PW0-204 Certified Wireless Security Professional (CWSP) Exam Set 2

You work as a Network Administrator for SpyNet Inc. The company has a Windows-based network. You have been assigned the task of auditing the scheduled network security. After a regular audition, you suspect that the company is under attack by an intruder trying to gain access to the company's network resources. While analyzing the log files, you find that the IP address of the intruder belongs to a trusted partner company. Assuming this situation, which of the following attacks is the company being subjected to?


Options are :

  • Man-in-the-middle
  • Spoofing
  • Phreaking
  • CookieMonster

Answer : Spoofing

CWNA-106 Certified Wireless Network Administrator Exam Set 1

Your client has a brand new laptop. He is trying to connect to his home network, which is using an older (802.11b) wireless router. The router is set for encryption but not MAC filtering. What is the most likely problem?


Options are :

  • His laptop has a newer operating system that cannot communicate with the router.
  • His laptop is using the WPA encryption protocol.
  • The laptop does not have a wireless NIC.
  • His physical address for the laptop is not in the router.

Answer : His laptop is using the WPA encryption protocol.

Which of the following would be the most help against Denial of Service (DOS) attacks?


Options are :

  • Network surveys.
  • Packet filtering firewall
  • Stateful Packet Inspection (SPI) firewall
  • Honey pot

Answer : Stateful Packet Inspection (SPI) firewall

You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate the DoS attack on a computer network of SecureEnet Inc. Which of the following methods will you perform to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Sniff network traffic to the failing machine.
  • Look for core files or crash dumps on the affected systems.
  • Seize all computers and transfer them to the Forensic lab.
  • Look for unusual traffic on Internet connections and network segments.

Answer : Sniff network traffic to the failing machine. Look for core files or crash dumps on the affected systems. Look for unusual traffic on Internet connections and network segments.

PW0-105 Certified Wireless Network Administrator Exam Set 2

You work as a Network Administrator for uCertify Inc. You need to set up a management system on your network. Which of the following protocols will you use to manage your network?


Options are :

  • IP
  • SNMP
  • HTTP
  • TCP

Answer : SNMP

Your company is going to add wireless connectivity to the existing LAN. You have concerns about the security of the wireless access and wish to implement encryption. Which of the following would be the best choice for you to use?


Options are :

  • DES
  • WAP
  • WEP
  • PKI

Answer : WEP

Which of the following is an infrastructure system that allows the secure exchange of data over an unsecured network?


Options are :

  • PTK
  • PKI
  • GTK
  • PMK

Answer : PKI

PW0-105 Certified Wireless Network Administrator Exam Set 3

Which of the following is an intermediate network similar to RSN that supports legacy security such as WEP within the same BSS?


Options are :

  • TSN
  • WPA2
  • VPN
  • WPA

Answer : TSN

Which of the following keys is derived by Pairwise Master Key (PMK)?


Options are :

  • Private Key
  • Group Temporal Key
  • Pairwise Transient Key
  • Public Key

Answer : Pairwise Transient Key

Which of the following features of a switch helps to protect network from MAC flood and MAC spoofing?


Options are :

  • Quality of Service (QoS)
  • Port security
  • Multi-Authentication
  • MAC Authentication Bypass

Answer : Port security

PW0-104 Wireless LAN Administration Certified Practice Exam Set 3

A government agency has allowed its employees to telecommute from WLAN hot-spots. After implementing this policy, there occurred a sharp increase in the exposure and exploitation of sensitive government data. The WLAN administrator has been tasked with securing remote user laptop computers so that telecommuting can be continued indefinitely. What steps does the WLAN Administrator take to secure these laptop computers during use at wireless hot-spots?


Options are :

  • Install wireless LAN client utilities with mandatory use of WPA2-Enterprise security on all laptops
  • Install WLAN protocol analyzer software which allows the admin to remotely monitor for wireless intrusionsto each laptop
  • Require each user to utilize a portable NAT-capable wireless router while connected to thehot-spotnetwork.
  • Install personal firewall software and VPN end-point software on all laptops

Answer : Install personal firewall software and VPN end-point software on all laptops

PW0-104 Wireless LAN Administration Practice Exam Set 1

XYZ Corporation has hired you to audit their WLAN network security measures. XYZ Corp currently has the following security measures in place: 1) All access points have non-default management interface passwords 2) Access points have been configured not to broadcast their SSID in Beacons or to respond to Probe Request frames with null SSID values 3) 128-bit WEP is in use by all access point and wireless client devices 4) MAC filters are implemented on all access points to allow only authorized users 5) Wireless Intrusion Prevention System (WIPS) with rogue detection and prevention Your task is to compromise XYZ Corp's wireless network by gaining access to sensitive data. How do you start your initial attack against the WLAN, given the above security measures?


