PW0-204 CWNA Certified Wireless Security Professional (CWSP)

PW0-204 CWNA Certified Wireless Security Professional (CWSP)

http://www.TwPass.com

PW0-204

CWNA

Certified Wireless Security Professional (CWSP)

http://www.twpass.com/twpass.com/exam.aspx?eCode= PW0-204

The PW0-204 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The PW0-204 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently.

The PW0-204 exam is very challenging, but with our PW0-204 questions and answers practice exam, you can feel confident in obtaining your success on the PW0-204 exam on your FIRST TRY!

CWNA PW0-204 Exam Features

- Detailed questions and answers for PW0-204 exam

- Try a demo before buying any CWNA exam

- PW0-204 questions and answers, updated regularly

- Verified PW0-204 answers by Experts and bear almost 100% accuracy

- PW0-204 tested and verified before publishing

- PW0-204 exam questions with exhibits

- PW0-204 same questions as real exam with multiple choice options

Acquiring CWNA certifications are becoming a huge task in the field of I.T. More over these exams like PW0-204 exam are now continuously updating and accepting this challenge is itself a task.

This PW0-204 test is an important part of CWNA certifications. We have the resources to prepare you for this. The PW0-204 exam is essential and core part of CWNA certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take advantage of the Real PW0-204 Test and save time and money while developing your skills to pass

your CWNA PW0-204 Exam? Let us help you climb that ladder of success and pass your PW0-204 now!

PW0-204

QUESTION:

1

Which of the following protocols is used to provide on-demand authentication within an ongoing data transmission?

A. LEAP

B. EAP

C. PPTP

D. CHAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=1

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

2

Which of the following is a common Windows authentication protocol used by the IEEE

802.1X security standard?

A. TACACS

B. LDAP

C. RADIUS

D. SSL/TLS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=2

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

3

Which of the following authentication processes are specified by the IEEE 802.11 standards?

Each correct answer represents a complete solution. Choose all that apply.

A. Open System authentication

B. RADIUS

C. Shared Key authentication

D. EAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=3

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

4

Which of the following methods are capable of operating in wireless networks? Each correct answer represents a complete solution. Choose all that apply.

A. EAP-TLS

B. LEAP

C. PEAP

D. EAP-TTLS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=4

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

5

John, a malicious hacker, forces a router to stop forwarding packets by flooding it with many open connections simultaneously so that all hosts behind it are effectively disabled. Which of the following attacks is John performing?

A. Rainbow attack

B. DoS attack

C. Replay attack

D. ARP spoofing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=5

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

6

Which of the following protocols uses a program layer located between the Internet s Hypertext

Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers?

A. TFTP

B. HTTPS

C. SCP

D. SSL

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=6

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

7

You have been hired to perform a penetration test on a client s network. You want to see if remote connections are susceptible to eavesdropping or perhaps session hijacking. Which network tool would be most helpful to you?

A. Vulnerability analyzer

B. Port scanner

C. Performance analyzer.

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=7

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

8

Which of the following wireless network security solutions refers to an authentication process

in which a user can connect wireless access points to a centralized server to ensure that all hosts are properly authenticated?

A. Remote Authentication Dial-In User Service (RADIUS)

B. IEEE 802.1x

C. Wired Equivalent Privacy (WEP)

D. Wi-Fi Protected Access 2 (WPA2)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=8

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

9

Which of the following will you recommend for providing security?

A. HTTP

B. VPN

C. SSL

D. S/MIME

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=9

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

10

Which of the following tools is John using to crack the wireless encryption keys?

A. Kismet

B. AirSnort

C. Cain

D. PsPasswd

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=10

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

11

Which of the following tools is John using to crack the wireless encryption keys?

A. Kismet

B. AirSnort

C. Cain

D. PsPasswd

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=11

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

12

Which of the following are the important components of the IEEE 802.1X architecture? Each

correct answer represents a complete solution. Choose all that apply.

A. Authenticator server

B. Extensible Authentication Protocol (EAP)

C. Supplicant

D. Authenticator

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=12

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

13

You work as a System Administrator for Tech Perfect Inc. The company has a wireless LAN network. You want to implement a tool in the company s network, which monitors the radio spectrum used by the wireless LAN network, and immediately alerts you whenever a rogue access point is detected in the network. Which of the following tools will you use?

A. Firewall

B. WIPS

C. MFP

D. NAT

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=13

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

14

Which of the following methods can be used to detect a rogue access point in order to enhance the security of the network? Each correct answer represents a complete solution. Choose all that apply.

A. Install WIPS

B. Hide the SSID of all AP

C. Check in the managed AP list

D. Use of wireless sniffing tools

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=14

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

15

Which of the following works as a protocol for providing secure communications between wireless clients and wireless access points?

A. Virtual Private Network

B. Firewall

C. Packet filtering

D. Robust Secure Network

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=15

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

16

Which of the following is a type of security management for computers and networks in order to identify security breaches?

A. EAP

B. IPS

C. IDS

D. ASA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=16

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

17

Which of the following types of attacks cannot be prevented by a firewall? Each correct answer represents a complete solution. Choose all that apply.

A. Shoulder surfing attack

B. Ping flood attack

C. URL obfuscation attack

D. Phishing attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=17

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

18

Which of the following protocols uses public-key cryptography to authenticate the remote computer?

A. SSL

B. Telnet

C. SCP

D. SSH

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=18

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

19

Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer? Each correct answer represents a complete solution. Choose two.

A. Information of probing for networks can be viewed using a wireless analyzer and may be used to gain access.

B. Attacker by creating a fake wireless network with high power antenna cause Victor s computer to associate with his network to gain access.

