PW0-270 Certified Wireless Analysis Professional (CWAP) Exam Set 1

Which 802.1X/EAP type allows a maximum of three phases of authentication?


Options are :

  • PEAPv1/EAP-GTC
  • PEAPv0/EAP-MSCHAPv2
  • EAP-TTLS/MS-CHAPv2
  • EAP-FAST

Answer : EAP-FAST

CWNA-106 Certified Wireless Network Administrator Exam Set 3

ABC Corporation has hired you to review their wireless network security design. Part of the design allows for clients to establish a secure wireless VPN connection with the corporate network from local Wi-Fi hot-spots. ABC Corporation is considering L2TP as the tunneling protocol. Why will L2TP alone NOT fit this particular security configuration?


Options are :

  • L2TP will not work over 802.11 networks because of address translation requirements.
  • L2TP builds a non-IP tunnel between source and destination. Non-IP tunnels cannot be routed over theInternet.
  • L2TP does not natively implement encryption. Tunneled traffic is still susceptible to eavesdropping.
  • L2TP builds a non-IP tunnel between source and destination. Non-IP tunnels cannot be routed over theInternet.

Answer : L2TP does not natively implement encryption. Tunneled traffic is still susceptible to eavesdropping.

According to its corporate security policy, ABC Company is creating a 'WLAN Security and Performance' checklist to assure that all autonomous access point deployments are consistently secure and maximize performance. What item does not belong on such a checklist?


Options are :

  • WIPS mode is enabled on each AP
  • Preauthentication is enabled
  • Default passwords are changed
  • Cipher suite is CCMP

Answer : WIPS mode is enabled on each AP

Which of the following protocols is used to provide security for network traffic transmitted across a TCP/IP network?


Options are :

  • TCP
  • IPSec
  • UDP
  • IP

Answer : IPSec

PW0-071 Certified Wireless Technology Specialist Sales Exam Set 1

Given: The enhanced confidentiality, data authentication, and replay protection mechanisms of the 802.11i-2004 amendment require fresh cryptographic keys. What wireless components are defined by the 802.11i- 2004 amendment to provide fresh cryptographic keys? (Choose three)


Options are :

  • AES-CCMP Handshake
  • Group Handshake
  • STAKey Handshake
  • 4-Way Handshake
  • EAPoL Handshake
  • 802.1X/EAP Handshake

Answer : Group Handshake STAKey Handshake 4-Way Handshake

Which protocols that are used to manage WLAN infrastructure devices support authentication and encryption? (Choose three)


Options are :

  • HTTPS
  • SNMPv3
  • POP3/SSL
  • SSH2

Answer : HTTPS SNMPv3 SSH2

Which of the following attacks are prevented from a mutual authentication solution?Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Hijacking
  • Phishing
  • Man-in-the-middle attack
  • Eavesdropping attack

Answer : Hijacking Phishing Man-in-the-middle attack

PW0-104 Wireless LAN Administration Practice Exam Set 3

Which WLAN authentication protocols support mutual authentication without the use of x.509 digital certificates? (Choose two)


Options are :

  • 802.1X/LEAP
  • 802.1X/EAP-TLS
  • 802.1X/EAP-TTLS/MS-CHAPv2
  • 802.1X/EAP-FAST
  • 802.1X/PEAPv0/EAP-MSCHAPv2
  • 802.1X/PEAPv1/EAP-GTC

Answer : 802.1X/LEAP 802.1X/EAP-FAST

Which statement describes a potential architectural performance disadvantage of some WLAN controllers with centralized forwarding and controller-based access points in a large-scale WLAN deployment?


Options are :

  • Data encryption/decryption is always performed on the WLAN controller.
  • The 802.11 distribution system (DS) is located in the WLAN controller software.
  • All WLAN traffic must flow through the WLAN controller.
  • Management frames and Control frames are always encapsulated in 802.3 frames

Answer : All WLAN traffic must flow through the WLAN controller.

When securing a wireless Ad Hoc network, which options are practical security mechanisms? (Choose three)


Options are :

  • IPSec/ESP
  • WEP
  • PPTP/MPPE VPN
  • WPA2-Personal
  • WPA-Enterprise
  • SSH2 VPN

Answer : IPSec/ESP WEP WPA2-Personal

PW0-104 Wireless LAN Administration Certified Practice Exam Set 5

ABC Company has implemented WPA2-Enterprise with PEAP on their WLAN. They use POP3/SSL for email retrieval. At what OSI layers is encryption applied using these security protocols? (Choose two)


Options are :

  • Layer-7
  • Layer-2
  • Layer-3
  • Layer-1
  • Layer-4

Answer : Layer-7 Layer-2

XYZ University has recently installed a secure WLAN solution. There have been no problems with network intrusion, but due to the weekend entertainment schedule of the university's social infrastructure, many access points in the residence halls have be damaged or stolen. What are some ways to prevent this type of security event from affecting network operation and security?


