CWNP CWSP-208 Exam Questions Simulate Actual CWSP-208 Exam

Category:

Comments:

0 Comments

Post Date:

July 9, 2025

CWSP-208 exam dumps questions are designed to simulate the actual exam. This means that you will get a feel for the types of questions you can expect to see on the exam, as well as the format and difficulty level. In addition, CWSP Certification CWSP-208 dumps are often accompanied by detailed explanations and answers. This means that if you get a question wrong, you can learn from your mistake and understand why the correct answer is the right one. Test free online CWSP-208 exam dumps below.

Page 1 of 4

1. You are implementing a wireless LAN that will be used by point-of-sale (PoS) systems in a retail environment. Thirteen PoS computers will be installed.

To what industry requirement should you ensure you adhere?

ISA99

HIPAA

PCI-DSS

Directive 8500.01

2. Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter.

Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data.

What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.

Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIM

Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.

The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.

3. What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)

EAP-MD5

EAP-TLS

LEAP

PEAPv0/MSCHAPv2

EAP-TTLS

4. What elements should be addressed by a WLAN security policy? (Choose 2)

Enabling encryption to prevent MAC addresses from being sent in clear text

How to prevent non-IT employees from learning about and reading the user security policy

End-user training for password selection and acceptable network use

The exact passwords to be used for administration interfaces on infrastructure devices

Social engineering recognition and mitigation techniques

5. When TKIP is selected as the pairwise cipher suite, what frame types may be protected with data confidentiality? (Choose 2)

Robust broadcast management

Robust unicast management

Control

Data

ACK

QoS Data

6. You are implementing an 802.11ac WLAN and a WIPS at the same time. You must choose between integrated and overlay WIPS solutions.

Which of the following statements is true regarding integrated WIPS solutions?

Integrated WIPS always perform better from a client throughput perspective because the same radio that performs the threat scanning also services the clients.

Integrated WIPS use special sensors installed alongside the APs to scan for threats.

Many integrated WIPS solutions that detect Voice over Wi-Fi traffic will cease scanning altogether to accommodate the latency sensitive client traffic.

Integrated WIPS is always more expensive than overlay WIP

7. Given: WLAN attacks are typically conducted by hackers to exploit a specific vulnerability within a network.

What statement correctly pairs the type of WLAN attack with the exploited vulnerability? (Choose 3)

Management interface exploit attacks are attacks that use social engineering to gain credentials from managers.

Zero-day attacks are always authentication or encryption cracking attacks.

RF DoS attacks prevent successful wireless communication on a specific frequency or frequency range.

Hijacking attacks interrupt a user’s legitimate connection and introduce a new connection with an evil twin A

Social engineering attacks are performed to collect sensitive information from unsuspecting users

Association flood attacks are Layer 3 DoS attacks performed against authenticated client stations

8. Given: You view a protocol analyzer capture decode with the following protocol frames listed in the following order (excluding the ACK frames):

1) 802.11 Probe Request and 802.11 Probe Response

2) 802.11 Auth and another 802.11 Auth

2) 802.11 Assoc Req and 802.11 Assoc Rsp

4) EAPOL-Start

5) EAP Request and EAP Response

6) EAP Request and EAP Response

7) EAP Request and EAP Response

8) EAP Request and EAP Response

9) EAP Request and EAP Response

10) EAP Success

19) EAPOL-Key (4 frames in a row)

What are you seeing in the capture file? (Choose 4)

WPA2-Enterprise authentication

WPA2-Personal authentication

802.11 Open System authentication

802.1X with Dynamic WEP

Wi-Fi Protected Setup with PIN

Active Scanning

4-Way Handshake

9. What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

AKM Suite List

Group Cipher Suite

RSN Capabilities

Pairwise Cipher Suite List

10. What attack cannot be detected by a Wireless Intrusion Prevention System (WIPS)?

MAC Spoofing

Eavesdropping

Hot-spotter

Soft AP

Deauthentication flood

EAP flood

Page 2 of 4

11. What type of WLAN attack is prevented with the use of a per-MPDU TKIP sequence counter (TSC)?

Weak-IV

Forgery

Replay

Bit-flipping

Session hijacking

12. Which one of the following describes the correct hierarchy of 802.1X authentication key derivation?

The MSK is generated from the 802.1X/EAP authentication. The PMK is derived from the MS

The PTK is derived from the PMK, and the keys used for actual data encryption are a part of the PT

If passphrase-based client authentication is used by the EAP type, the PMK is mapped directly from the user’s passphrase. The PMK is then used during the 4-way handshake to create data encryption keys.

After successful EAP authentication, the RADIUS server generates a PM

A separate key, the MSK, is derived from the AAA key and is hashed with the PMK to create the PTK and GT

The PMK is generated from a successful mutual EAP authentication. When mutual authentication is not used, an MSK is created. Either of these two keys may be used to derive the temporal data encryption keys during the 4-way handshake.

13. What preventative measures are performed by a WIPS against intrusions?

EAPoL Reject frame flood against a rogue AP

Evil twin attack against a rogue AP

Deauthentication attack against a classified neighbor AP

ASLEAP attack against a rogue AP

Uses SNMP to disable the switch port to which rogue APs connect

14. Given: You are using WEP as an encryption solution. You are using VLANs for network segregation.

Why can you not establish an RSNA?

RSNA connections require TKIP or CCM

RSNA connections require BIP and do not support TKIP, CCMP or WE

RSNA connections require CCMP and do not support TKIP or WE

RSNA connections do not work in conjunction with VLANs.

15. You work as the security administrator for your organization. In relation to the WLAN, you are viewing a dashboard that shows security threat, policy compliance and rogue threat charts.

What type of system is in view?

Wireshark Protocol Analyzer

Wireless VPN Management Systems

Wireless Intrusion Prevention System

Distributed RF Spectrum Analyzer

WLAN Emulation System

16. What statement accurately describes the functionality of the IEEE 802.1X standard?

Port-based access control with EAP encapsulation over the LAN (EAPoL)

Port-based access control with dynamic encryption key management and distribution

Port-based access control with support for authenticated-user VLANs only

Port-based access control with mandatory support of AES-CCMP encryption

Port-based access control, which allows three frame types to traverse the uncontrolled port: EAP, DHCP, and DN

17. Given: A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, the company is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication.

For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

WPA2-Enterprise authentication/encryption

Internal RADIUS server

WIPS support and integration

802.1Q VLAN trunking

SNMPv3 support

18. Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.

In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

Intruders can send spam to the Internet through the guest VLA

Peer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

Unauthorized users can perform Internet-based network attacks through the WLA

Guest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

19. Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity.

What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?

Configure WPA2-Enterprise security on the access point

Block TCP port 25 and 80 outbound on the Internet router

Require client STAs to have updated firewall and antivirus software

Allow only trusted patrons to use the WLAN

Use a WIPS to monitor all traffic and deauthenticate malicious stations

Implement a captive portal with an acceptable use disclaimer

20. Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

Awareness of the exact vendor devices being installed

Management support for the process

End-user training manuals for the policies to be created

Security policy generation software

Page 3 of 4

21. In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from 802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC’s facility. ABC has always been highly security conscious, but due to budget limitations, they have not

yet updated their overlay WIPS solution to 802.11n or 802.11ac.

Given ABC’s deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?

Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client

Rogue AP operating in Greenfield 40 MHz-only mode

802.11a STA performing a deauthentication attack against 802.11n APs

802.11n client spoofing the MAC address of an authorized 802.11n client

22. Given: ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering).

How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.

The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.

The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.

The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a 4-Way Handshake prior to user authentication.

23. When monitoring APs within a LAN using a Wireless Network Management System (WNMS), what secure protocol may be used by the WNMS to issue configuration changes to APs?