C. Attacker can use the Ping Flood DoS attack if WZC is used.

D. It will not allow the configuration of encryption and MAC filtering. Sending information is not secure on wireless network.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=19

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

20

Which of the following is a part of computer network that is used to prevent unauthorized

Internet users from accessing private networks connected to the Internet?

A. Protocol analyzer

B. Wired Equivalent Privacy

C. Intrusion detection system

D. Firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=20

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

21

Which of the following are the components of wireless intrusion prevention system (WIPS)?

Each correct answer represents a complete solution. Choose all that apply.

A. Sensors

B. Console

C. Supplicant

D. Server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=21

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

22

Which of the following attacks are examples of Denial-of-service attacks (DoS)? Each correct answer represents a complete solution. Choose all that apply.

A. Birthday attack

B. Fraggle attack

C. Ping flood attack

D. Smurf attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=22

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

23

Which of the following stream ciphers is both a block cipher and a product cipher?

A. RC2

B. AES

C. DES

D. RC4

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=23

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

24

Which of the following security protocols is supported by Wi-Fi Protected Access (WPA)?

A. CCMP

B. LEAP

C. TKIP

D. PEAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=24

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

25

You work as a Network Administrator for Tech Perfect Inc. The company has a wireless LAN network. The clients present on the network are excluded. You check the error and find the reason that there is no DHCP server. Which of the following devices will you configure as a

DHCP server?

A. Access point

B. Controller

C. RADIUS Server

D. Wireless LAN switches

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=25

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

26

A Cisco Unified Wireless Network has an AP that does not rely on the central control device of the network. Which type of AP has this characteristic?

A. Rogue AP

B. LWAPP

C. Lightweight AP

D. Autonomous AP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=26

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

27

Which of the following wireless security protocols is defined in IEEE 802.11 pre-RSNA security?

A. TKIP

B. WEP

C. EAP

D. CCMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=27

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

28

Which of the following security levels are applied on the network to prevent unauthorized access? Each correct answer represents a complete solution. Choose all that apply.

A. Access control lists

B. Authentication

C. Authorization

D. MAC filtering

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=28

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

29

Which of the following are legacy authentication protocols used within the stronger EAP authentication protocols? Each correct answer represents a complete solution. Choose all that apply.

A. MS-CHAP

B. PPTP

C. PAP

D. CHAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=29

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

30

You are setting up small offices for a major insurance carrier. The company policy states that all wireless configurations must fully implement the 802.11i standard. Based on this requirement, which encryption algorithm should you implement?

A. WEP

B. PKI

C. WPA2

D. WPA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=30

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

31

Which of the following monitors program activities and modifies malicious activities on a system?

A. RADIUS

B. NIDS

C. HIDS

D. Back door

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=31

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

32

Which of the following are the layers of physical security? Each correct answer represents a complete solution. Choose all that apply.

A. Procedural access control

B. Video monitor

C. Environmental design

D. Intrusion detection system

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=32

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

33

Your Company is receiving false and abusive e-mails from the e-mail address of your partner company. When you complain, the partner company tells you that they have never sent any such e-mails. Which of the following types of cybercrimes involves this form of network attack?

A. Man-in-the-middle attack

B. Spoofing

C. Cyber squatting

D. Cyber Stalking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=33

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

34

Which of the following attacks are considered as authentication attacks? Each correct answer represents a complete solution. Choose all that apply.

A. Man-in-the-middle attack

B. Eavesdropper attack

C. Jamming attack

D. Denial-of-Service (DoS) attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=34

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

35

Which of the following is a passive device that cannot be detected by a wireless intrusion detection system (WIDS)?

A. MAC spoofing

B. Spectrum analyzer

C. Protocol analyzer

D. Rogue access point

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=35

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

36

Which of the following attacks is used to obtain a user s authentication credentials?

A. Teardrop attack

B. Brute force attack

C. Bonk attack

D. Phishing attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=36

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

37

Which of the following are the three main intended goals of WEP encryption? Each correct answer represents a complete solution. Choose all that apply.

A. Access control

B. Authentication

C. Data integrity

D. Confidentiality

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=37

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

38

Which of the following encryption methods use the RC4 technology? Each correct answer represents a complete solution. Choose all that apply.

A. Dynamic WEP

B. TKIP

C. Static WEP

D. CCMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=38

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

39

Which of the following keys are used by the symmetric key algorithm? Each correct answer represents a complete solution. Choose all that apply.

A. Pairwise Transient Key

B. Public Key

C. Group Temporal Key

D. Private Key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=39

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

40

A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department.

What security risk does this present?

A. An unauthorized WAP is one way for hackers to get into a network.

B. It is likely to increase network traffic and slow down network performance.

C. This circumvents network intrusion detection.

D. None, adding a wireless access point is a common task and not a security risk.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=40

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

41

Which of the following protocols periodically verifies the identity of the client by using a threeway handshake?

A. CHAP

B. PAP

C. PPP

D. EAP-TLS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=41

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

42

Which of the following protocols is designed to provide more secure encryption than the weak wired encryption privacy?

A. LEAP

B. TKIP

C. PEAP

D. CCMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=42

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

43

Which of the following are the security measures that are needed to maintain the security of wireless LAN? Each correct answer represents a complete solution. Choose all that apply.

A. WIPS

B. WLAN controller

C. Firewalls

D. WIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=43

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

44

Which of the following DoS attacks affects mostly Windows computers by sending corrupt

UDP packets?

