a role in preventing data decryption? (Choose 2)
A. PLCP Cyclic Redundancy Check (CRC)
B. 4-Way Handshake
C. Integrity Check Value (ICV)
D. Encrypted Passphrase Protocol (EPP)
E. Group Temporal Keys
F. Multi-factor authentication
正解：B,E

質問 5：
What statement accurately describes the functionality of the IEEE 802.1X standard?
A. Port-based access control, which allows three frame types to traverse the uncontrolled port: EAP, DHCP, and DNS.
B. Port-based access control with EAP encapsulation over the LAN (EAPoL)
C. Port-based access control with support for authenticated-user VLANs only
D. Port-based access control with mandatory support of AES-CCMP encryption
E. Port-based access control with dynamic encryption key management and distribution
正解：B

質問 6：
When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?
A. The 802.1X Controlled Port is blocked until Vender Specific Attributes (VSAs) are exchanged inside a RADIUS packet between the Authenticator and Authentication Server.
B. The 802.1X Controlled Port is always blocked, but the Uncontrolled Port opens after the EAP authentication process completes.
C. The 4-Way Handshake must be performed before the 802.1X Controlled Port changes to the unblocked state.
D. The 802.1X Controlled Port remains blocked until an IP address is requested and accepted by the Supplicant.
正解：C

質問 7：
A WLAN is implemented using WPA-Personal and MAC filtering.
To what common wireless network attacks is this network potentially vulnerable? (Choose 3)
A. ASLEAP
B. Offline dictionary attacks
C. MAC Spoofing
D. DoS
正解：B,C,D

質問 8：
Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization.
What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)
A. The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.
B. RADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.
C. RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.
D. RADIUS can reassign a client's 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.
E. The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.
正解：A,B

質問 9：
---
Given: ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MSCHAPv2 and AES-CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hot-spot include:
Cannot access corporate network resources
Network permissions are limited to Internet access
All stations must be authenticated
What security controls would you suggest? (Choose the single best answer.)
A. Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.
B. Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.
C. Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.
D. Force all guest users to use a common VPN protocol to connect.
E. Implement separate controllers for the corporate and guest WLANs.
正解：C