2024年最新の検証済みCWSP-206問題と解答で合格保証 もしくは全額返金 [Q22-Q45]

2024年最新のの検証済みCWSP-206問題と解答で合格保証 もしくは全額返金

[2024年01月]更新のCWSP-206認証と実際の解答はここにあるJPNTest

質問 # 22
A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs.
Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:
1. SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP
cipher suite
2. SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher
suite
The consultant's computer can successfully authenticate and browse the Internet when using the Blue SSID. The same computer cannot authenticate when using the Red SSID. What is a possible cause of the problem?

• A. The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.
• B. The Red VLAN does not use server certificate, but the client requires one.
• C. The consultant does not have a valid Kerberos ID on the Blue VLAN.
• D. The TKIP cipher suite is not a valid option for PEAPv0 authentication.

正解：A

質問 # 23
What software and hardware tools are used in the processperformed to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network?

• A. RF jamming device and a wireless radio card
• B. A wireless workgroup bridge and a protocol analyzer
• C. MAC spoofing software and MAC DoS software
• D. A low-gain patch antenna and terminal emulation software

正解：A

質問 # 24
After completing the installation of a new overlay WIPS for the purpose of roguedetection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify the security threats?

• A. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.
• B. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements arebeing met.
• C. Authorized PEAP usernames must be added to the WIPS server's user database.
• D. Separate security profiles must be defined for network operation in different regulatory domains.

正解：A

質問 # 25
Which of the following is a wireless device that is created to allow a cracker to conduct a man-in- the-middle attack?

• A. Lightweight Access Point
• B. Rogue access point
• C. WLAN controller
• D. Protocol analyzer

正解：B

質問 # 26
What attack cannot be detected by a Wireless Intrusion Prevention System (WIPS)?

• A. MAC Spoofing
• B. Hotspotter
• C. Soft AP
• D. EAP flood
• E. Deauthentication flood
• F. Eavesdropping

正解：F

質問 # 27
Which of the following types of filtering allows or restricts the flow of specific types of packets to provide security?

• A. MAC address filtering
• B. Ingress filtering
• C. Packet filtering
• D. Route filtering

正解：C

質問 # 28
ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States.
802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources. What security best practices should be followed in this deployment scenario?

• A. Remote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.
• B. APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.
• C. An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.
• D. RADIUS services should be provided at branch offices so that authentication server and suppliant credentials are not sent over the Internet.

正解：C

質問 # 29
Which of the following is an intermediate network similar to RSN that supports legacy security such as WEP within the same BSS?

• A. WPA2
• B. WPA
• C. VPN
• D. TSN

正解：D

質問 # 30
Which of the following encryption methods uses AES technology?

• A. Dynamic WEP
• B. CCMP
• C. TKIP
• D. Static WEP

正解：B

質問 # 31
Which of the following is a type of malware that is secretly installed on the user's personal computer and collects users' information without their knowledge?

• A. Adware
• B. Worm
• C. Virus
• D. Spyware

正解：D

質問 # 32
ABC Company has recently installed a WLAN controller and configured it to support WPA2-Enterprise security. The administrator has configured a security profile on the WLAN controller for each groupwithin the company (Marketing, Sales, and Engineering). How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

• A. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.
• B. The RADIUS server sends the list of authenticated users and groups to the WLAN controller as part of a
  4-Way Handshake prior to user authentication.
• C. The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.
• D. The RADIUS server forwards the request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.

正解：A

質問 # 33
Which of the following are the layers of physical security? Each correct answer represents a complete solution. Choose all that apply.

• A. Procedural access control
• B. Environmental design
• C. Intrusion detection system
• D. Video monitor

正解：A、B、C

質問 # 34
Yousupport a coffee shop and have recently installed a free 802.11ac wireless hotspot for the benefit of your customers. You want to minimize legal risk in the event that the hotspot is used for illegal Internet activity.
What option specifies the best approach to minimize legal risk at this public hotspot while maintaining an open venue for customer Internet access?

• A. Implement a captive portal with an acceptable use disclaimer.
• B. Allow only trusted patrons to use the WLAN.
• C. Block TCP port 25 and 80 outbound on the Internet router.
• D. Use a WIPS to monitor all traffic and deauthenticate malicious stations.
• E. Require client STAs to have updated firewall and antivirus software.
• F. Configure WPA2-Enterprise security on the access point.

正解：A

質問 # 35
ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication. How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2-Enterprise WLAN security solution?

• A. Implement a RADIUS server and query user authentication requests through the LDAP server.
• B. Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.
• C. Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAPserver.
• D. Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.

正解：A

質問 # 36
A large enterprise is designing a secure, scalable, and manageable 802.11n WLAN that will support thousands of users. The enterprise will support both 802.1X/EAP-TTLS and PEAPv0/MSCHAPv2. Currently, thecompany is upgrading network servers as well and will replace their existing Microsoft IAS implementation with Microsoft NPS, querying Active Directory for user authentication. For this organization, as they update their WLAN infrastructure, what WLAN controller feature will likely be least valuable?

• A. SNMPv3 support
• B. 802.1Q VLAN trunking
• C. WPA2-Enterprise authentication/encryption
• D. WIPS support and integration
• E. Internal RADIUS server

正解：E

質問 # 37
The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the
802.11 association procedure?

• A. Passphrase-to-PSK mapping
• B. Group Key Handshake
• C. 802.1X/ EAP authentication
• D. RADIUS shared secret lookup
• E. DHCP Discovery
• F. 4-Way Handshake

正解：C

質問 # 38
The IEEE 802.11 Pairwise Transient Key (PTK) is derived from what cryptographic element?

• A. Group Temporal Key (GTK)
• B. Group Master Key (GMK)
• C. Pairwise Master Key (PMK)
• D. Key Confirmation Key (KCK)
• E. Phase Shift Key (PSK)
• F. PeerKey (PK)

正解：C

質問 # 39
Which of the following protocols uses separate control and data connections between the client and server applications?

• A. FTP
• B. SMTP
• C. SCP
• D. HTTP

正解：A

質問 # 40
A networksecurity auditor is preparing to perform a comprehensive assessment of an 802.11ac network's security. What task should be performed at the beginning of the audit to maximize the auditor's ability to expose network vulnerabilities?

• A. Identify the manufacturer of the wireless intrusion preventionsystem.
• B. Identify the IP subnet information for each network segment.
• C. Identify the wireless security solution(s) currently in use.
• D. Identify the manufacturer of the wireless infrastructure hardware.
• E. Identify the skill level of the wireless network security administrator(s).

正解：C

質問 # 41
You need to set up a management system on your network.
Which of the following protocols will you use to manage your network?

• A. TCP
• B. IP
• C. HTTP
• D. SNMP

正解：D

質問 # 42
Which of the following attacks is used to obtain a user's authentication credentials?

• A. Brute force attack
• B. Phishing attack
• C. Bonk attack
• D. Teardrop attack

正解：A

質問 # 43
In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal. What statement about the WLAN security of this company is true?

• A. An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.
• B. An unauthorized WLAN user with a protocol analyzer can decode dataframes of authorized users if he captures the BSSID, client MAC address, and a user's 4-Way Handshake.
• C. Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.
• D. A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.
• E. Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.

正解：D

質問 # 44
In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce?

• A. They are input values used in the derivation of the Pairwise Transient Key.
• B. They are added together and used as the GMK, fromwhich the GTK is derived.
• C. The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).
• D. They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.

正解：A

質問 # 45
......

CWSP-206リアル有効で正確な問題集138問題と解答が待ってます：https://www.jpntest.com/shiken/CWSP-206-mondaishu