|
Question 1.
Company.com has an 802.11b/g mixed mode deployment, and they are currently experiencing random throughput problems around the entire network. When the network was originally installed, there were both 802.11b and 802.11g stations on the network, but throughput levels were acceptable at any given time. To troubleshoot this issue, you have deployed a distributed wireless protocol analyzer, and it has noted a significantly greater percentage of 1 Mbps Data traffic being sent in random places across the network as compared with the initial baseline testing.
When the network was installed, you considered only a minimal amount of 1 Mbps Data traffic acceptable.
What could be causing this problem, and how would the analyzer know about the 1 Mbps traffic?
A. Due to changes in the office environment, some client stations are moving further away from
the access points than when the baseline tests were performed. The analyzer views the
SIGNAL field in the PLCP header to see the frames transmission rates.
B. A wireless network management system has updated all access points to allow only use of the
long slot time. The analyzer views the SERVICE field in the PLCP header to see the
frames? Transmission rates
C. A new 802.11g station has a minimum transmission rate set at 1 Mbps. The analyzer views the
Start Frame Delimiter (SFD) field in the PLCP header to see the frames? Transmission rates
D. An access point configured for 802.11b/g mixed mode has been reconfigured to send
downstream traffic in a round-robin fashion when protection is enabled. The analyzer views
the length of the preamble to determine the transmission rate of associated stations.
Answer: A
Question 2.
In compliance with the 802.11g standard, access points may provide which services to increase overall network performance in an OFDM-only environment?
A. Short PLCP Preamble support
B. Short Slot Time
C. Fast Sleep Recovery
D. Downstream QoS
E. Arbitrary Beacon Spacing
Answer: B
Question 3.
Which of these is a key deliverable in the design phase?
A. Business Requirements Document, Preliminary Discovery Document, Technology
Requirements Document, Financial Analysis and Business Case
B. As-Built Solution Binder, Operations Support Plan Report, Change Management Status Report
C. Escalation Plan, Communications Plan, Staff Training Plan
D. Low Level Design, Staging Plan, Operations Plan, Migration Plan
E. WLAN Site Readiness Assessment Report, Voice over WLAN Assessment Report, Operations
Readiness Assessment Report
Answer: D
Question 4.
Given one screenshot of a fragment burst and another screenshot of one of the data frames decoded, determine which statements are true.
Exhibit:
A. The RTS/CTS threshold value on the transmitter is set to 500 bytes.
B. The frame decode shown is of the second fragment in the sequence.
C. The duration value of 508 uses is exactly enough to reserve the medium on behalf of the SIFS
and ACK to follow this fragment
D. The transmitter of this frame is allowed to change its power management mode to Active
E. This fragment is a retransmission.
F. The sequence number of 169 shown in the decode is unique to the communication between
the transmitting station and the access point.
Answer: D, F
Question 5.
The 802.11 series of standards calls for use of a Traffic Indication Map (TIM) and a Delivery Traffic Indication Message (DTIM).
Which of the following is true regarding the TIM and DTIM in an infrastructure BSS?
A. The TIM is a field in the Beacon Management frame that holds a map of every client station
associated to an access point. It is used for broadcast traffic delivery.
B. The TIM and DTIM are both part of the Beacon management frame and are both sent in every
Beacon for the purpose of announcing the modulation type and supported rate set of the
access point.
C. The DTIM parameters are part of each Beacon's TIM Information Element, and they are used
to indicate queued broadcast/multicast data to client stations using power management
features in the BSS.
D. The DTIM is used in 802.11a and 802.11g Beacons whereas the TIM is used only in 802.11b
Beacons. The DTIM purpose is to allow for higher rates of Beacon broadcasting and thus raise
overall data rates in OFDM based systems.
E. A DTIM period of 0 means that every TIM is a DTIM.
F. The first Beacon sent during a CFP must contain a DTIM
Answer: C, F
Question 6.
Which of these functions specifically relate to 802.11b/g mixed mode operation when both 802.11b and 802.11g client stations are active on the network?
A. CTS-to-Self frames
B. PS-Polling frames
C. Null Function Data frames
D. Fragmentation Thresholds
E. CF-End frames
Answer: A
Question 7.
What are the primary mechanisms used by an 802.11 BSS during a contention-free period to cause stations that are not the Point Coordinator to defer?