A. Fraggle

B. Smurf

C. Bonk

D. Ping flood

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=44

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

45

You work as a Network Administrator for Blue Well Inc. The company has a Windows Server

2008 domainbased network. All client computers on the network run Windows Vista Ultimate.

Andy, a Finance Manager, uses Windows Mail to download his e-mails to his inbox. He complains that every now and then he gets mails asking for revealing personal or financial information. He wants that such mails are not shown to him. Which of the following steps will you take to accomplish the task?

A. Configure phishing filter in Internet Explorer 7.0. Configure it to filter all phishing mails.

B. Remove domain names of such emails from the Safe Sender s list.

C. Configure phishing filter in Windows Mail. Configure it to move such mails to the

Junk Mail folder.

D. Add domain names of such emails in the Block Sender s list.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=45

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

46

Which of the following provides security by implementing authentication and encryption on

Wireless LAN (WLAN)?

A. L2TP

B. IPSec

C. WAP

D. WEP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=46

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

47

Which of the following keys is derived from Group Master Key (GMK)?

A. Private Key

B. Group Temporal Key

C. Public Key

D. Pairwise Transient Key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=47

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

48

Which of the following types of filtering allows or restricts the flow of specific types of packets to provide security?

A. Route filtering

B. MAC address filtering

C. Packet filtering

D. Ingress filtering

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=48

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

49

Peter works as a Network Administrator for the uCertify Inc. The company has a Windowsbased network. All client computers run the Windows XP operating system. The employees of the company complain that suddenly all of the client computers have started working slowly.

Peter finds that a malicious hacker is attempting to slow down the computers by flooding the network with a large number of requests. Which of the following attacks is being implemented by the malicious hacker?

A. Buffer overflow attack

B. Denial-of-Service (DoS) attack

C. SQL injection attack

D. Man-in-the-middle attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=49

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

50

Which of the following is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for computers to connect and use a network service?

A. HTTP

B. SSL

C. IPSec

D. RADIUS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=50

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

51

Which of the following are social engineering techniques? Each correct answer represents a complete solution. Choose all that apply.

A. Phishing

B. Baiting

C. Pretexting

D. Salami attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=51

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

52

You work as a Network Administrator for uCertify Inc. You need to provide a secure communication between the server and the client computers of the company. Which of the following protocols will you use to manage the communication securely?

A. HTTP

B. TCP

C. TLS

D. SSL

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=52

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

53

Which of the following types of attacks is performed by Adam?

A. Man-in-the-middle attack

B. Reverse social engineering attack

C. DDoS attack that involves flooding a network or system

D. DoS attack that involves crashing a network or system

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=53

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

54

Which of the following components are typically required for securing a wireless 802.11 network? Each correct answer represents a complete solution. Choose all that apply.

A. Network segmentation

B. Monitoring

C. AAA

D. Data confidentiality

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=54

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

55

Which of the following is an application protocol that is used to query and modify data using directory services running over TCP/IP?

A. LDAP

B. HTTP

C. LEAP

D. RBAC

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=55

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

56

Which of the following encryption algorithms is used by Wired Equivalent Privacy (WEP)?

A. RSA

B. RC4

C. TKIP

D. CCMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=56

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

57

Which of the following actions will you perform to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.

A. Configure the wireless network to use WEP encryption for the data transmitted over a wireless network.

B. Implement the IEEE 802.1X authentication for the wireless network.

C. Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only.

D. Using group policies, configure the network to allow the wireless computers to connect to the ad hoc networks only.

E. Implement the open system authentication for the wireless network.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=57

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

58

Which of the following are the types of password guessing attacks? Each correct answer represents a complete solution. Choose two.

A. Password attack

B. Man-in-the-middle attack

C. Dictionary attack

D. Brute force attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=58

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

59

Which of the following protocols is used to compare two values calculated using the Message

Digest (MD5) hashing function?

A. EAP-TLS

B. CHAP

C. EAP

D. PEAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=59

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

60

Which of the following policies are considered as a good starting point while designing a wireless security policy document? Each correct answer represents a complete solution. Choose all that apply.

A. Rogue AP policy

B. Functional security policy

C. Protocol policy

D. General security policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=60

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

61

Which of the following are important characteristics of VPNs? Each correct answer represents a complete solution. Choose all that apply.

A. Encapsulation

B. Authentication

C. Encryption

D. Data integrity

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=61

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

62

Which of the following is a computer network that is layered on top of an underlying computer network?

A. WLAN

B. RSN

C. VPN

D. TSN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=62

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

63

Which of the following attacks on wireless LAN is performed to shut down the wireless network?

A. Active attack

B. Man-in-the-middle attack

C. Passive attack

D. Jamming attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=63

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

64

Which of the following does PEAP use to authenticate the user inside an encrypted tunnel?

Each correct answer represents a complete solution. Choose two.

A. RC4

B. AES

C. MS-CHAP v2

D. GTC

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=64

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

65

Which of the following are NOT steps in securing your wireless connection? Each correct answer represents a complete solution. Choose two.

A. Using either WEP or WPA encryption

B. Strong password policies on workstations.

C. MAC filtering on the router

D. Not broadcasting SSID

E. Hardening the server OS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=65

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

66

Which of the following types of attacks entices a user to disclose personal information such as social security number, bank account details, or credit card number?

A. Replay attack

B. Spoofing

C. Phishing

D. Password guessing attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=66

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

67

You work as a Network Administrator for Tech Perfect Inc. The company has a wireless LAN infrastructure. The management wants to prevent unauthorized network access to local area networks and other information assets by the wireless devices. What will you do?

