CWSP-207 Exam Dumps - CWNP Certification Questions and Answers

The MSK is generated from the 802.1X/EAP authentication. The PMK is derived from the MSK. The PTK is derived from the PMK, and the keys used for actual data encryption are a part of the PTK.

If passphrase-based client authentication is used by the EAP type, the PMK is mapped directly from the user’s passphrase. The PMK is then used during the 4-way handshake to create data encryption keys.

After successful EAP authentication, the RADIUS server generates a PMK. A separate key, the MSK, is derived from the AAA key and is hashed with the PMK to create the PTK and GTK.

The PMK is generated from a successful mutual EAP authentication. When mutual authentication is not used, an MSK is created. Either of these two keys may be used to derive the temporal data encryption keys during the 4-way handshake.

WPA2-Enterprise authentication/encryption

Internal RADIUS server

WIPS support and integration

802.1Q VLAN trunking

SNMPv3 support

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

A trained employee should install and configure a WIPS for rogue detection and response measures.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Awareness of the exact vendor devices being installed

Management support for the process

End-user training manuals for the policies to be created

Security policy generation software

Enabling encryption to prevent MAC addresses from being sent in clear text

How to prevent non-IT employees from learning about and reading the user security policy

End-user training for password selection and acceptable network use

The exact passwords to be used for administration interfaces on infrastructure devices

Social engineering recognition and mitigation techniques

Require Port Address Translation (PAT) on each laptop.

Require secure applications such as POP, HTTP, and SSH.

Require VPN software for connectivity to the corporate network.

Require WPA2-Enterprise as the minimal WLAN security solution.

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

EAP-TLS must be implemented in such scenarios.