- Home
- Networking
- CWSP-205
21.
Which of the following is not defined by the 802.11-2012 standard? (Choose all that apply.)
- A.WEP
- B.VPN
- C.MAC filtering
- D.SSID segmentation
- E.SSID cloaking
- Answer & Explanation
- Report
Answer : [B, C, D, E]
Explanation :
Explanation :
| WEP is the only option that is actually defined by the 802.11-2012 standard. All the other options are considered to be non-802.11 security measures. |
22.
802.11 pre-RSNA security defines which wireless security solution?
- A.Dynamic WEP
- B.802.1X/EAP
- C.64-bit static WEP
- D.Temporal Key Integrity Protocol (TKIP)
- E.CCMP/AES
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The original 802.11 standard ratified in 1997 defined the use of a 64-bit or 128-bit static encryption solution called Wired Equivalent Privacy (WEP). WEP is considered pre-RSNA security. Dynamic WEP was never defined under any wireless security standard. The use of 802.1X/EAP, TKIP/ARC4 and CCMP/AES is defined under the current 802.11-2012 standard for robust network security. |
23.
Which of the following have been deprecated in the 802.11-2012 standard? (Choose all that
apply.)
- A.Wired Equivalent Privacy
- B.Temporal Key Integrity Protocol
- C.Point-to-Point Tunneling Protocol
- D.Shared Key authentication
- E.Open System authentication
- Answer & Explanation
- Report
Answer : [A, D]
Explanation :
Explanation :
| Temporal Key Integrity Protocol (TKIP) is defined in the 802.11-2012 standard and is still considered to be an RSN mechanism. Point-to-Point Tunneling Protocol (PPTP) is a VPN technology that is not part of the 802.11-2012 standard. Shared Key authentication and Wired Equivalent Privacy (WEP) are the two pre-RSNA (robust security network association) security mechanisms that have been deprecated. Deprecated technologies have been superseded by new technologies and should be avoided. Open System authentication is the one pre-RSNA security mechanism that has not been deprecated. |
24.
Peter is configuring a standalone AP to provide segmentation of three groups of wireless
user traffic on the corporate network. Which deployment strategies will reach this goal?
(Choose all that apply.)
- A.Create three separate SSIDs, one for each group, and have each SSID linked with a separate VLAN.
- B.Create a trunk for each of the VLANs between the AP and the access layer switch.
- C.Create a single trunk for all of the VLANs between the AP and the access layer switch.
- D.Configure each of the SSIDs with the same encryption keys for easier management and administration.
- E.Configure each of the SSIDs with different encryption keys.
- F.Consider leveraging RADIUS attributes to assign different groups of users and devices to different VLANS tied to the same SSID.
- Answer & Explanation
- Report
Answer : [A< C< E, F]
Explanation :
Explanation :
| Each group should be configured with a separate SSID and a separate VLAN. There will be an 802.1Q trunk connection from the standalone AP to the access layer switch. This trunk will carry the traffic from all of the VLANs that are supported on the AP and the switch. If legacy encryption such as static WEP is being used, a different encryption key should be used for each SSID. Dynamic encryption such as CCMP/AES and 802.1X/EAP security would be preferred. The best strategy is to assign multiple VLANs and access policies for different groups of users and/or devices to a single SSID by leveraging RADIUS attributes. |
25.
Evan has configured a laptop and an AP, each with two WEP keys. WEP key 1 is the same
on both devices, and WEP key 2 is the same on both devices. He configured the laptop to
use WEP key 1 to encrypt its data. He configured the AP to use WEP key 2 to encrypt its
data. Will this configuration work?
- A.No, since there is only one WEP key on each device.
- B.No, since the value of the WEP key must be identical on both the laptop and the AP.
- C.Yes, as long as the value of WEP key 1 is identical on both computers and the value of WEP key 2 is identical on both computers.
- D.Yes. The laptop and AP will only use the first WEP key, so as long as the value of these keys is identical, the configuration will work.
- E.Yes. The laptop and AP will attempt to use each of the WEP keys when decrypting a frame.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Up to four WEP keys can be entered on a Wi-Fi device. In addition to four WEP keys being entered, one will be designated to be used to encrypt all transmitted data. When the encrypted frame is received, part of the frame tells the receiving system which key (1, 2, 3, or 4) was used to encrypt the frame. The receiving system then attempts to decrypt the frame using the specified key. If the value of the key is the same on the receiving system, then the frame will be decrypted. Each system can use a separate key to encrypt the data. |
|
|
||||||||||||||||||||||||||||