A. Implement a dynamic NAT.

B. Implement an ACL.

C. Implement a WIPS.

D. Implement a firewall.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=67

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

68

Which of the following key types are defined in the 802.11i Authentication and Key

Management (AKM)? Each correct answer represents a complete solution. Choose all that apply.

A. Pairwise Master Key (PMK)

B. Group Master Key (GMK)

C. Pairwise Transient Key (PTK)

D. Group Temporal Key (GTK)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=68

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

69

You work as a network administrator for Web Perfect Inc. You configure both WPA and EAP authentications on a client computer in the company s wireless network. Where will the encryption key be located during the active user session? Each correct answer represents a part of the solution. Choose two.

A. On the AP

B. On the controller

C. Shared with all clients in the network

D. On the client

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=69

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

70

Which of the following protocols are used to secure a VPN connection? Each correct answer represents a complete solution. Choose all that apply.

A. IPSec

B. TLS

C. SSL

D. L2TP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=70

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

71

Which of the following attacks come under the category of layer 2 Denial-of-Service attacks?

Each correct answer represents a complete solution. Choose all that apply.

A. RF jamming attack

B. Password cracking

C. Spoofing attack

D. SYN flood attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=71

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

72

Which of the following provides the best protection against a man-in-the-middle attack?

A. Strong password

B. Firewall

C. Strong encryption

D. Fiber-optic cable

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=72

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

73

Which of the following security methods can be used to detect the DoS attack in order to enhance the security of the network?

A. WLAN controller

B. Spectrum analyzer

C. Protocol analyzer

D. WIPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=73

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

74

Which of the following encryption methods uses AES technology?

A. Dynamic WEP

B. Static WEP

C. CCMP

D. TKIP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=74

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

75

You are the Administrator for a corporate network. You are concerned about denial of service attacks. Which of the following would be the most help against Denial of Service (DOS) attacks?

A. Honey pot

B. Network surveys.

C. Packet filtering firewall

D. Stateful Packet Inspection (SPI) firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=75

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

76

Which of the following would be the most help against Denial of Service (DOS) attacks?

A. Honey pot

B. Network surveys.

C. Packet filtering firewall

D. Stateful Packet Inspection (SPI) firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=76

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

77

Which of the following keys is derived from a preshared key and Extensible Authentication

Protocol (EAP)?

A. Pairwise Master Key

B. Group Temporal Key

C. Private Key

D. Pairwise Transient Key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=77

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

78

Which of the following types of attacks come under the category of hacker attacks? Each correct answer represents a complete solution. Choose all that apply.

A. Password cracking

B. Smurf

C. IP address spoofing

D. Teardrop

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=78

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

79

Which of the following keys are used by the public key infrastructure (PKI)? Each correct answer represents a complete solution. Choose all that apply.

A. Group Temporal Key

B. Private Key

C. Pairwise Transient Key

D. Public Key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=79

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

80

Which of the following is designed to detect bit-flipping and forgery attacks that are used against WEP?

A. Cyclic redundancy check (CRC)

B. Initialization vector (IV)

C. Message authentication code (MAC)

D. Message integrity code (MIC)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=80

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

81

Which of the following are software applications designed to track a user s personal information with the intent to pass it on to third parties without the user s permission? Each correct answer represents a complete solution. Choose all that apply.

A. Stealware

B. Adware

C. Spyware

D. Zombie

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=81

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

82

You work as a Network Administrator for Tech Perfect Inc. The company has a secure wireless network. Since the company s wireless network is so dynamic, it requires regular auditing to maintain proper security. For this reason, you are configuring NetStumbler as a wireless auditing tool. What services can NetStumbler provide? Each correct answer represents a complete solution. Choose all that apply.

A. Detection of causes of wireless interference

B. Verification of network configurations

C. Detection of unauthorized ("rogue") access points

D. Capturing and decoding of packets

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=82

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

83

A Cisco Unified Wireless Network has an access point (AP) that provides a single point of management and reduces the security concern of a stolen access point. Which type of access point has this characteristic?

A. Rouge AP

B. Autonomous AP

C. Lightweight AP

D. LWAPP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=83

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

84

Which of the following is a type of malware that is secretly installed on the user s personal computer and collects users information without their knowledge?

A. Worm

B. Virus

C. Spyware

D. Adware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=84

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

85

Which of the following features of a switch helps to protect network from MAC flood and

MAC spoofing?

A. Port security

B. Quality of Service (QoS)

C. Multi-Authentication

D. MAC Authentication Bypass

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=85

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

86

Which of the following protocols uses separate control and data connections between the client and server applications?

A. HTTP

B. FTP

C. SMTP

D. SCP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=86

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

87

Which of the following are attacks/techniques related to Wired Equivalent Privacy (WEP)?

Each correct answer represents a complete solution. Choose all that apply.

A. Bit-flipping attack

B. Phishing

C. Weak key

D. Baiting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=87

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

88

Which of the following are secure infrastructure management protocols used in WLAN? Each correct answer represents a complete solution. Choose all that apply.

A. SNMPv3

B. Telnet

C. SCP

D. HTTPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=88

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

89

Which of the following is an intermediate network similar to RSN that supports legacy security such as WEP within the same BSS?

A. WPA2

B. VPN

C. WPA

D. TSN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=89

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

90

Your company is going to add wireless connectivity to the existing LAN. You have concerns about the security of the wireless access and wish to implement encryption. Which of the following would be the best choice for you to use?

A. PKI

B. DES

C. WAP

D. WEP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=90

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

91

Which of the following is a wireless device that is created to allow a cracker to conduct a manin-the-middle attack?