Options are :

  • Install access points in lockable enclosures in the ceiling or on the wall of the facilities
  • Migrate to a WLAN switched infrastructure with lightweight (thin) access points
  • Put an access point in each residence hall room and make the students responsible for the access point
  • Install web-based IP cameras in the same areas with access points to monitor theft

Answer : Install access points in lockable enclosures in the ceiling or on the wall of the facilities

As part of its corporate security policy, your organization requires all wireless LANs to be separated from the wired network core using a device capable of authentication, data encryption, and throughput limiting. Which device will accomplish this policy requirement?


Options are :

  • Personal firewall software
  • Wireless LAN controller
  • Wireless workgroup bridge
  • Transparent tunneling bridge

Answer : Wireless LAN controller

PW0-270 Certified Wireless Analysis Professional (CWAP) Exam Set 5

What is the primary difference between EAP-TLS and EAP-TTLS authentication?


Options are :

  • EAP-TLS is an authentication protocol, and EAP-TTLS is an encryption type
  • EAP-TLS uses a RADIUS server for authentication, and EAP-TTLS can only use Kerberos
  • EAP-TTLS provides strong client authentication and EAP-TLS does not
  • EAP-TTLS provides support for legacy client authentication methods, and EAP-TLS requires certificates forclient-side authentication

Answer : EAP-TTLS provides support for legacy client authentication methods, and EAP-TLS requires certificates forclient-side authentication

According to the 802.11i-2004 amendment, when is the 802.1X controlled port placed in an 'authorized' state?


Options are :

  • After a successful 4-Way Handshake
  • All the time, without regard to EAP user authentication
  • Only after the uncontrolled port has been opened for a specific period of time
  • After the EAP user has been mutually authenticated
  • During user authentication, but only after the EAP-Identity/Response frame is received

Answer : After a successful 4-Way Handshake

Which statements are true regarding deployment of lightweight access points? (Choose four)


Options are :

  • Lightweight access points cannot be deployed over the Internet due to Network Address Translation.
  • Lightweight access points may connect to the WLAN controller with either a Layer-2 or a Layer-3 protocol.
  • Lightweight access points may be controlled over either Layer-2 or Layer-3.
  • Lightweight access points may use DNS to locate their assigned WLAN controller
  • Lightweight access points support 802.3af and may connect directly to the WLAN controller or to anEthernet switch.

Answer : Lightweight access points may connect to the WLAN controller with either a Layer-2 or a Layer-3 protocol. Lightweight access points may be controlled over either Layer-2 or Layer-3. Lightweight access points may use DNS to locate their assigned WLAN controller Lightweight access points support 802.3af and may connect directly to the WLAN controller or to anEthernet switch.

PW0-104 Wireless LAN Administration Certified Practice Exam Set 2

An entity at one end of a point-to-point LAN segment that seeks to be authenticated by an Authenticator attached to the other end of that link' describes what role in the 802.1X 2004 standard?


Options are :

  • Authentication Server
  • Supplicant PAE
  • Ethernet Switch
  • EAPoL Peer

Answer : Supplicant PAE

ABC Company has a Microsoft Windows 2003 Active Directory (AD) environment with IAS (an EAP-enabled RADIUS server) installed at their corporate headquarters (HQ) and at all branch locations. The HQ IAS server is currently used to authenticate HQ 802.11g WLAN users. ABC is installing an 802.11g WLAN at a branch office, and they have hired you to advise them on the best way to implement authentication for branch WLAN users. How will you configure access points at the branch office for maximized authentication speed and reliability?


Options are :

  • Authenticate against the HQ IAS server. The HQ IAS will look up the user on the HQ AD servers.
  • Authenticate against the branch IAS server. The branch IAS server will look up the user on the HQ ADservers
  • Authenticate against the branch IAS server. The branch IAS server will proxy the request to the HQ IASserver. The HQ IAS server will look up the user on the HQ AD servers.
  • Authenticate against the branch IAS server. The branch IAS server will look up the user on the branch ADserver.