A. CF Parameter Set elements in the Beacons
B. The Pseudorandom Back off Timer in each station
C. Point Coordination Function Inter frame Space (PIFS)
D. Null Function data frames using SIFS
E. Contention-Free Polling List broadcasts
F. All frames transmitted during the CFP have a Duration field value of 32,768
Answer: A, C
Question 8.
This screenshot displays a frame capture of a single PING Request and PING Reply communication between two wireless client stations across a Wireless Distribution System (WDS).
Which packet numbers have both the From DS and ToDS bits set to 1?
Exhibit:
A. 1
B. 3
C. 5
D. 7
E. 9
F. 11
Answer: B, E
Question 9.
Many of the newest enterprise-class access points and wireless LAN switches support 802.1Q VLAN tagging.
When analyzing a wireless LAN network using 802.1Q tagging, where can the VLAN tag number be seen?
A. In the Sequence Control field of the MSDU
B. In the PLCP header Service field
C. In the Frame Control field of the MPDU header
D. In the Ethernet header on the wired port of the access point
E. In the Beacon Management frame Capabilities fixed field
Answer: D
Question 10.
Given the displayed wireless protocol analyzer trace, which of the following is true?
Exhibit:
A. 00:40:96:A1:9A:F9 is a client station performing a successful 802.1X/EAP re-authentication.
B. 00:0D:ED:A5:4F:70 is a client station sending unicast data frames to a network node on the
wired LAN.
C. Both 00:40:96:A1:9A:F9 and 00:0D:ED:A5:4F:70 are operating in Ad Hoc mode using WPA
compliant 802.1X/EAP authentication.
D. FF:FF:FF:FF:FF:FF is the access point, and data encrypted with static WEP is being sent from
a wired station to the wireless station 00:40:96:A1:9A:F9.
E. 00:40:96:A1:9A:F9 is a station sending encrypted broadcast data using an encryption key
generated by the authenticator.
Answer: E
Question 11.
Given the 802.11 frame decode shown, which of the following statements are true.
Exhibit:
A. The frame in the decode is an MMPDU.
B. The frame is a layer 2 broadcast.
C. The frame is the last fragment in a sequence of 3 fragments.
D. The MSDU was successfully encrypted with WEP
E. The 44 ec duration value is sufficient to cover the SIFS and ACK to follow
Answer: D, E
Question 12.
In order to get a visual representation of conversations happening across a wireless LAN, a Peer Map like the one shown can be used. Which of the following is true of most peer maps?
Exhibit:
A. Peer maps can be configured to display MAC layer or Network layer addressing.
B. Peer maps can be used to display the security mechanisms used between each pair of
network nodes.
C. Peer maps can show how much data is traversing a peer connection relative to other
connections.
D. Peer maps can be configured to show relative amounts of movement across a wireless LAN.
E. Peer maps can be used to identify modulation for each peer connection.
F. Peer maps can be used to quickly identify access points in a wireless LAN by using protocol
filters.
Answer: A, C, F
Question 13.
Which three service components are included in the optimize phase for WLAN? (Choose three.)
A. Security Administration
B. Change Management
C. Technology Assessment
D. Operations Assessment
E. Operations Readiness Assessment
F. Security Assessment
Answer: C, D, F
Question 14.
In an 802.11b PLCP header, what does the 16-bit length field indicate?
A. The size in octets of the MPDU being transferred in the PPDU
B. The length of time in kilo microseconds it will take to transmit the PSDU
C. The length of time in microseconds it will take to transmit the MPDU
D. The size in bits of the entire PPDU frame
Answer: C
Question 15.
Which of the following must be true before an 802.11 station may transmit a frame on the RF medium using DCF mode?
A. The Network Allocation Vector must be equal to zero.
B. A time period of at least PIFS must have passed.
C. The station must have received a PS-Poll frame from the access point.
D. The Back off Timer must be equal to zero.
E. A time period of at least DIFS must have passed.
F. All collision arbitration must be completed on the RF medium.
Answer: A, D, E
|
Question 1.
In an effort to optimize WLAN performance ABC Company has already upgraded their infrastructure from 802 11b/gto802 11n. ABC has always been highly security conscious but they are concerned with security threats introduced by incompatibilities between 802.11n and 802.11a/g in the past. ABC has performed manual and automated scans with products that were originally designed for use in 802 11a/g networks. Including laptop-based spectrum and protocol analyzers as well as an overlay 802 11a/g WIPS solution. ABC has sought your input to understand and respond to potential security threats.
In ABC’s network environment, what type of devices would be capable of identifying rouge APs that use HT Greenfield 40 MHZ channels? (Choose 3)
A. 802.11n WPS sensor with a single 2x2 radio
B. The company’s current laptop-based protocol analysis tools
C. WIPS solution that is integrated in the company’s AP infrastructure
D. The company’s current overlay WIPS solution
E. The company’s current laptop-based spectrum analysis tools
Answer: A, B, C
Explanation:
HT Greenfield The Greenfield PHY header is not backward compatible with legacy 802.11a/g radios and can only be interpreted by 802.11n HT radios 0470438916.pdf,Page 410
Laptop Analyzer automatically identifies hundreds of performance problems, such as 11b/g conflicts, 802.11e problems, and QoS, as well as dozens of wireless intrusions and hacking strategies, including Rogue devices. With the Laptop Analyzer, users can classify and decode Non-HT (legacy), HT mixed format and HT greenfield format traffic and identify backward compatibility issues with legacy 802.11a/b/g devices operating in the same environment.
http://www.njbo.net/tools/Laptop%20Analyzer%20-
%20WLAN%20Monitoring%20and%20Troubleshooting%20Tool%20-%20AirMagnet.htm
The HT Greenfi eld PHY header cannot be detected by a WIPS that is using legacy 802.11a/g sensors. The solution to this problem is to upgrade the WIPS with new sensors that also have 802.11n HT radios. (the company has already upgraded to 802.11n so C is correct)
0470438916.pdf,Page 411
Question 2.
Given: A new Access point is connected to an authorized network segment and is detected wirelessly by a WIPS.
By what method does the WIPS apply a security classification to newly discovered AP?
A. According to the location service profile
B. According to the SNMP MIB table
C. According to the RADIUS rectum attribute
D. According to the site survey template
E. According to the default security policy
Answer: B
Explanation:
http://webcache.googleusercontent.com/search?q=cache:Exehyw9ijwJ:
www.nhbook.com/exam/PW0-
200.pdf+A+new+Access+point+is+connected+to+an+authorized+network+segment+and+is+detected+wirelessly+by+a+WIPS.+WIPS+uses+location+service+profile&cd=9&hl=en&ct=clnk&gl=in&source=www.google.co.in
Question 3.
What elements should be addressed by a WLAN security policy? (Choose 2)
A. Verification that administrative passwords are unique to each infrastructure device
B. Enabling encryption to prevent MAC addresses from being sent in clear text
C. Security policy details should be safeguarded from non IT employees to prevent vulnerability
exposure
D. End user training for password selection and acceptable network use
E. Social engineering recognition and mitigation technique.
Answer: D, E
Explanation:
A proper password security policy for wireless access should be ensured, and the baseline for secure password and secret key selection should be enforced. As part of a more general corporate security policy, users should be informed about social engineering attacks and not disclosing information about the network to potential attackers.
http://e-articles.info/e/a/title/Wireless-Security-Policy/
Question 4.
Role-based access control (RBAC) allows a WLAN administrator to perform that network function?
A. Allows access to specific files and applications based on the user’s WMM AC.
B. Provide admission control to VoWiFi clients on selected access points.
C. Allows one user group to access an internet gateway while denying internet access gateway to
another group
D. Provide differing levels of management access to a WLAN controller based on the user
account.
E. Allow simultaneous support of multiple EAP types on a single Access point.
Answer: D
Explanation:
http://dnscoinc.com/bradfordidentity.pdf
Question 5.
The following numbered items show the contents of the four frames exchanged during the 4-way handshake. Arrange the frames in the correct sequence beginning with the start of the 4-way handshake
A. 3, 4, 1, 2
B. 2, 3, 4, 1
C. 1, 2, 3, 4
D. 4, 3, 1, 2
Answer: A
Explanation:
0470438916.pdf,Page199
Question 6.
What 802 11 WLAN security problem is addressed by 802.1X/EAP mutual authentication.
A. Disassociation attacks
B. Weak initialization vectors
C. Offline dictionary attacks
D. Weak password policies
E. MAC spoofing
F. Wireless hijacking attacks
Answer: F
Explanation:
The only way to prevent a wireless hijacking, man-in-the-middle, and/or Wi-Fi phishing attack is to use a mutual authentication solution.802.1X/EAP authentication solutions require that mutual authentication credentials be exchanged before a user can be authorized.