A. Protocol analyzer

B. Lightweight Access Point

C. WLAN controller

D. Rogue access point

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=91

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

92

You work as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain-based network. The company has a main office and several branch offices. You want to centralize theadministration. Therefore, you implement a Remote Authentication Dial-In

Service (RADIUS) server. Each branch office supports its own Routing and Remote Access

Server. You remove the default remote access policy, as you want to secure communications and implement a single policy that requires all dial-up communications to use a 40-bit encryption. What will you do to accomplish this? Each correct answer represents a part of the solution. Choose two.

A. Set the level of encryption to Basic in the remote access policy.

B. Create a remote access policy on the RADIUS server.

C. Create a remote access policy on the Routing and Remote Access Server of each branch office.

D. Set the level of encryption to No Encryption in the remote access policy.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=92

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

93

Which of the following keys is derived by Pairwise Master Key (PMK)?

A. Private Key

B. Pairwise Transient Key

C. Public Key

D. Group Temporal Key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=93

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

94

Which of the following components are normally required to secure wireless 802.11 networks?

Each correct answer represents a complete solution. Choose all that apply.

A. Segmentation

B. Authentication

C. Strong encryption

D. Accessibility

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=94

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

95

Your client has a brand new laptop. He is trying to connect to his home network, which is using an older (802.11b) wireless router. The router is set for encryption but not MAC filtering. What is the most likely problem?

A. His laptop has a newer operating system that cannot communicate with the router.

B. His physical address for the laptop is not in the router.

C. His laptop is using the WPA encryption protocol.

D. The laptop does not have a wireless NIC.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=95

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

96

Which of the following protocols is used for authentication in an 802.1X framework?

A. IPSec

B. TKIP

C. EAP

D. L2TP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=96

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

97

Which of the following is a security access control technique that allows or prevents specific network devices from accessing the network?

A. Ingress filtering

B. MAC filtering

C. Route filtering

D. Packet filtering

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=97

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

98

Which of the following protocols is used by Point-to-Point (PPP) servers to validate the identity of remote clients?

A. EAP-TTLS

B. CHAP

C. PPP

D. IPSec

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=98

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

99

Which of the following is the most secure protocol used for encryption in a wireless network?

A. WPA2

B. WPA

C. WEP

D. IPSec

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=99

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

100

Which of the following are secure device management protocols? Each correct answer represents a complete solution. Choose all that apply.

A. SNMPv3

B. HTTP

C. HTTPS

D. SSH

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=100

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

101

Which of the following is an infrastructure system that allows the secure exchange of data over an unsecured network?

A. PKI

B. PMK

C. PTK

D. GTK

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=101

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

102

Which of the following security protocols uses a single, manually configured, static key for data encryption that is shared by the client and the WAP?

A. L2TP

B. WEP

C. IPSec

D. WPA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=102

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

103

You work as a Network Administrator for uCertify Inc. You need to set up a management system on your network. Which of the following protocols will you use to manage your network?

A. SNMP

B. TCP

C. HTTP

D. IP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=103

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

104

Which of the following tools monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools?

A. Firewall

B. Snort

C. IDS

D. WIPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=104

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

105

Which of the following protocols ensures that all relevant information is delivered to the correct access point to which the client station is associated?

A. IAPP

B. PPP

C. CHAP

D. MS-CHAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=105

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

106

Which of the following is a passive device that views the current content of the packet traveling on the network?

A. Spectrum analyzer

B. Protocol analyzer

C. WLAN controller

D. Rogue AP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=106

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

107

Which of the following are the main components of a Wi-Fi Protected Setup (WPS) protocol architecture? Each correct answer represents a part of the solution. Choose all that apply.

A. Authenticator

B. Registrar

C. Supplicant

D. Enrollee

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=107

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

108

Which of the following wireless security features provides the best wireless security mechanism?

A. WPA

B. WPA with 802.1X authentication

C. WEP

D. WPA with Pre Shared Key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=108

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

109

Which of the following are tunneling protocols used in a virtual private network (VPN)? Each correct answer represents a complete solution. Choose all that apply.

A. MD5

B. L2TP

C. PPTP

D. SCP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=109

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

110

On which of the following, digital signatures are based? Each correct answer represents a complete solution. Choose two.

A. Hashing functions

B. Symmetric encryption

C. RADIUS

D. Asymmetric encryption

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=110

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

111

You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate the DoS attack on a computer network of SecureEnet Inc. Which

of the following methods will you perform to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.

A. Look for core files or crash dumps on the affected systems.

B. Seize all computers and transfer them to the Forensic lab.

C. Sniff network traffic to the failing machine.

D. Look for unusual traffic on Internet connections and network segments.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=111

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

112

Radios on AP are turned off, and the AP listens for ARP messages on a wired network. The controller generates an alarm if an ARP is heard on a wired LAN. In which mode does the AP operate if this task is performed?

A. Local mode

B. Rogue detection mode

C. Monitor mode

D. Sniffer mode

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=112

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

113

You work as a Network Administrator for SpyNet Inc. The company has a Windows-based network. You have been assigned the task of auditing the scheduled network security. After a regular audition, you suspect that the company is under attack by an intruder trying to gain access to the company s network resources. While analyzing the log files, you find that the IP address of the intruder belongs to a trusted partner company. Assuming this situation, which of the following attacks is the company being subjected to?

A. CookieMonster

B. Man-in-the-middle

C. Spoofing

D. Phreaking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=113

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

114

Which of the following security protocols is required by Robust Security Network (RSN)?

