• Home
  • Articles
  • Verified CWSP-208 Dumps Q&As - CWSP-208 Test Engine with Correct Answers [Q65-Q90]

Verified CWSP-208 Dumps Q&As - CWSP-208 Test Engine with Correct Answers [Q65-Q90]

Share

Verified CWSP-208 Dumps Q&As - CWSP-208 Test Engine with Correct Answers

Pass Your CWSP-208 Dumps as PDF Updated on 2026 With 122 Questions

NEW QUESTION # 65
Given: Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.
While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)

  • A. Wi-Fi phishing
  • B. IGMP snooping
  • C. UDP port redirection
  • D. Management interface exploits
  • E. Man-in-the-Middle

Answer: A,E

Explanation:
Open networks with captive portals do not provide link-layer encryption, so:
A). Man-in-the-Middle (MitM): Attackers can intercept or modify traffic between the user and the legitimate network (especially before HTTPS negotiation).
B). Wi-Fi phishing: Evil twin APs may mimic the legitimate hotspot and show a fake captive portal, stealing user credentials or prompting malicious downloads.
Incorrect:
C). Management interface exploits target device admin panels, not typical client users.
D). UDP port redirection and
E). IGMP snooping are network-layer behaviors, not common user-targeted attacks.
References:
CWSP-208 Study Guide, Chapter 5 (Hotspot Vulnerabilities)
CWNP Wi-Fi Phishing and Evil Twin Defense Strategies


NEW QUESTION # 66
You must support a TSN as you have older wireless equipment that will not support the required processing of AES encryption. Which one of the following technologies will you use on the network so that a TSN can be implemented that would not be required in a network compliant with 802.11-2012 non-deprecated technologies?

  • A. RC4
  • B. WPA2
  • C. CCMP
  • D. WEP

Answer: A

Explanation:
A Transitional Security Network (TSN) allows legacy stations to interoperate by using older encryption methods. If AES (CCMP) is unsupported by older equipment, the network can fall back to TKIP, which uses RC4 as its encryption algorithm. TKIP enables AES encryption on newer devices while accommodating legacy clients.
Options A, C, D are current or deprecated standards with AES; only RC4 matches the transitional need.
References:
CWSP#207 Study Guide, Chapter 3 (TSN, TKIP, AES-CCMP)


NEW QUESTION # 67
In the IEEE 802.11-2012 standard, what is the purpose of the 802.1X Uncontrolled Port?

  • A. To block unencrypted user traffic after a 4-Way Handshake completes
  • B. To pass general data traffic after the completion of 802.11 authentication and key management
  • C. To allow only authentication frames to flow between the Supplicant and Authentication Server
  • D. To block authentication traffic until the 4-Way Handshake completes

Answer: C

Explanation:
The 802.1X Uncontrolled Port exists before a client is fully authenticated. It:
Permits only EAP/EAPoL frames to pass between the Supplicant and the Authenticator (AP or switch).
Blocks general data traffic until authentication completes.
After authentication, the Controlled Port is opened, allowing normal data flow.
Incorrect:
B). Authentication must complete before the 4-Way Handshake, not the other way around.
C). General data traffic uses the Controlled Port, not the Uncontrolled Port.
D). The Uncontrolled Port doesn't specifically deal with encrypted or decrypted user traffic.
References:
CWSP-208 Study Guide, Chapter 4 (802.1X Port Behavior)
IEEE 802.1X Overview


NEW QUESTION # 68
Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

  • A. Rogue APs
  • B. Eavesdropping
  • C. Social engineering
  • D. DoS

Answer: B,C

Explanation:
Wireless Intrusion Prevention Systems (WIPS) are excellent for detecting on-air threats such as rogue APs, DoS attacks, spoofing, and misconfigured devices. However, WIPS cannot detect:
C). Eavesdropping - Passive listening on wireless transmissions cannot be detected because no signal is transmitted by the attacker.
D). Social engineering - Human-based attacks like phishing or pretexting fall outside the scope of wireless monitoring.
Incorrect:
A). Rogue APs can be detected via MAC address comparison, frame analysis, and signal triangulation.
B). DoS attacks, such as deauth floods or RF jamming, can be detected with appropriate WIPS sensors.
References:
CWSP-208 Study Guide, Chapter 5 (WLAN Threats and Attacks)
CWNP WIPS Implementation Guidelines
CWNP Whitepapers on Wireless Threat Detection Capabilities


NEW QUESTION # 69
After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?