Page 319
Question 7.
What disadvantage does EAP-TLS have when compared with PEAPvO EAP/MSCHAPv2 as an 802. 11 WLAN security solution?
A. EAP-TLS requires a PKI to create X509 certificates for both the server and client, which
increases administrative overhead.
B. EAP-TLS does not use SSL to establish a secure tunnel for internal EAP authentication.
C. Fast/secure roaming in an 802 11 RSN is significantly longer when EAP-TLS is use.
D. EAP-TLS does not protect the client’s username and password in side an encrypted tunnel.
E. Though more secure EAP-TLS is not widely supported by wireless infrastructure or client
vendors.
F. Initially mobility authentication with EAP-TLS is significantly longer due to X509 certificate
verification.
Answer: A
Explanation:
EAP - TLS requires the use of client - side certifi cates in addition to a server certifi cate.The biggest factor when deciding to implement EAP - TLS is whether an enterprise PKI infrastructure is already in place. This would usually, and optimally, include separate servers in a high - availability server cluster.
0470438916.pdf
Page 151
Question 8.
Exhibit
Given: The illustration shows a WLAN protocol analyzer decoding an 802.11 beacon frame.
What statement about the access points BSS is true and can be confirmed with this illustration?
A. This is a TSN and stations may use only the TKIP chiper suit.
B. The BSS’s group key chiper will be rotated by the access point after two more beacon frames.
C. The BSS supports both CCMP and TKIP chiper suit simultaneously.
D. There is currently one wireless client associated with the AP using TKIP chiper suit within the
BSS.
E. The BSS is an RSN, but the only chiper suit supported in BSS is TKIP.
Answer: E
Explanation:
Page 186-187-0470438916.pdf
Question 9.
Given:You manage a wireless network that services 200 wireless users. Your facility requires 20 access points and you have installed an IEEE 802.1X LEAP with AES CCMP as an authentication and encryption solution.
In this configuration the wireless network is initially susceptible to what type of attacks? (Choose 2)
A. Eavesdropping
B. Offline dictionary
C. Layer 1 DoS
D. Session hijacking
E. Man-in-the-middle
F. Layer 3 peer-to-peer
Answer: B, E
Explanation:
LEAP was developed by Cisco in 2001 as an improved version of Extensible Authentication Protocol-MD5 was and it was released as an IEEE 802.1X Extensible Authentication Protocol (EAP) authentication type LEAP transmits Challenge-Handshake Authentication Protocol (CHAP) negotiations in the open without the benefit of an encrypted tunnel. Thus, LEAP is prone to offline dictionary and brute force attacks
http://www.infinitel00p.com/library/wifisecHTML/WiFi.Security.htm
The systems protected by LEAP are still vulnerable to MITM attacks
http://it.toolbox.com/wiki/index.php/Man-in-the-Middle_Attack
Question 10.
Exhibit
Given: The network in this diagram implements an 802.1X/EAP-based wireless security solution.
What device functions as EAP authenticator?
A. Ethernet switch
B. Mobile device
C. LDAP server
D. Access point
E. WLAN controller
F. RADIUS server
Answer: E
Explanation:
supplicant is often the laptop or wireless handheld device trying to access the network. A device that blocks or allows traffic to pass through its port entity. Authentication traffic is normally allowed to pass through the authenticator, while all other traffic is blocked until the identity of the supplicant has been verified. The authenticator maintains two virtual ports: an uncontrolled port and a controlled port. The uncontrolled port allows EAP authentication traffic to pass through, while the controlled port blocks all other traffic until the supplicant has been authenticated. In a WLAN, the authenticator is usually either an AP or a WLAN controller.
The authenticator plays the role of the intermediary, passing messages between the Supplicant and the authentication server. In the centralized WLAN architecture, autonomous APs have been replaced with controller - based access points also known as thin APs. A controller - based AP has minimal intelligence, and functionally is just a radio card and an antenna. All the intelligence resides in a centralized WLAN controller, and all the AP configuration settings, such as channel and power, are distributed to the controller - based APs from the WLAN controller and stored in the RAM of the controller -based AP. In this fig WLAN Controller is used with thin AP therefore the authenticator is WLAN Controller
0470438916.pdf Page 110- 116
Page 460
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.