CWNP Wireless LAN Certifications PW0-204 easy pass guidance: Preparing for CWNP CWNP Wireless LAN Certifications PW0-204 exam is really a tough task to achieve. However, CertBus provides the most comprehensive PDF and VCEs, covering each knowledge points required in the actual PW0-204 exam.
We CertBus has our own expert team. They selected and published the latest PW0-204 preparation materials from CWNP Official Exam-Center: http://www.certgod.com/PW0-204.html
QUESTION NO:18
Company’s 500 employees use ABC’s dual band HT 802.11 WLAN extensively general data
traffic, VoWiFi, and guest access internet-only data. Size and network applications, what solution
effects common and recommended security practices for this type of network?
A. His high security requirements, support EAT-TLS for corporate data and VoWiFi, require WPA
or WPA2-personal as well as MAC address filtering for all guest solutions. Segment each data
type using a separate data type SSID, frequently band, and VLAN.
B. WPA2-Personalfor corporate data and VoWiFi application with a long passphrase. For guest
access, implementation open authentication. Configure two and VLAN-one for corporate access
and one for guest access-and support WMM on the corporate network. For ease-of-use and net
work discovery hide the corporate broad cast to the guest SSID.
C. PEAPvO/EAP-MSCHAPv2 for corporate data end VoWiFi, use open authentication with captive
portal on the guest network. If the VoWiFi phones can not support, use WPA2-personal with a
string passphrase. Segment the three types of traffic by using separate SSIDs and VLANs.
D. WPA2 enterprise for all types of network access. For added configuration simplicity,
authenticate all users from a single VLAN but apply filtering with IP ACLs by giving each user to
group using RADIUS group attributes. Configure the IPACLs so that each group can only access
the necessary resources.
Answer: B
Explanation:
A common strategy, even with newer WLAN controller technology, is to create a
guest, voice, and data VLAN. The SSID mapped to the guest VLAN will have limited
or no security, and all users are restricted away from network resources and routed off to an
Internet gateway. The SSID mapped to the voice VLAN might be using a security solution
such a WPA2 – Personal, and the VoWiFi client phones are routed to a VoIP server that
provides proprietary QoS services through the VLAN. The SSID mapped to the data VLAN
uses a stronger security solution such as WPA2 – Enterprise, and the data users are
allowed full access to network resources once authenticated.
QUESTION NO:13
You own a coffee shop and have recently installed a 802.11g wireless hot spot for the benefit of
your customers. For legal reasons you want to minimize your network and avoid liability related to
the operations of hot spots.
What option specifies the best approach to achieve this goal at your public hotspot?
A. Allow only trusted patrons to use the WLAN
B. Use a WIPS to deauthenticate the malicious stations
C. Require clients STAs to have updated firewall and antivirus software
D. Disable the WLAN during non business hours
E. Use the captive portal to force users to agree to an acceptable use disclaimer
F. Configure WPA2-personal security on your access point
G. Block TCP port 25out bound on the internet router
Answer: E
Explanation:
The benefi t of a captive portal over an open SSID is that most networks with captive
portals have an acceptable use policy. When the user connects to the captive portal, the
acceptable use policy or a link to it is usually displayed on the captive portal page, along
with a statement such as “ Logging in as a registered user indicates that you have read
andaccepted the Acceptable Use Policy. ” This disclaimer, along with the acceptable use
policy,may provide the organization with some legal protection if the user did something
illegalwhile connected to the network. This disclaimer can also give the organization the right
todisconnect the user from the network if they violate the rules of the acceptable use policy.
QUESTION NO:20
After completing the installation of new overlay WIPS, what baseline function MUST be
performed?
A. Approved 802.1X/EAP methods need to be selected and confirmed.
B. Configure specifications for upstream and down stream throughout thresholds.
C. Classify the authorized, neighbor, and rogue WLAN devices.
D. Configure profiles for operation among different regularity domains.
Answer: C
Explanation: Most WIDS/WIPS vendors categorize access points and client stations in four or
more
classifi cations. Wi – Fi vendors may have different names for the various classifi cations, but
most solutions classify 802.11 radios as follows:
Authorized Device, Unauthorized Device, Neighbor Device, Rogue Device Many
WIDS/WIPS solutions also have the ability to conductauto – classifi cation. As shown in
Figure 10.12, WLAN devices can be automatically added to any classifi cation
based on a variety of variables, including authentication method, encryption method, SSID,
IP addresses, and so on. Auto – classifi cation capabilities should be used carefully to ensure
that only proper devices are classifi ed as authorized.
QUESTION NO:17
What statement accurately describes the functions of the IEEE 802.1X standard?
A. Port-based access control with support for EAP authentication and AES-CCMP encryption only
B. Port-based access control with encryption key management and distribution
C. Port-based access control with support for authenticated-user VLANs only D.
Port-based access control with 802.3 and 802.11 LANs
E. Port-based access control with permission for three frame types: EAP, DHCP, DNS.
Answer: A
Explanation: the 802.1X standard is a port –
based access control standard.A Layer 2 authentication protocol
called Extensible Authentication Protocol (EAP) is used within the 802.1X framework
to validate users at Layer 2.The 802.11 – 2007 standard also requires the use of
strong, dynamic encryption – key generation methods. CCMP/AES encryption is the
default encryption method, while TKIP/RC4 is an optional encryption method.