Options are :

  • Locate the WLAN using a WLAN protocol analyzer. Gain access to sensitive data by attacking WEP securityusing a WEP cracking utility and putting the WEP key into the protocol analyzer.
  • Locate the WLAN and obtain the WEP key using a spectrum analyzer. Put the WEP key into a WLAN clientdevice and access the wired network. Since the correct WEP key is being used, the WIPS will not detectyour client as a rogue device.
  • Locate the WLAN and obtain the SSID using Kismet. Put the SSID into a protocol analyzer, and thendecode frames looking for HTTP logins to a captive portal or an access point. Use the HTTP login to gainaccess to the wired network.
  • Locate the WLAN using Netstumbler. Compromise data security by using a narrowband RF jamming deviceagainst an access point. Use a WLAN client device to gain access to the wired network through the jammedaccess point.

Answer : Locate the WLAN using a WLAN protocol analyzer. Gain access to sensitive data by attacking WEP securityusing a WEP cracking utility and putting the WEP key into the protocol analyzer.

Two IT administrators at ABC Corporation are debating the differences between WPA2 and Layer 3 VPN technologies. The IT Director settles the dispute by explaining how WPA2 secures the WLAN data frame payloads. Which description of this process is correct in describing how WPA2 secures wireless data transmissions?


Options are :

  • WPA2 encodes layer 2 addresses with a 64-bit offset and encrypts the layer 3 and layer 4 addresses only.
  • WPA2 encrypts layer 3 through layer 7 payloads while leaving layer 2 source and destination addressesexposed.
  • WPA2 encrypts layer 2 addresses and encrypts the layer 3 through layer 7 payloads.
  • WPA2 leaves the layer 2 and layer 3 addresses exposed while encrypting layer 4 through layer 7 payloads.

Answer : WPA2 encrypts layer 3 through layer 7 payloads while leaving layer 2 source and destination addressesexposed.

The 802.11i-2004 amendment defines and supports what three cipher suites? (Choose three)


Options are :

  • CCMP
  • PSK
  • TKIP
  • WEP

Answer : CCMP TKIP WEP

PW0-071 Certified Wireless Technology Specialist Sales Exam Set 1

As a consultant, you are explaining the risks of WLAN Denial-of-Service (DoS) attacks to a group of engineers at ABC Corporation. They understand DoS attacks, but do not understand wireless technology very well. You inform the engineers that there are multiple WLAN DoS attacks that must be mitigated as part of a security strategy. Which DoS attacks do you mention in your discussion with the group of engineers? (Choose three)


Options are :

  • Wideband RF jamming
  • 802.11 deauthentication
  • EAP-Start flooding
  • Use of 2.4 GHz cordless phones

Answer : Wideband RF jamming 802.11 deauthentication EAP-Start flooding

WLAN protocol analyzers can decrypt data frames in real time when the data frames are encrypted with which security mechanisms? (Choose two)


Options are :

  • WPA-Personal
  • WPA2-Enterprise
  • IPSec/ESP
  • PPTP/MPPE
  • WEP-128

Answer : WPA-Personal WEP-128

ABC Corporation, a software development organization, wishes to test their own LDAP implementation in a live wireless environment. Choose the appropriate ways to use LDAP for user authentication in a WLAN environment. (Choose three)


Options are :

  • An access point using PEAPv1/EAP-GTC sends an authentication request to the LDAP server whichproxies the request to a TACACS+ server for user credential authentication
  • A enterprise encryption gateway (EEG) sends an authentication request to an access control server whichproxies the request to a TACACS+ server, which in turn forwards auser credential request to the LDAPserver for verification
  • An enterprise wireless gateway (EWG) directly queries the LDAP server for user credential information
  • A WLAN switch using EAP-TTLS authentication sends a user authentication request to a RADIUS server.The RADIUS server queries the LDAP server for user credential information.

Answer : A enterprise encryption gateway (EEG) sends an authentication request to an access control server whichproxies the request to a TACACS+ server, which in turn forwards auser credential request to the LDAPserver for verification An enterprise wireless gateway (EWG) directly queries the LDAP server for user credential information A WLAN switch using EAP-TTLS authentication sends a user authentication request to a RADIUS server.The RADIUS server queries the LDAP server for user credential information.

CWNA-106 Certified Wireless Network Administrator Exam Set 2

An attacker captures a wireless frame, modifies it, recalculates its ICV, and retransmits the modified frame to the intended destination. What type of attack is this, and what is the mitigating solution?


Options are :

  • Bit-flipping attack - Strong Message Integrity Check (MIC)
  • Authentication attack - Replace passwords with x.509 certificates
  • En-route attack - CRC-32 checksum
  • Man-in-the-middle attack - 802.11i per-frame authentication

Answer : Bit-flipping attack - Strong Message Integrity Check (MIC)

What statements describe the AES-CCMP data protection mechanism implemented by the 802.11i-2004 amendment?


