Question 1

Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering). How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

Options :

A : The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.

B : The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.

C : The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.

D : The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.

Answer: B

Question 2

Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server. Where must the X.509 server certificate and private key be installed in this network?

Options :

A : Supplicant devices

B : LDAP server

C : Controller-based APs

D : WLAN controller

E : RADIUS server

Answer: E

Question 3

Given: ABC Company is an Internet Service Provider with thousands of customers. ABC’s customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service toexisting customers in some public access areas and would like to use their existing database for authentication. How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

Options :

A :

Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.

B : Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.

C :

Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.

D : Implement a RADIUS server and query user authentication requests through the LDAP server.

Answer: D

Question 4

Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN. In this remote scenario, what single wireless security practice will provide the greatest security for Fred?

Options :

A : Use an IPSec VPN for connectivity to the office network

B : Use only HTTPS when agreeing to acceptable use terms on public networks

C : Use enterprise WIPS on the corporate office network

D : Use WIPS sensor software on the laptop to monitor for risks and attacks

E : Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots

F : Use secure protocols, such as FTP, for remote file transfers.

Answer: A

Question 5

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods. When writing the 802.11 security policy, what password-related items should be addressed?

Options :

A : MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B : Password complexity should be maximized so that weak WEP IV attacks are prevented.

C : Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D : Certificates should always be recommended instead of passwords for 802.11 client authentication.

E : EAP-TLS must be implemented in such scenarios.

Answer: C

Free CWSP-207 Mock Exam – Practice Online Confidently

Buying Options: