合格目指せCWSP-206試験最新のCWSP-206試験問題集PDF 2023年更新 [Q38-Q55]

合格目指せCWSP-206試験最新のCWSP-206試験問題集PDF 2023年更新

CWSP-206試験問題集、365日更新無料サンプル

質問 # 38
As the primary security engineer for a large corporate network, you have been asked to author a new securitypolicy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods. When writing the 802.11 security policy, what password-related items should be addressed?

• A. MS-CHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.
• B. EAP-TLS must be implemented in such scenarios.
• C. Certificates should always be recommended instead of passwords for 802.11 client authentication.
• D. Password complexity should be maximized so that weak WEP IV attacks are prevented.
• E. Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

正解：E

質問 # 39
ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations. As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication?

• A. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.
• B. MS-CHAPv2 uses AES authentication, and is therefore secure.
• C. LEAP's use of MS-CHAPv2 is only secure when combined with WEP.
• D. MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.
• E. When implemented with AES-CCMP encryption, MS-CHAPv2 is very secure.

正解：A

解説：
Explanation/Reference:

質問 # 40
Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

• A. Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.
• B. Allow access tospecific files and applications based on the user's WMM access category.
• C. Provide two or more user groups connected to the same SSID with different levels of network privileges.
• D. Allow simultaneous support for multiple EAP types on a single access point.

正解：C

質問 # 41
You work as a network administrator for Web Perfect Inc. You configure both WPA and EAP authentications on a client computer in the company's wireless network.
Where will the encryption key be located during the active user session? Each correct answer represents a part of the solution. Choose two.

• A. On the AP
• B. On the client
• C. Shared with all clients in the network
• D. On the controller

正解：A、B

質問 # 42
During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text. From a security perspective, why is this significant?

• A. The username is an input to the LEAPchallenge/response hash that is exploited, so the username must be known to conduct authentication cracking.
• B. The username can be looked up in a dictionary file that lists common username/password combinations.
• C. The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.
• D. 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.

正解：A

質問 # 43
Which of the following is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for computers to connect and use a network service?

• A. RADIUS
• B. IPSec
• C. HTTP
• D. SSL

正解：A

質問 # 44
Which of the following encryption methods uses AES technology?

• A. TKIP
• B. CCMP
• C. Static WEP
• D. Dynamic WEP

正解：B

質問 # 45
Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM.
What device functions as the 802.1X/ EAP Authenticator?

• A. RADIUS server
• B. WLAN Controller/AP
• C. MacBook Pro
• D. SRV21

正解：B

質問 # 46
Which of the following is a passive device that cannot be detected by a wireless intrusion detection system (WIDS)?

• A. MAC spoofing
• B. Rogue access point
• C. Protocol analyzer
• D. Spectrum analyzer

正解：C

質問 # 47
A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, thecompany is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication. For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

• A. WPA2-Enterprise authentication/encryption
• B. 802.1Q VLAN trunking
• C. SNMPv3 support
• D. WIPS support and integration
• E. Internal RADIUS server

正解：E

質問 # 48
In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce?

• A. They are input values used in the derivation of the Pairwise Transient Key.
• B. The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).
• C. They are added together and used as the GMK, fromwhich the GTK is derived.
• D. They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.

正解：A

質問 # 49
You are setting up small offices for a major insurance carrier. The company policy states that all wireless configurations must fully implement the 802.11i standard. Based on this requirement, which encryption algorithm should you implement?

• A. WPA
• B. WPA2
• C. WEP
• D. PKI

正解：B

質問 # 50
You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet.
What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)

• A. Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.
• B. Use internal antennas.
• C. Power the APs using PoE.
• D. Use external antennas.

正解：A

質問 # 51
In order to acquire credentials of a valid user on a public hotspot network, what attacks may be conducted? Choose the single completely correct answer.

• A. RF DoS and/or physical theft
• B. Authentication cracking and/or RF DoS
• C. Social engineering and/or eavesdropping
• D. MAC denial of service and/or physical theft
• E. Code injection and/or XSS

正解：C

質問 # 52
What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

• A. Group Cipher Suite
• B. Pairwise Cipher Suite List
• C. AKM Suite List
• D. RSN Capabilities

正解：C

質問 # 53
Which of the following keys is derived by Pairwise Master Key (PMK)?

• A. Private Key
• B. Group Temporal Key
• C. Public Key
• D. Pairwise Transient Key

正解：D

質問 # 54
AWLAN consultant has just finished installing a WLAN controller with 15 controller-based APs. Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:
The consultant's computer can successfully authenticate and browse the Internet when using the Blue SSID.
The same computer cannot authenticate when using the Red SSID. What is a possible cause of the problem?

• A. The consultant does not have a valid Kerberos ID on the Blue VLAN.
• B. The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.
• C. The Red VLAN does not use server certificate, but the client requires one.
• D. The TKIP cipher suite is not a valid option for PEAPv0 authentication.

正解：B

質問 # 55
......

CWSP-206問題集、あなたを合格させる認証試験：https://www.jpntest.com/shiken/CWSP-206-mondaishu