A. IPSec

B. SCP

C. CCMP

D. SSL

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=114

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

115

Which of the following protocols are types of VPN protocols? Each correct answer represents a complete solution. Choose all that apply.

A. PEAP

B. L2TP

C. IPSec

D. PPTP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=115

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

116

Which of the following is an access control model that allows users to access any of the resources according to his role in an organization?

A. LDP

B. RBAC

C. CBAC

D. LDAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=116

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

117

Which of the following wireless security policies helps to prevent the wireless enabled laptops from peer-topeer attacks when the laptops are used in public access network?

A. Use Port Address Translation.

B. Use protocol analyzer.

C. Use security protocols.

D. Use firewall.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=117

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

118

Which of the following attacks saturates network resources and disrupts services to a specific computer?

A. Replay attack

B. Polymorphic shell code attack

C. Teardrop attack

D. Denial-of-Service (DoS) attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=118

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

119

Which of the following attacks are prevented from a mutual authentication solution? Each correct answer represents a complete solution. Choose all that apply.

A. Hijacking

B. Man-in-the-middle attack

C. Eavesdropping attack

D. Phishing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=119

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

120

Which of the following is a network security device that monitors network activities for malicious or unwanted behavior?

A. IDS

B. IPS

C. WEP

D. ASA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=120

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

121

In an effort to optimize WLAN performance ABC Company has already upgraded their infrastructure from 802 11b/g 802 11n. ABC has always been highly security conscious but they are concerned with security threats introduced by incompatibilities between 802.11n and

802 .11a/g. in the past ABC has performed manual and automated scans with products that were originally designed for use in 802 11a/g networks. Including laptop-based spectrum and protocol analyzers as well as an overlay 802 11a/g WIPS solution.ABC has sought your input to understand and respond to potential security threats. In ABC�s network environment, what type of devices would be capable of identifying rouge APs that use HT Greenfield 40 MHZ channels? (Choose 3)

A. 802.11n WPS sensor with a single 2x2 radio

B. The company�s current laptop-based protocol analysis tools

C. WIPS solution that is integrated in the company�s AP infrastructure

D. The company�s current overlay WIPS solution

E. The company�s current laptop-based spectrum analysis tools

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=121

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

122

Given: A new Access point is connected to an authorized network segment and is detected wirelessly by a WIPS. By what method does the WIPS apply a security classification to newly discovered AP?

A. According to the location service profile

B. According to the SNMP MIB table

C. According to the RADIUS rectum attribute

D. According to the site survey template

E. According to the default security policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=122

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

123

What elements should be addressed by a WLAN security policy? (Choose 2)

A. Verification that administrative passwords are unique to each infrastructure device

B. Enabling encryption to prevent MAC addresses from being sent in clear text

C. Security policy details should be safeguarded from non IT employees to prevent vulnerability exposure

D. End user training for password selection and acceptable network use

E. Social engineering recognition and mitigation technique.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=123

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

124

Role-based access control (RBAC) allows a WLAN administrator to perform that network function?

A. Allows access to specific files and applications based on the user�s WMM A

C.

B. Provide admission control to VoWiFi clients on selected access points.

C. Allows one user group to access an internet gateway while denying internet access gateway to another group

D. Provide differing levels of management access to a WLAN controller based on the user account.

E. Allow simultaneous support of multiple EAP types on a single Access point.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=124

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

125

The following numbered items show the contents of the four frames exchanged during the 4way handshake. Encrypted GTK sent Confirmation of temporal key installation Announce sent from authenticator to supplicant, unprotected by MIC Snonce sent from applicant to authenticator, protected by MIC. Arrange the frames in the correct sequence beginning with the start of the 4-way handshake

A. 3, 4, 1, 2

B. 2, 3, 4, 1

C. 1, 2, 3, 4

D. 4, 3, 1, 2

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=125

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

126

What 802 11 WLAN security problem is addressed by 802.1X/EAP mutual authentication.

A. Disassociation attacks

B. Weak initialization vectors

C. Offline dictionary attacks D.Weak password policies

E. MAC spoofing

F. Wireless hijacking attacks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=126

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

127

What disadvantage does EAP-TLS have when compared with PEAPvO EAP/MSCHAPv2 as an 802. 11 WLAN security solution?

A. EAP-TLS requires a PKI to create X509 certificates for both the server and client, which increases administrative overhead.

B. EAP-TLS does not use SSL to establish a secure tunnel for internal EAP authentication.

C. Fast/secure roaming in an 802 11 RSN is significantly longer when EAP-TLS is use.

D. EAP-TLS does not protect the client�s username and password in side an encrypted tunnel.

E. Though more secure EAP-TLS is not widely supported by wireless infrastructure or client vendors.

F. Initially mobility authentication with EAP-TLS is significantly longer due to X509 certificate verification.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=127

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

128

Exhibit Given: The illustration shows a WLAN protocol analyzer decoding an 802.11 beacon frame. What statement about the access points BSS us true and can be confirmed with this illustration?

A. This is a TSN and stations may use only the TKIP chiper suit.

B. The BSS�s group key chiper will be rotated by the access point after two more beacon frames.

C. The BSS supports both CCMP and TKIP chiper suit simultaneously.

D. There is currently one wireless client associated with the AP using TKIP chiper suit within the BSS.

E. The BSS is an RSN, but the only chiper suit supported in BSS is TKIP.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=128

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

129

Given: You manage a wireless network that services 200 wireless users. Your facility requires

20 access points and you have installed an IEEE 802.1X LEAP with AES CCMP as an authentication and encryption solution. In this configuration the wireless network is initially susceptible to what type of attacks? (Choose 2)

A. Eavesdropping

B. Offline dictionary

C. Layer 1 DoS

D. Session hijacking

E. Man-in-the-middle

F. Layer 3 peer-to-peer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=129

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

130

Exhibit Given: The network in this diagram implements an 802.1X/EAP-based wireless security solution. What device functions as EAP authenticator?