Answer : Authenticate against the branch IAS server. The branch IAS server will look up the user on the branch ADserver.

In order to implement a robust security network (RSN) as defined by the 802.11i-2004 amendment, an administrator may not implement _______________?


Options are :

  • The Pass-phrase-to-Preshared Key Algorithm
  • The Group Key Handshake
  • The Wired Equivalent Privacy (WEP) Cipher Suite
  • The STAKey Handshake

Answer : The Wired Equivalent Privacy (WEP) Cipher Suite

PW0-104 Wireless LAN Administration Practice Exam Set 5

ABC Company has 5 departments, and each requires a separate LAN segment and 802.11g WLAN connectivity. Which devices in ABC Company's network are unaware of the 802.1Q VLANs? (Choose two)


Options are :

  • Supplicant
  • Authenticator
  • Ethernet Switch
  • Authentication Server

Answer : Supplicant Authentication Server

The 802.11-2007 standard defines which two port access entities (PAEs)? (Choose two)


Options are :

  • Supplicant
  • Supplication Server
  • KDC
  • Authenticator
  • Encryptor

Answer : Supplicant Authenticator

Which encryption algorithm can use two keys to encrypt wireless data payloads?


Options are :

  • RC4
  • DES
  • RC5
  • 3DES

Answer : 3DES

PW0-105 Certified Wireless Network Administrator CWNA Exam Set 4

What is a consideration when implementing a security policy regarding wireless bridging?


Options are :

  • Bridge links cannot be protected by 802.1X/EAP authentication so an appropriate VPN solution must bechosen
  • Bridge links can be mistaken for public accesshot-spots
  • Bridge links should be used as corporate access points whenever possible
  • Bridge links can span miles so an intruder is unlikely to be seen or located

Answer : Bridge links can span miles so an intruder is unlikely to be seen or located

In an 802.11i-compliant 802.1X/EAP system, where are AAA keys generated?


Options are :

  • On the 802.1X Authenticator only
  • Manually by the network administrator
  • On the 802.1X Authentication Server only
  • Jointly negotiated between the 802.1X Supplicant andthe 802.1X AuthenticationServer

Answer : Jointly negotiated between the 802.1X Supplicant andthe 802.1X AuthenticationServer

The 802.11i 4-way handshake process is used with which secure WLAN implementations? (Choose two)


Options are :

  • When IPSec is used on an Enterprise Wireless Gateway
  • When WPA-Personal is used on a SOHO WLAN router
  • When WPA2-Enterprise is used on an enterprise class thick AP
  • When static WEP-128 is used on a WLAN switch

Answer : When WPA-Personal is used on a SOHO WLAN router When WPA2-Enterprise is used on an enterprise class thick AP

PW0-270 Certified Wireless Analysis Professional (CWAP) Exam Set 6

What is one method of implementing RADIUS-based VLAN assignment?


Options are :

  • SSID assignment
  • VSA access lists
  • VLAN map matrix
  • Roaming profiles

Answer : SSID assignment

Given: ABC University is deploying a WLAN across 30 campus buildings to provide wireless network and Internet access to 15,000 college students. ABC's security policy mandates physical security of infrastructure network devices.What would be the most effective steps for upholding ABC's physical security requirements throughout their network? (Choose two)


Options are :

  • Use access points with non-removable antennas to prevent antenna theft.
  • Always mount APs in redundant pairs as a precaution against tampering.
  • Install access points in lockable ceiling-mount enclosures.
  • Enable security and configure strong passwords for HTTP management on the APs.

Answer : Use access points with non-removable antennas to prevent antenna theft. Install access points in lockable ceiling-mount enclosures.

Which of the following wireless security policies helps to prevent the wireless enabled laptops from peer-topeer attacks when the laptops are used in public access network?


Options are :

  • Use protocol analyzer
  • Use firewall.
  • Use security protocols
  • Use Port Address Translation

Answer : Use firewall. Use security protocols

PW0-270 Certified Wireless Analysis Professional (CWAP) Exam Set 1

Which wireless security protocol cannot use digital certificates for both the supplicant and authentication server?


Options are :

  • EAP-TTLS
  • EAP-TLS
  • PEAPv0/EAP-TLS
  • IPSec VPN
  • LEAP

Answer : LEAP

Which of the following is an access control model that allows users to access any of the resources according to his role in an organization?


Options are :

  • CBAC
  • LDAP
  • RBAC
  • LDP

Answer : RBAC

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions