CWNP CWSP-205 問題集

質問 1：
What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?
A. Require WPA2-Enterprise as the minimal WLAN security solution.
B. Require VPN software for connectivity to the corporate network.
C. Require Port Address Translation (PAT) on each laptop.
D. Require secure applications such as POP, HTTP, and SSH.
正解：B

質問 2：
Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).
How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?
A. The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.
B. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.
C. The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.
D. The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.
正解：B

質問 3：
Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.
What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?
A. LEAP
B. EAP-FAST
C. PEAPv0/EAP-MSCHAPv2
D. EAP-TTLS/MSCHAPv2
E. PEAPv0/EAP-TLS
F. EAP-TLS
正解：F

質問 4：
When used as part of a WLAN authentication solution, what is the role of LDAP?
A. A SQL compliant authentication service capable of dynamic key generation and distribution
B. A data retrieval protocol used by an authentication service such as RADIUS
C. An IEEE X.500 standard compliant database that participates in the 802.1X port-based access control process
D. An Authentication Server (AS) that communicates directly with, and provides authentication for, the Supplicant.
E. A role-based access control protocol for filtering data to/from authenticated stations.
正解：B

質問 5：
Joe's new laptop is experiencing difficulty connecting to ABC Company's 802.11 WLAN using 802.1X/EAP PEAPv0. The company's wireless network administrator assured Joe that his laptop was authorized in the WIPS management console for connectivity to ABC's network before it was given to him. The WIPS termination policy includes alarms for rogue stations, roque APs, DoS attacks and unauthorized roaming.
What is a likely reason that Joe cannot connect to the network?
A. Joe configured his 802.11 radio card to transmit at 100 mW to increase his SNR. The WIPS is detecting this much output power as a DoS attack.
B. Joe's integrated 802.11 radio is sending multiple Probe Request frames on each channel.
C. An ASLEAP attack has been detected on APs to which Joe's laptop was trying to associate. The WIPS responded by disabling the APs.
D. Joe disabled his laptop's integrated 802.11 radio and is using a personal PC card radio with a different chipset, drivers, and client utilities.
正解：D

質問 6：
In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?
A. At public hot-spots in which many clients use diverse applications
B. In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities
C. In university environments using multicast video training sourced from professor's laptops
D. In home networks in which file and printer sharing is enabled
正解：A

質問 7：
Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console.
What kind of system should be installed to provide the required compliance reporting and forensics features?
A. WNMS
B. WIPS overlay
C. Cloud management platform
D. WIPS integrated
正解：B

質問 8：
What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?
A. The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.
B. The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.
C. The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.
D. The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.
正解：C

質問 9：
Given: A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication.
For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?
A. WIPS support and integration
B. Internal RADIUS server
C. WPA2-Enterprise authentication/encryption
D. 802.1Q VLAN trunking
E. SNMPv3 support
正解：B