New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

A.

In home networks in which file and printer sharing is enabled

B.

At public hot-spots in which many clients use diverse applications

C.

In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities

D.

In university environments using multicast video training sourced from professor’s laptops

Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.

Before creating the WLAN security policy, what should you ensure you possess?

A.

Awareness of the exact vendor devices being installed

B.

Management support for the process

C.

End-user training manuals for the policies to be created

D.

Security policy generation software

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods.

When writing the 802.11 security policy, what password-related items should be addressed?

A.

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B.

Password complexity should be maximized so that weak WEP IV attacks are prevented.

C.

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D.

Certificates should always be recommended instead of passwords for 802.11 client authentication.

E.

EAP-TLS must be implemented in such scenarios.

What elements should be addressed by a WLAN security policy? (Choose 2)

A.

Enabling encryption to prevent MAC addresses from being sent in clear text

B.

How to prevent non-IT employees from learning about and reading the user security policy

C.

End-user training for password selection and acceptable network use

D.

The exact passwords to be used for administration interfaces on infrastructure devices

E.

Social engineering recognition and mitigation techniques

What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?

A.

Require Port Address Translation (PAT) on each laptop.

B.

Require secure applications such as POP, HTTP, and SSH.

C.

Require VPN software for connectivity to the corporate network.

D.

Require WPA2-Enterprise as the minimal WLAN security solution.

As a part of a large organization’s security policy, how should a wireless security professional address the problem of rogue access points?

A.

Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

B.

Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C.

Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.

D.

A trained employee should install and configure a WIPS for rogue detection and response measures.

E.

Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.

Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly. When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful. Before using the WLAN protocol analyzer, Mary’s laptop connected to the network without any problems.

What statement indicates why Mary cannot access the network from her laptop computer?

A.

The nearby WIPS sensor categorized Mary’s protocol analyzer adapter as a threat and is performing a deauthentication flood against her computer.

B.

The PEAP client’s certificate was voided when the protocol analysis software assumed control of the wireless adapter.

C.

The protocol analyzer’s network interface card (NIC) drivers are still loaded and do not support the version of PEAP being used.

D.

Mary’s supplicant software is using PEAPv0/EAP-MSCHAPv2, and the access point is using PEAPv1/EAP-GTC.

Given: A network security auditor is preparing to perform a comprehensive assessment of an 802.11ac network’s security.

What task should be performed at the beginning of the audit to maximize the auditor’s ability to expose network vulnerabilities?

A.

Identify the IP subnet information for each network segment.

B.

Identify the manufacturer of the wireless intrusion prevention system.

C.

Identify the skill level of the wireless network security administrator(s).

D.

Identify the manufacturer of the wireless infrastructure hardware.

E.

Identify the wireless security solution(s) currently in use.

Given: WLAN protocol analyzers can read and record many wireless frame parameters.

What parameter is needed to physically locate rogue APs with a protocol analyzer?

A.

SSID

B.

IP Address

C.

BSSID

D.

Signal strength

E.

RSN IE

F.

Noise floor

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

A.

AKM Suite List

B.

Group Cipher Suite

C.

RSN Capabilities

D.

Pairwise Cipher Suite List