  • A. Authorized PEAP usernames must be added to the WIPS server's user database.
  • B. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.
  • C. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.
  • D. Separate security profiles must be defined for network operation in different regulatory domains

Answer: B

Explanation:
After deploying a WIPS, an essential baseline activity is to classify all detected devices in the RF environment. These classifications allow the system to enforce security policies and detect policy violations.
Classifications include:
Authorized (managed devices)
Rogue (unauthorized, possibly dangerous)
Neighbor (not part of your network but legitimate)
External or Ad hoc devices
Without this initial classification, WIPS cannot properly assess threats or trigger alarms.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Classification and Threat Management CWNP CWSP-208 Objectives: "Device Classification and Policy Enforcement"


NEW QUESTION # 70
Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data.
What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

  • A. Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.
  • B. Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops.
    It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.
  • C. Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.
  • D. The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.
  • E. All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

Answer: B

Explanation:
Most integrated Wi-Fi adapters in Windows laptops are not capable of entering "monitor mode" or capturing
802.11ac frames properly. Compatibility with protocol analyzers like Wireshark or Omnipeek requires special drivers or specific USB adapters. Therefore, it is recommended to use a USB adapter known to support monitor mode and frame capture on 802.11ac for accurate and complete data capture.
Incorrect:
A). Not all adapters support protocol analyzer features.
C). MU-MIMO support is irrelevant for frame capture.
D). Other analyzers besides Wireshark can decode 802.11ac (e.g., Omnipeek).
E). Remote capture is not the only method-local USB adapters are effective too.
References:
CWSP-208 Study Guide, Chapter 7 (WLAN Analysis Tools)
CWNP Protocol Analyzer Guide
Vendor documentation: Riverbed, Omnipeek, Wireshark Adapter Support Lists


NEW QUESTION # 71
ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.
What types of wireless attacks are protected by 802.11w? (Choose 2)

  • A. Robust management frame replay attacks
  • B. RF DoS attacks
  • C. Layer 2 Disassociation attacks
  • D. Social engineering attacks

Answer: A,C

Explanation:
802.11w, also known as Protected Management Frames (PMF), is designed to protect specific types of 802.11 management frames such as disassociation and deauthentication frames. These frames were previously sent unencrypted and could be spoofed by attackers to disconnect clients (DoS attacks). With 802.11w, these frames are cryptographically protected, mitigating such attacks.
PMF also includes replay protection for these management frames, preventing attackers from capturing and replaying them to disrupt network connectivity.
References:
CWSP-208 Study Guide, Chapter 6 (Wireless LAN Security Solutions)
IEEE 802.11w-2009 amendment
CWNP Whitepapers on PMF and Management Frame Protection


NEW QUESTION # 72
Wireless Intrusion Prevention Systems (WIPS) are used for what purposes? (Choose 3)

  • A. Security monitoring and notification
  • B. Preventing physical carrier sense attacks
  • C. Detecting and defending against eavesdropping attacks
  • D. Enforcing wireless network security policy
  • E. Performance monitoring and troubleshooting
  • F. Classifying wired client devices

Answer: A,D,E

Explanation:
WIPS provides multiple functionalities:
B). Policy enforcement - detects and responds to wireless threats such as rogue APs and misconfigurations.
D). Security monitoring - alerts staff when threats like deauth attacks or malware-hosting APs are detected.
A). Performance monitoring - supports diagnostics by capturing information on channel conditions, interference, and device behavior.
Incorrect options:
C). Detecting eavesdropping isn't feasible-passive listening cannot be identified by sensors.
E). Carrier sense DoS and F. Wired device classification are outside WIPS's scope.
References:
CWSP#207 Study Guide, Chapters 5-6 (WIPS Capabilities)


NEW QUESTION # 73
The following numbered items show some of the contents of each of the four frames exchanged during the 4- way handshake:
1. Encrypted GTK sent
2. Confirmation of temporal key installation
3. Anonce sent from authenticator to supplicant
4. Snonce sent from supplicant to authenticator, MIC included
Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.