Options are :

  • Protects the integrity of both the MPDU Data field and selected portions of the MPDU header.
  • Uses the 256-bit Rijndael encryption algorithm to protect the MPDU Data field.
  • Has support for CCMP using a 128-bit key that is mandatory for Robust Security Network (RSN) compliancewhen not using TKIP.
  • Uses either the RC4 stream cipher or 3DES block cipher to encrypt the MPDU Data field.

Answer : Protects the integrity of both the MPDU Data field and selected portions of the MPDU header.

What statements are true regarding access point firmware updates? (Choose two)


Options are :

  • A WLAN controller distributes firmware to lightweight access points.
  • A WNMS distributes firmware to autonomous access points.
  • Client devices notify the WNMS when an access point's firmware is out-of-date
  • A WIPS distributes firmware to multiple vendors' autonomous access points.

Answer : A WLAN controller distributes firmware to lightweight access points. A WNMS distributes firmware to autonomous access points.

CWNA-106 Certified Wireless Network Administrator Exam Set 3

An intruder locates an unprotected 802.11b WLAN and gains control of two access points and a wireless bridge using the default SNMP read/write community strings. What types of wireless auditing tools are required for the intruder to locate the WLAN, discover the infrastructure devices, and exploit this particular security hole?


Options are :

  • MacStumbler, OS fingerprinting & port scanning tool, and WEP decryption software
  • Netstumbler, share enumerator, wireless protocol analyzer, and spectrum analyzer
  • IP scanning utility, network management software, access point software, and an RFjamming device
  • Wireless protocol analyzer, IP scanning utility, and network management software

Answer : Wireless protocol analyzer, IP scanning utility, and network management software

ABC Corporation implemented a PPTP/MSCHAPv2/MPPE-128 VPN to secure its 802.11g WLAN one year ago. ABC Corp's VPN concentrator has been using local authentication, and they have steadily grown to match the VPN server's maximum local authentication capacity. As a consultant, you advise the network manager to consider what steps in order to scale this WLAN security solution and to strengthen its security? (Choose two)


Options are :

  • PPTP/RC4 should be changed to PPTP/AES to strengthen the VPN's encryption.
  • Implement WPA2-Personal at layer2 while leaving the PPTP VPN in place to increase scalability
  • Once the VPN server's local database capacity is exceeded, ABC Corp should migrate to IPSec VPNtechnology for greater scalability.
  • ABC Corp's users should implement personal firewall software to prevent peer-to-peer attacks.
  • ABC Corp should use RADIUS for authentication instead of local authentication on the VPN server.

Answer : ABC Corp's users should implement personal firewall software to prevent peer-to-peer attacks. ABC Corp should use RADIUS for authentication instead of local authentication on the VPN server.

What scenario could cause a 'false positive' intrusion alarm in a wireless intrusion prevention system (WIPS)?


Options are :

  • A client device disassociates and reassociates to an AP several times in quick succession due to a lowRSSI value.
  • A client device has a high rate of frame retransmissions due to a noisy RF environment.
  • A reporting delay from a remote RF sensor due to busy WAN links.
  • A rogue access point is located and found to have the same SSID as the authorized network.

Answer : A client device disassociates and reassociates to an AP several times in quick succession due to a lowRSSI value.

PW0-071 Certified Wireless Technology Specialist Sales Exam Set 3

An intruder wants to perform a WLAN hijacking attack against a wireless laptop on its layer 2 and layer 3 connections. This will be followed by a peer attack against open file shares on the wireless laptop. What items must the intruder possess to conduct this attack?


Options are :

  • The channel of the authorized network, a mobile microwave oven, access point software, a spectrumanalyzer, and wireless protocol analysis software
  • The SSID and channel of the authorized network, a narrowband RF jamming device, access point software,and subnet information of the existing network or DHCP server software
  • The SSID of the authorized network, Internet Connection Sharing software, a high power FHSS jammingdevice, and DHCP server software
  • The SSID and channel of the authorized network, a spectrum analyzer, protocol analyzer software, wirelessframe generator software, and DHCP server software

Answer : The SSID and channel of the authorized network, a narrowband RF jamming device, access point software,and subnet information of the existing network or DHCP server software

As a network administrator, you understand the mentality of most war drivers and have implemented a very strong WLAN security solution. From your office window, you spot a war driver in your parking lot using a Yagi antenna and a laptop in his car. You correctly assume that the war driver is attempting to penetrate your WLAN. What should you do next?


