Question No. 1

Given: Many corporations configure guest VLANs on their WLAN controllers that allow visitors to have Internet access only. The guest traffic is tunneled to the DMZ to prevent some security risks.

In this deployment, what risks are still associated with implementing the guest VLAN without any advanced traffic monitoring or filtering features enabled? (Choose 2)

AIntruders can send spam to the Internet through the guest VLAN.

BPeer-to-peer attacks can still be conducted between guest users unless application-layer monitoring and filtering are implemented.

CUnauthorized users can perform Internet-based network attacks through the WLAN.

DGuest users can reconfigure AP radios servicing the guest VLAN unless unsecure network management protocols (e.g. Telnet, HTTP) are blocked.

EOnce guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

Show Answer

Correct Answer: A, C

Question No. 2

What security benefits are provided by endpoint security solution software? (Choose 3)

ACan prevent connections to networks with security settings that do not conform to company policy

BCan collect statistics about a user's network use and monitor network threats while they are connected

CCan restrict client connections to networks with specific SSIDs and encryption types

DCan be used to monitor for and prevent network attacks by nearby rogue clients or APs

Show Answer

Correct Answer: A, B, C

Question No. 3

Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.

What security best practices should be followed in this deployment scenario?

AAn encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.

BAPs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.

CRADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.

DRemote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.

Show Answer

Correct Answer: A

Question No. 4

When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?

AX.509 certificates

BUser credentials

CServer credentials

DRADIUS shared secret

Show Answer

Correct Answer: B

Question No. 5

What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?

ASharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.

BBecause OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.

CKey exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.

DThe Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.

Show Answer

Correct Answer: B

Free CWNP CWSP-207 Exam Actual Questions

The questions for CWSP-207 were last updated On Dec 18, 2024