  • A. 1, 2, 3, 4
  • B. 3, 4, 1, 2
  • C. 2, 3, 4, 1
  • D. 4, 3, 1, 2

Answer: B

Explanation:
The correct sequence of the 4-Way Handshake frames in WPA/WPA2 is:
Message 1: Authenticator sends ANonce to the supplicant # (3)
Message 2: Supplicant sends SNonce and a MIC to the authenticator # (4) Message 3: Authenticator sends GTK and confirms keys with MIC # (1) Message 4: Supplicant confirms installation of PTK/GTK # (2) This process ensures mutual key confirmation and integrity before data traffic begins.


NEW QUESTION # 74
The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

  • A. 4-Way Handshake
  • B. Group Key Handshake
  • C. DHCP Discovery
  • D. 802.1X/EAP authentication
  • E. RADIUS shared secret lookup
  • F. Passphrase-to-PSK mapping

Answer: D

Explanation:
In WPA2-Enterprise:
After successful Open System authentication and 802.11 association, the next step is 802.1X/EAP authentication via EAPOL frames.
This phase establishes user identity and derives the PMK.
Incorrect:
A). Group Key Handshake comes after the 4-Way Handshake.
C). DHCP occurs after authentication and key negotiation.
D). 4-Way Handshake follows successful 802.1X authentication.
E). PSK mapping applies to WPA2-Personal, not Enterprise.
F). The RADIUS shared secret is pre-configured between authenticator and RADIUS server-not part of real- time negotiation.
References:
CWSP-208 Study Guide, Chapter 3 (Authentication and Association Flowchart) IEEE 802.11-2012 Standard


NEW QUESTION # 75
You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer-grade wireless routers. The wireless routers will connect to a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.
To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?

  • A. WPA2-Enterprise
  • B. WPA-Enterprise
  • C. WPA2-Personal
  • D. 802.1X/EAP-PEAP

Answer: C

Explanation:
Given that only consumer-grade routers are used and no RADIUS server or enterprise infrastructure is mentioned, WPA2-Personal is the most secure option available. It uses a pre-shared key (PSK) for authentication and AES-CCMP for encryption, offering strong protection for small businesses lacking enterprise equipment.
Enterprise methods such as WPA2-Enterprise, 802.1X, and EAP-PEAP require a RADIUS server or authentication backend, which isn't supported in typical consumer-grade routers.
References:
CWSP-208 Study Guide, Chapter 3 (WLAN Security Technologies)
CWNP Wi-Fi Security Deployment Guide for Small Businesses
CWNP E-Learning Modules: WPA2-PSK vs WPA2-Enterprise


NEW QUESTION # 76
What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?

  • A. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.
  • B. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.
  • C. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.
  • D. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.

Answer: B

Explanation:
The PTK derivation requires:
PMK
ANonce (generated by the Authenticator)
SNonce (generated by the Supplicant)
MAC addresses of both Authenticator and Supplicant
Both the Supplicant and Authenticator derive the same PTK using identical inputs during the 4-Way Handshake.
Incorrect:
B). The nonces are shared-each party uses both ANonce and SNonce.
C). Nonces indicate no such validation message.
D). The MACs are part of the PTK input but not used to generate the nonces themselves.
References:
CWSP-208 Study Guide, Chapter 3 (4-Way Handshake)
IEEE 802.11i Key Management Process


NEW QUESTION # 77
Given: An 802.1X/EAP implementation includes an Active Directory domain controller running Windows Server 2012 and an AP from a major vendor. A Linux server is running RADIUS and it queries the domain controller for user credentials. A Windows client is accessing the network.
What device functions as the EAP Supplicant?