Options are :

  • Monitor the WIPS alerts and inform your organization's security personnel to ask the war driver to vacate thepremises.
  • Implement a high-powered RF jamming device on all DSSS channels.
  • Ignore the war driver. You have implemented a secure WLAN solution they cannotpenetrate.
  • Call the police and have the war driver apprehended. Press charges for violations ofregulatory domainlaws.

Answer : Monitor the WIPS alerts and inform your organization's security personnel to ask the war driver to vacate thepremises.

As a wireless security professional working for ABC Corporation, you have a corner office with a window. You notice someone on the roof of the building across the street pointing a Yagi antenna in your building's direction. You deduce that this person is likely trying to attack ABC Corp's WLAN. What are your first steps in thwarting this potential attack? (Choose two)


Options are :

  • Contact the facilities manager of the building across the street and inquire as to the nature of the businessof the individual on top of his building
  • Monitor the intrusion prevention system closely for any alerts and carefully document any findings
  • Broadcast a voice message and email to everyone in the company to refrain from using the WLAN until anintruder suspect can be apprehended
  • Shut down your WLAN until the individual on top of the other building can be identified and questioned as tohis business

Answer : Contact the facilities manager of the building across the street and inquire as to the nature of the businessof the individual on top of his building Monitor the intrusion prevention system closely for any alerts and carefully document any findings

CWNA-106 Certified Wireless Network Administrator Exam Set 1

A university's WLAN administrator is seeking an efficient and effective method of detecting and eliminating rogue access points and wireless Ad Hoc networks across the entire campus. The administrator's friend suggests that the he use a WLAN protocol analyzer to perform a weekly survey of the campus to discover rogues devices. The administrator considers this option and then asks you to offer advice on the subject. What is your advice to the administrator? (Choose two)


Options are :

  • In a campus environment, manual scanning for rogues requires too much time and resources to effectivelyand consistently locate all rogue devices. A system is needed that can inspect the entire campus in realtime.
  • Because WLAN protocol analyzers can see all frames on the wireless medium, they are the mostcomprehensive solution for detecting rogue wireless devices of any kind.
  • WLAN protocol analyzers will not detect rogue devices that do not use the 802.11 protocol frame format.
  • By assigning one IT worker to do weekly scans using a WLAN protocol analyzer, Wi-Fi, Bluetooth, and Infrared rogue access points and Ad Hoc networks can be effectively located and removed.

Answer : In a campus environment, manual scanning for rogues requires too much time and resources to effectivelyand consistently locate all rogue devices. A system is needed that can inspect the entire campus in realtime. WLAN protocol analyzers will not detect rogue devices that do not use the 802.11 protocol frame format.

Given: As the wireless LAN administrator, it is part of your responsibility to detect and eliminate rogue access points. You have educated end users about the dangers of rogue devices and have implemented a security policy sufficient to deter employees from placing rogues on the network. You have located a rogue access point for which no employee will take responsibility for installing. You must assume that someone intentionally placed the rogue access point to attack your network. You determine that the rogue was not present on the network the previous day. By viewing the HTML management interface, you determine that the rogue has only been powered up for 15 minutes. What is your next task to deal with this situation?


Options are :

  • Document the incident and report it to the highest level of management as a breach of security.Contact thepolice.
  • Reconfigure all authorized access points to your organization's default security settings. Leave the rogue inplace as a trap for the intruder.
  • Document the incident. Power down the access point, and take it to the police for fingerprinting tests.
  • Disconnect the rogue access point's wired network connection, and save and analyze its log files

Answer : Disconnect the rogue access point's wired network connection, and save and analyze its log files

ABC Company's lightweight access points periodically go 'off channel' for a short period of time to scan all 802.11a/g Wi-Fi channels to detect and locate rogue access points. When a rogue access point is found, the active security policy requires at least one access point to perform a deauthentication attack against the rogue. What type of WIPS does ABC Company have?


Options are :

  • Hot-standby
  • Autonomous
  • Overlay
  • Integrated

Answer : Integrated

PW0-071 Certified Wireless Technology Specialist Sales Exam Set 1

ABC Company has 6 employees, each of whom uses a laptop with an 802.11a/b/g Mini-PCI card configured for Ad-Hoc mode. These laptops are the only computers in the company. Why is it not possible for ABC Company to have a Wireless Intrusion Prevention System (WIPS) with the existing network configuration?


Options are :

  • Intrusion detection systems work only in switched WLAN environments.
  • Intrusion detection systems use the SNMP protocol, which is incompatible with 802.11 Ad-Hoc mode.
  • In an Ad-Hoc WLAN environment, there is no central management station to which to report intrusions.
  • Most intrusion detection systems by design are incompatible with 802.11Ad-Hocmode.

Answer : In an Ad-Hoc WLAN environment, there is no central management station to which to report intrusions.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions