|
Question 1.
Company.com has an 802.11b/g mixed mode deployment, and they are currently experiencing random throughput problems around the entire network. When the network was originally installed, there were both 802.11b and 802.11g stations on the network, but throughput levels were acceptable at any given time. To troubleshoot this issue, you have deployed a distributed wireless protocol analyzer, and it has noted a significantly greater percentage of 1 Mbps Data traffic being sent in random places across the network as compared with the initial baseline testing.
When the network was installed, you considered only a minimal amount of 1 Mbps Data traffic acceptable.
What could be causing this problem, and how would the analyzer know about the 1 Mbps traffic?
A. Due to changes in the office environment, some client stations are moving further away from
the access points than when the baseline tests were performed. The analyzer views the
SIGNAL field in the PLCP header to see the frames transmission rates.
B. A wireless network management system has updated all access points to allow only use of the
long slot time. The analyzer views the SERVICE field in the PLCP header to see the
frames? Transmission rates
C. A new 802.11g station has a minimum transmission rate set at 1 Mbps. The analyzer views the
Start Frame Delimiter (SFD) field in the PLCP header to see the frames? Transmission rates
D. An access point configured for 802.11b/g mixed mode has been reconfigured to send
downstream traffic in a round-robin fashion when protection is enabled. The analyzer views
the length of the preamble to determine the transmission rate of associated stations.
Answer: A
Question 2.
In compliance with the 802.11g standard, access points may provide which services to increase overall network performance in an OFDM-only environment?
A. Short PLCP Preamble support
B. Short Slot Time
C. Fast Sleep Recovery
D. Downstream QoS
E. Arbitrary Beacon Spacing
Answer: B
Question 3.
Which of these is a key deliverable in the design phase?
A. Business Requirements Document, Preliminary Discovery Document, Technology
Requirements Document, Financial Analysis and Business Case
B. As-Built Solution Binder, Operations Support Plan Report, Change Management Status Report
C. Escalation Plan, Communications Plan, Staff Training Plan
D. Low Level Design, Staging Plan, Operations Plan, Migration Plan
E. WLAN Site Readiness Assessment Report, Voice over WLAN Assessment Report, Operations
Readiness Assessment Report
Answer: D
Question 4.
Given one screenshot of a fragment burst and another screenshot of one of the data frames decoded, determine which statements are true.
Exhibit:
A. The RTS/CTS threshold value on the transmitter is set to 500 bytes.
B. The frame decode shown is of the second fragment in the sequence.
C. The duration value of 508 uses is exactly enough to reserve the medium on behalf of the SIFS
and ACK to follow this fragment
D. The transmitter of this frame is allowed to change its power management mode to Active
E. This fragment is a retransmission.
F. The sequence number of 169 shown in the decode is unique to the communication between
the transmitting station and the access point.
Answer: D, F
Question 5.
The 802.11 series of standards calls for use of a Traffic Indication Map (TIM) and a Delivery Traffic Indication Message (DTIM).
Which of the following is true regarding the TIM and DTIM in an infrastructure BSS?
A. The TIM is a field in the Beacon Management frame that holds a map of every client station
associated to an access point. It is used for broadcast traffic delivery.
B. The TIM and DTIM are both part of the Beacon management frame and are both sent in every
Beacon for the purpose of announcing the modulation type and supported rate set of the
access point.
C. The DTIM parameters are part of each Beacon's TIM Information Element, and they are used
to indicate queued broadcast/multicast data to client stations using power management
features in the BSS.
D. The DTIM is used in 802.11a and 802.11g Beacons whereas the TIM is used only in 802.11b
Beacons. The DTIM purpose is to allow for higher rates of Beacon broadcasting and thus raise
overall data rates in OFDM based systems.
E. A DTIM period of 0 means that every TIM is a DTIM.
F. The first Beacon sent during a CFP must contain a DTIM
Answer: C, F
Question 6.
Which of these functions specifically relate to 802.11b/g mixed mode operation when both 802.11b and 802.11g client stations are active on the network?
A. CTS-to-Self frames
B. PS-Polling frames
C. Null Function Data frames
D. Fragmentation Thresholds
E. CF-End frames
Answer: A
Question 7.
What are the primary mechanisms used by an 802.11 BSS during a contention-free period to cause stations that are not the Point Coordinator to defer?
A. CF Parameter Set elements in the Beacons
B. The Pseudorandom Back off Timer in each station
C. Point Coordination Function Inter frame Space (PIFS)
D. Null Function data frames using SIFS
E. Contention-Free Polling List broadcasts
F. All frames transmitted during the CFP have a Duration field value of 32,768
Answer: A, C
Question 8.
This screenshot displays a frame capture of a single PING Request and PING Reply communication between two wireless client stations across a Wireless Distribution System (WDS).
Which packet numbers have both the From DS and ToDS bits set to 1?
Exhibit:
A. 1
B. 3
C. 5
D. 7
E. 9
F. 11
Answer: B, E
Question 9.
Many of the newest enterprise-class access points and wireless LAN switches support 802.1Q VLAN tagging.
When analyzing a wireless LAN network using 802.1Q tagging, where can the VLAN tag number be seen?
A. In the Sequence Control field of the MSDU
B. In the PLCP header Service field
C. In the Frame Control field of the MPDU header
D. In the Ethernet header on the wired port of the access point
E. In the Beacon Management frame Capabilities fixed field
Answer: D
Question 10.
Given the displayed wireless protocol analyzer trace, which of the following is true?
Exhibit:
A. 00:40:96:A1:9A:F9 is a client station performing a successful 802.1X/EAP re-authentication.
B. 00:0D:ED:A5:4F:70 is a client station sending unicast data frames to a network node on the
wired LAN.
C. Both 00:40:96:A1:9A:F9 and 00:0D:ED:A5:4F:70 are operating in Ad Hoc mode using WPA
compliant 802.1X/EAP authentication.
D. FF:FF:FF:FF:FF:FF is the access point, and data encrypted with static WEP is being sent from
a wired station to the wireless station 00:40:96:A1:9A:F9.
E. 00:40:96:A1:9A:F9 is a station sending encrypted broadcast data using an encryption key
generated by the authenticator.
Answer: E
Question 11.
Given the 802.11 frame decode shown, which of the following statements are true.
Exhibit:
A. The frame in the decode is an MMPDU.
B. The frame is a layer 2 broadcast.
C. The frame is the last fragment in a sequence of 3 fragments.
D. The MSDU was successfully encrypted with WEP
E. The 44 ec duration value is sufficient to cover the SIFS and ACK to follow
Answer: D, E
Question 12.
In order to get a visual representation of conversations happening across a wireless LAN, a Peer Map like the one shown can be used. Which of the following is true of most peer maps?
Exhibit:
A. Peer maps can be configured to display MAC layer or Network layer addressing.
B. Peer maps can be used to display the security mechanisms used between each pair of
network nodes.
C. Peer maps can show how much data is traversing a peer connection relative to other
connections.
D. Peer maps can be configured to show relative amounts of movement across a wireless LAN.
E. Peer maps can be used to identify modulation for each peer connection.
F. Peer maps can be used to quickly identify access points in a wireless LAN by using protocol
filters.
Answer: A, C, F
Question 13.
Which three service components are included in the optimize phase for WLAN? (Choose three.)
A. Security Administration
B. Change Management
C. Technology Assessment
D. Operations Assessment
E. Operations Readiness Assessment
F. Security Assessment
Answer: C, D, F
Question 14.
In an 802.11b PLCP header, what does the 16-bit length field indicate?
A. The size in octets of the MPDU being transferred in the PPDU
B. The length of time in kilo microseconds it will take to transmit the PSDU
C. The length of time in microseconds it will take to transmit the MPDU
D. The size in bits of the entire PPDU frame
Answer: C
Question 15.
Which of the following must be true before an 802.11 station may transmit a frame on the RF medium using DCF mode?
A. The Network Allocation Vector must be equal to zero.
B. A time period of at least PIFS must have passed.
C. The station must have received a PS-Poll frame from the access point.
D. The Back off Timer must be equal to zero.
E. A time period of at least DIFS must have passed.
F. All collision arbitration must be completed on the RF medium.
Answer: A, D, E
Question 16.
What is an advantage of being able to fragment MSDUs and MMPDUs on a wireless network?