A. Ethernet switch

B. Mobile device

C. LDAP server

D. Access point

E. WLAN controller

F. RADIUS server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=130

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

131

What one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in 802.11WLAN?

A. EAP-TTLS does not require the use of PK

I.

B. EAP-TTLS does not require an authenticator server.

C. EAP-TTLS sends encrypted supplicant credentials to the authentication server.

D. EAP-TTLS supports mutual authentication between supplicants and authentication servers.

E. EAP-TTLS supports smart card clients.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=131

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

132

Exhibit In this diagram illustrating an example of IEEE 802.11standard�s4-Way handshake what is the purpose of ANonce and Snonce?

A. There are values used in the derivation of the pairwise Transient key.

B. The IEEE 802.11 standard requires that all crypto graphic frames contain a nonce for security purposes.

C. They are used to pad message 1 and message 2 so each frame contains the same number of bytes.

D. They are added together and used as the GMK, from which the GTK is derived.

E. They allow the participating STAs to avoid sending unicast encryption keys across the wireless medium

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=132

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

133

You own a coffee shop and have recently installed a 802.11g wireless hot spot for the benefit of your customers. For legal reasons you want to minimize your network and avoid liability related to the operations of hot spots. What option specifies the best approach to achieve this goal at your public hotspot?

A. Allow only trusted patrons to use the WLAN

B. Use a WIPS to deauthenticate the malicious stations

C. Require clients STAs to have updated firewall and antivirus software

D. Disable the WLAN during non business hours

E. Use the captive portal to force users to agree to an acceptable use disclaimer

F. Configure WPA2-personal security on your access point

G. Block TCP port 25out bound on the internet router

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=133

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

134

Given: XYZ company has recently installed a controller based WLAN and is using a RADIUS server to proxy authenticate request to an LDAP server user based across controls and would like to use the RADIUS server to facilitate network authorization What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication?

(Choose 3)

A. The RADIUS server can support vendor-specific attributes in the ACCESS-

ACCEPT response which can be used for ASL or firewall assignment.

B. The RADIUS server can communicate with the DHCP server to issue the appropriate

IP address and VLAN assignments to users.

C. According to database entries, RADIUS can reassign client 801.11assosiations to proper SSID by referring a user name to SSID mapping

D. RADIUS return list attributes can be used to assign permission level, such as read only permission, to users of particular network source.

E. RADIUS can send a VLAN assignment for each authorized user to the VLAN controller in a return list attribute.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=134

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

135

Given: ABC company is developing an IEEE 802.11 complaint wireless security solution using

802.1X/EAP authentication. According to company policy the security should prevent an eavesdropper from decrypting data frames traversing a wireless connection. What security solution features play a role in adhering to this policy requirement? (Choose 2)

A. Group temporal key

B. Message integrity check (MIC)

C. Multi-factor authentication

D. Encrypted passphrase

E. Integrity check value

F. 4-Way handshake

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=135

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

136

Given: John smith uses a coffee shop�s internet hot spot to transfer funds between his checking and saving accounts at his bank�s website. The bank�s website uses HTTPS protocol to protect sensitive account information. A hacker was able to obtain john�s bank account user ID and password and transfers john�s money to another account. How did the

hacker obtain john�s bank Account user ID and password?

A. John uses same username and password for banking that he does for email. John used a pop3 email client at the wireless hotspot to check the email and the user ID and password were not encrypted.

B. The bank�s web server is using anX509 certificate that is no signed by a root CA, causing the user ID and password to be sent unencrypted

C. John�s bank is using an expiredX509 certificate on there web server. The certificate is on john�s certificate Revocation list (CRL), causing the user ID and password to be sent unencrypted.

D. Before connecting to the banks website, johns association to the AP was hijacked.

The Attacker interrupted the HTTPS public encryption key from the bank�s web server and has decrypted john�s login credentials in real time.

E. John accessed his corporate network with the IPSec VPN software at the wireless hotspot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his

IPSec VPN software.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=136

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

137

What statement accurately describes the functions of the IEEE 802.1X standard?

A. Port-based access control with support for EAP authentication and AES-CCMP encryption only

B. Port-based access control with encryption key management and distribution

C. Port-based access control with support for authenticated-user VLANs only

D. Port-based access control with 802.3 and 802.11 LANs

E. Port-based access control with permission for three frame types: EAP, DHCP, DNS.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=137

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

138

Company�s 500 employees use ABC�s dual band HT 802.11 WLAN extensively general data traffic, VoWiFi, and guest access internet-only data. Size and network applications, what solution effects common and recommended security practices for this type of network?

A. His high security requirements, support EAT-TLS for corporate data and VoWiFi, require WPA or WPA2-personal as well as MAC address filtering for all guest solutions. Segment each data type using a separate data type SSID, frequently band, and

VLAN.

B. WPA2-Persinal for corporate data and VoWiFi application with a long passphrase.

For guest access, implementation open authentication. Configure two and VLAN-one for corporate access and one for guest access-and support WMM on the corporate network. For ease-of-use and net work discovery hide the corporate broad cast to the

guest SSI

D.