  • A. An unlisted switch
  • B. Windows client
  • C. An unlisted WLAN controller
  • D. Linux server
  • E. Access point
  • F. Windows server

Answer: B

Explanation:
In an 802.1X/EAP authentication model:
Supplicant: The device requesting access (the Windows client).
Authenticator: The AP or switch enforcing access decisions.
Authentication Server: The RADIUS server (Linux in this case), which communicates with a backend credential database (Active Directory).
The Windows client runs the EAP supplicant software to initiate authentication.
Incorrect:
A). The Linux server is the Authentication Server (not Supplicant).
C). The AP acts as the Authenticator.
D). The Windows Server is the credential store, not the supplicant.
References:
CWSP-208 Study Guide, Chapter 4 (802.1X Roles and Communication)
CWNP 802.1X Architecture Diagram


NEW QUESTION # 78
Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs.
Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:
SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher suite The consultant's computer can successfully authenticate and browse the Internet when using the Blue SSID.
The same computer cannot authenticate when using the Red SSID.
What is a possible cause of the problem?

  • A. The consultant does not have a valid Kerberos ID on the Blue VLAN.
  • B. The Red VLAN does not use server certificate, but the client requires one.
  • C. The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.
  • D. The TKIP cipher suite is not a valid option for PEAPv0 authentication.

Answer: C

Explanation:
PEAPv0/EAP-TLS is a tunneled EAP method that requires:
The server to present a certificate for TLS tunnel establishment.
The client to present a valid client certificate within the tunnel (in the case of EAP-TLS).
If the client does not have a valid X.509 certificate installed, authentication will fail.
Incorrect:
A). The server certificate is required for the TLS tunnel, and it is typically present; the issue here lies with the client cert.
B). TKIP is technically compatible with PEAPv0, although AES-CCMP is preferred.
D). Kerberos is unrelated to EAP authentication and VLAN use.
References:
CWSP-208 Study Guide, Chapter 4 (PEAP and EAP-TLS Authentication)
IEEE 802.1X and TLS Frameworks


NEW QUESTION # 79
Given: You view a protocol analyzer capture decode with the following protocol frames listed in the following order (excluding the ACK frames):
1) 802.11 Probe Request and 802.11 Probe Response
2) 802.11 Auth and another 802.11 Auth
2) 802.11 Assoc Req and 802.11 Assoc Rsp
4) EAPOL-Start
5) EAP Request and EAP Response
6) EAP Request and EAP Response
7) EAP Request and EAP Response
8) EAP Request and EAP Response
9) EAP Request and EAP Response
10) EAP Success
19) EAPOL-Key (4 frames in a row)
What are you seeing in the capture file? (Choose 4)

  • A. WPA2-Personal authentication
  • B. Wi-Fi Protected Setup with PIN
  • C. 802.1X with Dynamic WEP
  • D. Active Scanning
  • E. 802.11 Open System authentication
  • F. WPA2-Enterprise authentication
  • G. 4-Way Handshake

Answer: D,E,F,G

Explanation:
A). WPA2-Enterprise authentication: The multiple EAP Request/Response exchanges followed by an EAP Success and a 4-Way Handshake (EAPOL-Key frames) indicate 802.1X authentication, characteristic of WPA2-Enterprise.
C). 802.11 Open System authentication: Two Auth frames (request and response) without encryption negotiation signify Open System Authentication - a default in RSN setups.
F). Active Scanning: Begins with Probe Request and Probe Response - part of an active scan process.
G). 4-Way Handshake: Identified by four sequential EAPOL-Key frames, completing the authentication process in WPA2.
References:
CWSP-208 Study Guide, Chapter 6 - Frame Analysis of Enterprise Authentication CWNP CWSP-208 Objectives: "EAP Authentication Flow" and "4-Way Handshake Analysis"


NEW QUESTION # 80
You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:
1. SSID: Guest - VLAN 90 - Security: Open with captive portal authentication - 2 current clients
2. SSID: ABCData - VLAN 10 - Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP - 5 current clients
3. SSID: ABCVoice - VLAN 60 - Security: WPA2-Personal - 2 current clients Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.
What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?

  • A. All clients that are associated to the AP using the ABCData SSID
  • B. All clients that are associated to the AP using any SSID
  • C. Only the members of the executive team that are part of the multicast group configured on the media server
  • D. All clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.

Answer: A

Explanation:
The GTK (Group Temporal Key) is used to encrypt multicast/broadcast traffic.
Each SSID has a unique GTK.
Only clients on the same SSID (ABCData) will receive and be able to decrypt multicast traffic encrypted with ABCData's GTK.
Incorrect:
A). Application-layer authentication does not affect GTK distribution.
C). Clients on other SSIDs (e.g., Guest, ABCVoice) have different GTKs and cannot decrypt ABCData's multicast traffic.
D). Each SSID uses a unique GTK; GTKs are not shared across SSIDs.
References:
CWSP-208 Study Guide, Chapter 3 (GTK Usage in Multicast)
IEEE 802.11i and CCMP Specifications


NEW QUESTION # 81
Given: ABC Corporation's 802.11 WLAN is comprised of a redundant WLAN controller pair (N+1) and 30 access points implemented in 2004. ABC implemented WEP encryption with IPSec VPN technology to secure their wireless communication because it was the strongest security solution available at the time it was implemented. IT management has decided to upgrade the WLAN infrastructure and implement Voice over Wi-Fi and is concerned with security because most Voice over Wi-Fi phones do not support IPSec.
As the wireless network administrator, what new security solution would be best for protecting ABC's data?

  • A. Migrate to a multi-factor security solution to replace IPSec; use WEP with MAC filtering, SSID hiding, stateful packet inspection, and VLAN segmentation.
  • B. Migrate corporate data and Voice over Wi-Fi devices to WPA2-Enterprise with fast secure roaming support, and segment Voice over Wi-Fi data on a separate VLAN.
  • C. Migrate corporate data clients to WPA-Enterprise and segment Voice over Wi-Fi phones by assigning them to a different frequency band.
  • D. Migrate all 802.11 data devices to WPA-Personal, and implement a secure DHCP server to allocate addresses from a segmented subnet for the Voice over Wi-Fi phones.

Answer: B

Explanation:
Comprehensive Detailed Explanation:
To support real-time applications like Voice over Wi-Fi:
WPA2-Enterprise ensures robust security using 802.1X and AES-CCMP.
Fast secure roaming (802.11r) is essential to maintain voice session quality.
VLAN segmentation improves network performance and security between voice and data devices.
Incorrect:
A). WPA-Enterprise is less secure than WPA2, and frequency band segmentation doesn't address QoS and security together.
C). WEP is deprecated and insecure even with added measures.
D). WPA-Personal lacks centralized authentication and doesn't support enterprise-grade security or fast roaming.
References:
CWSP-208 Study Guide, Chapter 6 (Voice WLAN Security)
CWNP Guide to Secure WLAN Design


NEW QUESTION # 82
In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce? (Choose 2)

  • A. The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).
  • B. They are input values used in the derivation of the Pairwise Transient Key.
  • C. They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.
  • D. They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.
  • E. They are added together and used as the GMK, from which the GTK is derived.

Answer: B,C

Explanation:
In the 802.11 4-Way Handshake:
D: The ANonce (from the AP) and SNonce (from the STA) are critical entropy values used along with the PMK, MAC addresses, etc., to derive the PTK securely.
E: This process ensures both parties derive the same PTK without ever transmitting the key over the air, mitigating interception risk.
Incorrect:
A). Nonces are not padding bytes.
B). Nonces are not the MIC; MIC is a separate integrity mechanism.
C). GMK and GTK are for group keys, not derived from nonces.
References:
CWSP-208 Study Guide, Chapter 3 (4-Way Handshake Mechanics)
IEEE 802.11i Specification


NEW QUESTION # 83
Given: You are using WEP as an encryption solution. You are using VLANs for network segregation.
Why can you not establish an RSNA?

  • A. RSNA connections require BIP and do not support TKIP, CCMP or WEP.
  • B. RSNA connections require TKIP or CCMP.
  • C. RSNA connections do not work in conjunction with VLANs.
  • D. RSNA connections require CCMP and do not support TKIP or WEP.