IPSec/ESP

TFTP

802.1X/EAP

SNMPv3

PPTP

24. The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?

Phase Shift Key (PSK)

Group Master Key (GMK)

Pairwise Master Key (PMK)

Group Temporal Key (GTK)

PeerKey (PK)

Key Confirmation Key (KCK)

25. Your organization required compliance reporting and forensics features in relation to the 802.11ac WLAN they have recently installed. These features are not built into the management system provided by the WLAN vendor. The existing WLAN is managed through a centralized management console provided by the AP vendor with distributed APs and multiple WLAN controllers configured through this console.

What kind of system should be installed to provide the required compliance reporting and forensics features?

WNMS

WIPS overlay

WIPS integrated

Cloud management platform

26. Given: ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations.

As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

MS-CHAPv2 is subject to offline dictionary attacks.

LEAP’s use of MS-CHAPv2 is only secure when combined with WE

MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

MS-CHAPv2 uses AES authentication, and is therefore secure.

When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

27. Given: An 802.1X/EAP implementation includes an Active Directory domain controller running Windows Server 2012 and an AP from a major vendor. A Linux server is running RADIUS and it queries the domain controller for user credentials. A Windows client is accessing the network.

What device functions as the EAP Supplicant?

Linux server

Windows client

Access point

Windows server

An unlisted switch

An unlisted WLAN controller

28. Given: Fred works primarily from home and public wireless hot-spots rather than commuting to the office. He frequently accesses the office network remotely from his Mac laptop using the local 802.11 WLAN.

In this remote scenario, what single wireless security practice will provide the greatest security for Fred?

Use an IPSec VPN for connectivity to the office network

Use only HTTPS when agreeing to acceptable use terms on public networks

Use enterprise WIPS on the corporate office network

Use WIPS sensor software on the laptop to monitor for risks and attacks

Use 802.1X/PEAPv0 to connect to the corporate office network from public hot-spots

Use secure protocols, such as FTP, for remote file transfers.

29. Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2-Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.

What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?

EAP-FAST

EAP-TLS

PEAPv0/EAP-MSCHAPv2

LEAP

PEAPv0/EAP-TLS

EAP-TTLS/MSCHAPv2

30. Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server.

Where must the X.509 server certificate and private key be installed in this network?

Supplicant devices

LDAP server

Controller-based APs

WLAN controller

RADIUS server

Page 4 of 4

31. Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC’s preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.

What security best practices should be followed in this deployment scenario?

An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to H

APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

RADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.

Remote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.

32. What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

H-REAP

EAP-GTC

EAP-TTLS

PEAP

LEAP

33. What wireless security protocol provides mutual authentication without using an X.509 certificate?

EAP-FAST

EAP-MD5

EAP-TLS

PEAPv0/EAP-MSCHAPv2

EAP-TTLS

PEAPv1/EAP-GTC

34. Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)

Configuration distribution for autonomous APs

Wireless vulnerability assessment

Application-layer traffic inspection

Analysis and reporting of AP CPU utilization

Policy enforcement and compliance management

35. In the IEEE 802.11-2012 standard, what is the purpose of the 802.1X Uncontrolled Port?

To allow only authentication frames to flow between the Supplicant and Authentication Server

To block authentication traffic until the 4-Way Handshake completes

To pass general data traffic after the completion of 802.11 authentication and key management

To block unencrypted user traffic after a 4-Way Handshake completes

TAGS:

CWSP-208, CWSP-208 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get CWSP-208 Dumps Full Version

Q&As: 119
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

CWNP CWSP-208 Exam Questions Simulate Actual CWSP-208 Exam

Related

Posts

Test Online CWDP-305 Dumps Questions to Be Certified

CWTS-102 Dumps Questions Increase Your Chance of Success

CWDP-305 Dumps Questions Increase Your Chance of Success

CWICP-202 Dumps Help You Study Objectives

About Us

EMAIL

Services

Opening Hours