A. Increased throughput in a clean RF environment
B. Increased throughput due to interference from other 802.11 stations.
C. Increased throughput in an 802.11b/g mixed mode environment.
D. Decreased retransmission overhead in a noisy RF environment.
E. Decreased translation time between 802.3 and 802.11 networks at the access point.
F. Decreased number of 802.11 control and management frames required for transmission.
Answer: D
Question 17.
How long, in microseconds, is the Slot Time mandated for use in the BSS by an 802.11g access point when both 802.11b and 802.11g client stations are associated to it?
A. 2 us
B. 5 us
C. 9 us
D. 10 us
E. 20 us
Answer: E
|
Question 1.
What are three primary common goals of a corporate/network security policy?
A. Authentication, Authorization and Accounting (AAA)
B. Security, Productivity and Adaptability (SPA)
C. Confidentiality, Integrity and Availability (CIA)
D. Authentication, Encryption and Compression (AEC)
Answer: C
Question 2.
Which of the following must an IDS administrator consider when deploying Dragon in accordance with a corporate security policy?
A. Must understand the purpose and scope of each aspect of the overall security policy
B. Must understand the security goals of each product in the organization (i.e., operating
systems, routers, firewalls, NIDS, HIDS, VPN gateways)
C. Must understand the detailed configurations on each router within the security domain
D. Must understand how the security policy impacts the I.T. budget
Answer: A, B
Question 3.
What functions can Dragon accomplish as related to a corporate/network security policy?
A. Dragon agents can gather information about network security compromises and automatically
produce corporate/network security policy documents
B. Dragon agents can detect and log security policy deviations
C. Dragon agents can assist with security policy enforcement via Active Responses
D. Dragon can evaluate a corporate/network policy to determine if it is complete and effective
Answer: B, C
Question 4.
Which vulnerability scanner and report format is required for use with the Dragon VCT?
A. MySQL; .msq formatted output
B. Nessis; .nfr formatted output
C. Nessus; .nes formatted output
D. Nessus; .nsr formatted output
E. NMAP; .nmp formatted output
Answer: D
Question 5.
Which of the following is NOT a recommended means of vulnerability response using Dragon?
A. Use the Dragon NMAP PERL scripts to tune the dragon.net file
B. Deploy Dragon Deceptive Services (Honeypot)
C. Deploy Dragon Vulnerability Correlation Tool
D. Enable SSL and AES on the Network Sensor to DPM communication channel
E. Correlate Dragon forensics reports with vulnerability scanner output, and create new
signatures as necessary
Answer: D
Question 6.
Which of the following best describes the function of CVE?
A. A database of known attacks that can be loaded into an IDS or similar system
B. A database of numerically cross-referenced IDS events that can help any IDS to correlate
detected attacks
C. A dictionary of standardized names for vulnerabilities and other information security exposures
D. All of the above
Answer: C
Question 7.
Which of the following is NOT a function of a network vulnerability scanner?
A. Monitors health of software applications
B. Output is critical in helping an IDS administrator know the state of the network
C. Catalogs vulnerabilities
D. Shuts down vulnerable TCP/UPD ports to prevent intrusion
Answer: D
Question 8.
Which of the following CONSUME event data from the Dragon Ring Buffer?
A. Alarmtool agent
B. Replication agent
C. Connection Manager
D. Consumer Agent
Answer: A, B
Question 9.
Which of the following best describes the Host Sensor Event Detection Engine (EDE)?
A. Scrutinizes events, either altering the contents of the event or discarding it
B. Generates alerts or guarantees delivery of events to destinations
C. Analyzes events and produces categorized event forensics reports
D. Detects an event and forwards it to the Host Sensor framework for processing
Answer: D
Question 10.
Which of the following best describe some scalability features of the Dragon Event Flow Processor (EFP)?
A. Consolidates events from multiple Dragon Policy Managers into one stream
B. Aggregated events from an EFP can be forwarded to other EFPs in a hierarchy
C. An EFP cannot simultaneously support Dragon Realtime Console, Forensics Console and
Alarmtool
D. EFPs can be secured by a firewall and configured to initiate Sensor connections from inside
the firewall
Answer: B, D
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.