Answer: B

Explanation:
RSNA (Robust Security Network Association), as defined by 802.11i, requires:
TKIP (WPA) or CCMP (WPA2) for encryption.
WEP is deprecated and not supported for RSNA since it does not meet RSN standards.
Incorrect:
B & C. BIP is not required for RSNA formation-it is used for management frame protection (802.11w).
D). VLANs are orthogonal to RSNA-network segmentation does not interfere with RSNA formation.
References:
CWSP-208 Study Guide, Chapter 3 (RSNA Formation and Key Hierarchy)
IEEE 802.11i and 802.11-2012 Standards


NEW QUESTION # 84
Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.
As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication?
(Choose 2)

  • A. LEAP's use of MS-CHAPv2 is only secure when combined with WEP.
  • B. MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.
  • C. MS-CHAPv2 is subject to offline dictionary attacks.
  • D. MS-CHAPv2 uses AES authentication, and is therefore secure.
  • E. When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.
  • F. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

Answer: C,F

Explanation:
MS-CHAPv2 is a widely used authentication protocol, but it has notable weaknesses:
B). MS-CHAPv2 is vulnerable to offline dictionary attacks. Attackers can capture authentication exchanges and attempt password guesses offline due to predictable hashing behavior.
D). The only secure use of MS-CHAPv2 is inside a secure tunnel (e.g., EAP-TTLS or PEAP), where credentials are protected during transmission.
Incorrect:
A). MS-CHAPv2 is used in WPA2-Enterprise, not WPA-Personal, and it is allowed under WPA2-Enterprise via PEAP.
C). WEP does not enhance LEAP's security; it compounds vulnerabilities.
E and F. MS-CHAPv2 does not use AES for authentication. Using AES-CCMP for encryption does not fix MS-CHAPv2's weaknesses.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Methods and Authentication Protocols) CWNP MS-CHAPv2 and PEAP Implementation Guidelines Microsoft MS-CHAPv2 Vulnerability Advisories


NEW QUESTION # 85
Given: ABC Company is deploying an IEEE 802.11-compliant wireless security solution using 802.1X/EAP authentication. According to company policy, the security solution must prevent an eavesdropper from decrypting data frames traversing a wireless connection.
What security characteristics and/or components play a role in preventing data decryption? (Choose 2)

  • A. Integrity Check Value (ICV)
  • B. Multi-factor authentication
  • C. Encrypted Passphrase Protocol (EPP)
  • D. Group Temporal Keys
  • E. PLCP Cyclic Redundancy Check (CRC)
  • F. 4-Way Handshake

Answer: D,F

Explanation:
To prevent data decryption:
B). The 4-Way Handshake derives and installs unique unicast keys (PTKs) on both client and AP.
F). The GTK is used to encrypt broadcast and multicast frames, ensuring group traffic is protected.
Incorrect:
A). Multi-factor authentication enhances identity assurance but not encryption.
C). PLCP CRC checks for transmission errors but does not secure data.
D). EPP is not a valid or recognized encryption protocol.
E). ICV was used in WEP and is cryptographically weak.
References:
CWSP-208 Study Guide, Chapter 3 (Key Hierarchy and 4-Way Handshake)
IEEE 802.11i Standard


NEW QUESTION # 86
As a part of a large organization's security policy, how should a wireless security professional address the problem of rogue access points?

  • A. Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.
  • B. Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.
  • C. Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.
  • D. A trained employee should install and configure a WIPS for rogue detection and response measures.
  • E. Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

Answer: D

Explanation:
Rogue APs pose a significant risk and should be detected and mitigated automatically.
D). A properly configured Wireless Intrusion Prevention System (WIPS) can detect unauthorized APs and prevent client associations to them in real time.
Incorrect:
A). While WPA2-Enterprise adds client-level protection, it does not detect rogue APs.
B). Hiding SSIDs is ineffective-SSIDs are still discoverable in management frames.
C). Manual scans are labor-intensive and impractical for ongoing monitoring.
E). Port security controls wired threats but cannot detect rogue APs using wireless signals.
References:
CWSP-208 Study Guide, Chapter 6 (Wireless Intrusion Prevention Systems) CWNP Rogue Detection Strategies


