Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Legit CWSP-207 Exam Download

Page: 2 / 6
Question 8

Which one of the following describes the correct hierarchy of 802.1X authentication key derivation?

Options:

A.

The MSK is generated from the 802.1X/EAP authentication. The PMK is derived from the MSK. The PTK is derived from the PMK, and the keys used for actual data encryption are a part of the PTK.

B.

If passphrase-based client authentication is used by the EAP type, the PMK is mapped directly from the user’s passphrase. The PMK is then used during the 4-way handshake to create data encryption keys.

C.

After successful EAP authentication, the RADIUS server generates a PMK. A separate key, the MSK, is derived from the AAA key and is hashed with the PMK to create the PTK and GTK.

D.

The PMK is generated from a successful mutual EAP authentication. When mutual authentication is not used, an MSK is created. Either of these two keys may be used to derive the temporal data encryption keys during the 4-way handshake.

Question 9

Given: A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and willreplace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication.

For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

Options:

A.

WPA2-Enterprise authentication/encryption

B.

Internal RADIUS server

C.

WIPS support and integration

D.

802.1Q VLAN trunking

E.

SNMPv3 support

Question 10

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

Options:

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Question 11

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

Options:

A.

Awareness of the exact vendor devices being installed

B.

Management support for the process

C.

End-user training manuals for the policies to be created

D.

Security policy generation software

Page: 2 / 6
Exam Code: CWSP-207
Exam Name: Certified Wireless Security Professional (CWSP)
Last Update: Nov 24, 2024
Questions: 119
CWSP-207 pdf

CWSP-207 PDF

$25.5  $84.99
CWSP-207 Engine

CWSP-207 Testing Engine

$28.5  $94.99
CWSP-207 PDF + Engine

CWSP-207 PDF + Testing Engine

$40.5  $134.99