QUESTION NO:3
What elements should be addressed by a WLAN security policy? (Choose 2)
A. Verification that administrative passwords are unique to each infrastructure device
B. Enabling encryption to prevent MAC addresses from being sent in clear text
C. Security policy details should be safeguarded from non IT employees to prevent vulnerability
exposure
D. End user training for password selection and acceptable network use
E. Social engineering recognition and mitigation technique.
Answer: D,E
Explanation:
A proper password security policy for wireless access should be ensured, and the baseline for
secure password and secret key selection should be enforced.
As part of a more general corporate security policy, users should be informed about social
engineering attacks and not disclosing information about the network to potential attackers.
http://e-articles.info/e/a/title/Wireless-Security-Policy/
QUESTION NO:5
The following numbered items show the contents of the four frames exchanged during the 4-way
handshake.
Arrange the frames in the correct sequence beginning with the start of the 4-way handshake
A. 3, 4, 1, 2
B. 2, 3, 4, 1
C. 1, 2, 3, 4
D. 4, 3, 1, 2
Answer: A
QUESTION NO:2
Given:A new Access point is connected to an authorized network segment and is detected
wirelessly by a WIPS.
By what method does the WIPS apply a security classification to newly discovered AP?
A. According to the location service profile
B. According to the SNMP MIB table
C. According to the RADIUS rectum attribute
D. According to the site survey template
E. According to the default security policy
Answer: B
Explanation: http://webcache.googleusercontent.com/search?q=cache:E-
xehyw9ijwJ:www.nhbook.com/exam/PW0-
200.pdf A new Access point is connected to an authorized network segment and is detec
ted wirelessly by a WIPS. WIPS uses location service profileandcd=9andhl=enandct=clnkandgl=inands
ource=www.google.co.in
QUESTION NO:11
What one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in
802.11WLAN?
A. EAP-TTLS does not require the use of PKI.
B. EAP-TTLS does not require an authenticator server.
C. EAP-TTLS sends encrypted supplicant credentials to the authentication server.
D. EAP-TTLS supports mutual authentication between supplicants and authentication servers.
E. EAP-TTLS supports smartcard clients.
Answer: A
Explanation:
EAP-Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extendsTLS. It is
widely supported across platforms; although there is no native OS support for this EAP protocol in
Microsoft Windows, it requires the installation of small extra programs such as SecureW2. EAP-
TTLS offers very good security. The client can but does not have to be authenticated via a CA-
signed PKI certificate to the server. This greatly simplifies the setup procedure, as a certificate
does not need to be installed on every client.
http://www.ucertify.com/article/what-is-eap-ttls.html
QUESTION NO:15
Given: ABC company is developing an IEEE 802.11 complaint wireless security solution using
802.1X/EAP authentication. According to company policy the security should prevent an
eavesdropper from decrypting data frames traversing a wireless connection.What security solution
features play a role in adhering to this policy requirement? (Choose 2)
A. Group temporal key
B. Message integrity check (MIC)
C. Multi-factor authentication
D. Encrypted passphrase
E. Integrity check value
F. 4-Way handshake
Answer: A,F
QUESTION NO:7
What disadvantage does EAP-TLS have when compared with PEAPvO EAP/MSCHAPv2 as an
802. 11 WLAN security solution?
A. EAP-TLS requires a PKI to create X509 certificates for both the server and client, which
increases administrative overhead.
B. EAP-TLS does not use SSL to establish a secure tunnel for internal EAP authentication.
C. Fast/secure roaming in an 802 11 RSN is significantly longer when EAP-TLS is use.
D. EAP-TLS does not protect the client’s username and password in side an encrypted tunnel.
E. Though more secure EAP-TLS is not widely supported by wireless infrastructure or client
vendors.
F. Initially mobility authentication with EAP-TLS is significantly longer due to X509 certificate
verification.
Answer: A
Explanation: EAP – TLS requires the use of client – side certifi cates in addition to a server certifi
cate.The biggest factor when deciding to implement EAP – TLS is whether an enterprise PKI
infrastructure is already in place. This would usually, and optimally, include
separate servers in a high – availability server cluster.
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the PW0-204 exam successfully with our CWNP materials. CertBus Certified Wireless Security Professional (CWSP) exam PDF and VCE are the latest and most accurate. We have the best CWNP in our team to make sure CertBus Certified Wireless Security Professional (CWSP) exam questions and answers are the most valid. CertBus exam Certified Wireless Security Professional (CWSP) exam dumps will help you to be the CWNP specialist, clear your PW0-204 exam and get the final success.
PW0-204 Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mdmtNVk1QTWhUYzg/view?usp=sharing
PW0-204 CWNP exam dumps (100% Pass Guaranteed) from CertBus: http://www.certgod.com/PW0-204.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certgod.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.