NEW QUESTION # 87
Given: One of the security risks introduced by WPA2-Personal is an attack conducted by an authorized network user who knows the passphrase. In order to decrypt other users' traffic, the attacker must obtain certain information from the 4-way handshake of the other users.
In addition to knowing the Pairwise Master Key (PMK) and the supplicant's address (SA), what other three inputs must be collected with a protocol analyzer to recreate encryption keys? (Choose 3)

  • A. GTKSA
  • B. Authenticator address (BSSID)
  • C. Authentication Server nonce
  • D. Authenticator nonce
  • E. Supplicant nonce

Answer: B,D,E

Explanation:
To recreate the Pairwise Transient Key (PTK) during an offline attack on WPA2-Personal, the following components must be collected:
PMK (derived from the passphrase)
Supplicant MAC address (SA)
Authenticator MAC address (BSSID)
Supplicant Nonce (SNonce)
Authenticator Nonce (ANonce)
These values are used in the PTK derivation function:
PTK = PRF(PMK, "Pairwise key expansion", Min(AA, SPA) || Max(AA, SPA) || Min(ANonce, SNonce) || Max(ANonce, SNonce)) Incorrect:
D). GTKSA refers to the Group Temporal Key Security Association, unrelated to PTK derivation.
E). Authentication Server nonce is used in 802.1X-based Enterprise networks, not in WPA2-Personal.
References:
CWSP-208 Study Guide, Chapter 3 (WPA2-PSK Key Management)
IEEE 802.11i-2004 Standard
CWNP Learning Portal: WPA2 Handshake and PTK Derivation


NEW QUESTION # 88
What software and hardware tools are used together to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network? (Choose 2)

  • A. A wireless workgroup bridge and a protocol analyzer
  • B. RF jamming device and a wireless radio card
  • C. DHCP server software and access point software
  • D. MAC spoofing software and MAC DoS software
  • E. A low-gain patch antenna and terminal emulation software

Answer: B,C

Explanation:
To hijack a wireless client, attackers often use:
An RF jamming device to disconnect the client from the legitimate AP (via deauth attacks or RF disruption) A rogue AP (created using access point software) that impersonates the real network DHCP server software to assign IP addresses and act as a gateway, completing the fake network Incorrect:
B). Terminal emulation is not relevant.
C). Workgroup bridges and protocol analyzers are for monitoring, not attacking.
E). MAC spoofing and DoS do not complete a hijack.
References:
CWSP-208 Study Guide, Chapter 5 (Hijacking Tools and Techniques)
CWNP Practical WLAN Attack Tools Guide


NEW QUESTION # 89
Given: In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2- Personal.
What statement about the WLAN security of this company is true?

  • A. Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.
  • B. An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user's 4-Way Handshake.
  • C. Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.
  • D. An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.
  • E. A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.

Answer: E

Explanation:
In WPA2-Personal, each client derives its Pairwise Transient Key (PTK) based on a shared Pairwise Master Key (PMK) and values exchanged during the 4-Way Handshake. Therefore, even if the passphrase is cracked, an attacker must still capture the 4-Way Handshake for each target client in order to decrypt their unicast traffic.
Incorrect:
A). Incorrect because cracking the passphrase allows decrypting data traffic after capturing the 4-Way Handshake.
C). WPA2 encrypts multicast and broadcast traffic using the GTK, which unauthorized clients cannot derive.
D). Capturing BSSID and MAC isn't enough without knowing the passphrase and the full 4-Way Handshake.
E). Hijacking is harder in WPA2-Personal due to the dynamic PTK derived per session.
References:
CWSP-208 Study Guide, Chapter 3 (WPA2-PSK Key Management)
CWNP Learning: WLAN Encryption and PTK Derivation


NEW QUESTION # 90
......

Pass CWNP CWSP-208 Exam Info and Free Practice Test: https://www.testpdf.com/CWSP-208-exam-braindumps.html

CWNP CWSP-208 Real Exam Questions and Answers FREE: https://drive.google.com/open?id=1bNfUVEdPtcNMYdokX_3RTvlGgUdjQsxq 

Related Articles

more
CWNP CWSP-208 Certification Practice Exam