- Home
- Networking
- CWSP-205
56.
When you are using an 802.11 wireless controller solution, which device would you consider
the authenticator?
- A.Access point
- B.RADIUS database
- C.LDAP
- D.WLAN controller
- E.VLAN
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Controller-based APs normally tunnel their 802.11 user traffic to a WLAN controller where control plane and data plane mechanisms reside. The WLAN controller usually functions as the authenticator. When an 802.1X/EAP solution is deployed in a wireless controller environment, the virtual controlled and uncontrolled ports exist on the WLAN controller. |
57.
For an 802.1X/EAP solution to work properly, which two components must both support
the same type of EAP? (Choose two.)
- A.Supplicant
- B.Authorizer
- C.Authenticator
- D.Authentication server
- Answer & Explanation
- Report
Answer : [A, D]
Explanation :
Explanation :
| An 802.1X/EAP solution requires that both the supplicant and the authentication server support the same type of EAP. The authenticator must be configured for 802.1X/ EAP authentication, but it does not care which EAP type passes through. The authenticator and the supplicant must support the same type of encryption. |
58.
What does 802.1X/EAP provide when implemented for WLAN security? (Choose all that
apply.)
- A.Access to network resources
- B.Verification of access point credentials
- C.Dynamic authentication
- D.Dynamic encryption-key generation
- E.Verification of user credentials
- Answer & Explanation
- Report
Answer : [A, D, E]
Explanation :
Explanation :
| The purpose of 802.1X/EAP is authentication of user credentials and authorization to access network resources. Although the 802.1X framework does not require encryption, it highly suggests the use of encryption. A by-product of 802.1X/EAP is the generation and distribution of dynamic encryption keys. While the encryption process is actually a byproduct of the authentication process, the goals of authentication and encryption are very different. Authentication provides mechanisms for validating user identity while encryption provides mechanisms for data privacy or confidentiality. |
59.
Chris has been hired as a consultant to secure the Harkins Corporation’s WLAN infrastructure.
Management has asked him to choose a WLAN authentication solution that will
best protect the company’s network resources from unauthorized users. The company is
also looking for a strong dynamic encryption solution for data privacy reasons. Management
is also looking for the cheapest solution as well as a solution that is easy to administer.
Which of these WLAN security solutions does Chris decide meets all of the objectives
required by management? (Choose the best answer.)
- A.EAP-TLS and TKIP/RC4 encryption
- B.EAP-TLS and CCMP/AES encryption
- C.EAP-PEAPv0 (MSCHAPv2) and CCMP/AES encryption
- D.EAP-PEAPv0 (EAP-TLS) and CCMP/AES encryption
- E.EAP-FAST/manual provisioning and CCMP/AES encryption
- F.EAP-MD5 and CCMP/AES encryption
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| EAP-TLS and EAP-PEAPv0 (EAP-TLS) both require the use of client-side certificates and therefore would be considered costly and hard to manage. EAP-FAST with manual PAC provisioning would also be difficult to administer. EAP-MD5 is cheap and simple to set up; however, it will only work with static WEP encryption and therefore would not meet the data privacy needs. EAP-PEAPv0 (MSCHAPv2) only requires the use of a server-side certificate and is easy to administer. EAP-PEAPv0 (MSCHAPv2) is the most widely supported EAP protocol available and is therefore cost-effective. CCMP/AES dynamic encryption is now widely supported and meets the data privacy objectives. |
60.
What type of credential is used by the authenticator and authentication server to validate
each other?
- A.Server-side X.509 digital certificate
- B.PAC
- C.Client-side X.509 digital certificate
- D.Username and password
- E.Security token
- F.Shared secret
- Answer & Explanation
- Report
Answer : [F]
Explanation :
Explanation :
| A shared secret is used between the authenticator and the authentication server for the RADIUS protocol exchange. The shared secret exists between the authenticator and the AS so that they can validate each other with the RADIUS protocol. The shared secret is only used to validate and encrypt the communication link between the authenticator and the authentication server. The shared secret is not used at all for any validation of the supplicants. |
|
|
||||||||||||||||||||||||||||