C. PEAPvO/EAP-MSCHAPv2 for corporate data end VoWiFi, use open authentication with captive portal on the guest network. If the VoWiFi phones can not support, use

WPA2-personal with a string passphrase. Segment the three types of traffic by using separate SSIDs and VLANs.

D. WPA2 enterprise for all types of network access. For added configuration simplicity, authenticate all users from a single VLAN but apply filtering with IP ACLs by giving each user to group using RADIUS group attributes. Configure the IPACLs so that each group can only access the necessary resources.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=138

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

139

Given: A VLAN consultant has just finished installing a WLAN controller with 15 controller based APs. Two SSIDs with separate VLANs are configured for this network and LANs are configured to use the same RADIUS server. The SSIDs are configured as follows SSID Blue -

VLAN 10-lightweight EAP (LEAP) authentication-CCMP cipher suit SSID Red - VLAN 20-

802.1X/PEAPv0 authentication-TKIP cipher suit The consultants computer can successfully authenticate and browse the internet when using the Blue SSID. The same computer can authenticate when using the Red SSID. What is most likely cause of problem?

A. The consultant does not have a valid Kerberos ID on the Blue VLAN.

B. The TKIP cipher suit is not a valid option for 802.1 X/PEAPv0 authentications.

C. The clock on the consultant�s computer postdates the RADIUS server�s certificate expiration date/time.

D. PEAPv0 authentication is not supported over controller based access points.

E. The red VLAN does not support certificate based authentication traffic.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=139

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

140

After completing the installation of new overlay WIPS, what baseline function MUST be performed?

A. Approved 802.1X/EAP methods need to be selected and confirmed.

B. Configure specifications for upstream and downstream throughout thresholds.

C. Classify the authorized, neighbor, and rogue WLAN devices.

D. Configure profiles for operation among different regularity domains.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=140

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

141

What different security benefits are provided by endpoint security solution software? (Choose

3)

A. Can collect statistics about a user�s network use and monitor network threats while they are connected.

B. Must be present for support of 802.11k neighbor reports, which improves fast BSS transitions.

C. Can be used to monitor and prevent network activity from nearby rogue clients or

APs.

D. Can prevent connections to networks with security settings that do not confirm to company policy.

E. Can restrict client connections to network with specific SSIDs and encryption types.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=141

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

142

What software and hardware tools are used together to hijack a wireless station from the authorized wireless network in to an unauthorized wireless networks? (Choose 2)

A. A low-gain patch antenna and terminal emulation software

B. Narrow band RF jamming devices and wireless radio card

C. DHCP server software and access point software

D. A wireless work group bridge and protocol analyzer

E. MAC spoofing software and MAC DOS software

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=142

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

143

Given: ABC company is implementing a secure 802.11WLAN at their headquarters building in

New York and at each of the 10 small, remote branch offices around the country 802.1X/EAP is ABC�s preferred security solution. Where possible At all access points (at the headquarters building and all branch offices) connect to single WLAN controller located at the headquarters building, what additional security considerations should be made? (Choose 2)

A. An encrypted connection between the WLAN controller and each controller-based

AP should be used or all branch offices should be connected to the headquarters building a VPN.

B. Remote WIPS sensors should be installed at the headquarters building and at all branch office to monitor and enforce wireless security.

C. RADIUS service should always be provided at branch offices so that user authentication is kept on the local network.

D. Remote management via telnet, SSH, HTTP, HTTPs should be permitted across the

WLAN link.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=143

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

144

ABC Company uses the wireless network for highly sensitive network traffic. For that reason they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measure. They are interested in the security benefits of

802.11w, but would like to know its limitations. What types of wireless attacks are protected by

802.11w? (Choose 2)

A. NAV-based DoS attacks

B. RF DoS attacks

C. Layer 2 Disassociation attacks

D. Robust management frame replay attacks

E. EAPoL flood attacks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=144

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

145

The IEEE 802.11 pairwise transient key (PTK) is derived from what cryptographic element?

A. Phase shift key (PSK)

B. Group master key (GMK)

C. Peerkey (PK)

D. Group temporal key (GTK)

E. Pairwise master key (PMK)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=145

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

146

What wireless authentication technologies build a TLS-encrypted tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)

A. EAP-TTLS

B. EAP-FAST

C. LEAP

D. EAP-MD5

E. MS-CHAPv2

F. PEAPv1/EAP-GTC

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=146

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

147

Given: ABC Company has recently installed a WLAN controller and configured it to support

WPA2-Enterprise security. The administrator has confirmed a security profile on the WLAN controller for each group within the company (manufacturing, sales, and engineering) How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

A. The WLAN controller polls the RADIUS server for a complete list of authenticated users and groups after each user authentication.

B. The RADIUS server forwards a request for a group attribute to an LDAP database service, and LDAP sends the group attribute to the WLAN controller.

C. The RADIUS server sends a group name return list attribute to the WLAN controller during every successful user authentication.

D. The RADIUS server sends the list of authenticated users and groups to the WLAN controller as a part of a 4-way handshake prior to user authentication.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=147

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

148

Given: Jane Smith works primarily from home and public wireless hot spot rather than commuting to the office. She frequently accesses the office network frequently from her laptop using the 802.11 WLAN. To safeguard her data, what wireless security policy items should be implemented? (Choose 2)

A. Use 802.1X/PEAPv0 to connect to the corporate office network.

B. Use secure protocols, such as FTP, for remote file transfer with encryption.

C. Use an IPSec VPN for connectivity to the office network.

D. Use an HTTPS captive portal for authent6ication at hot spots.

E. Use WIPS sensor software to monitor for risks.

F. Use personal firewall software on her laptop.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=148

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

149

Exhibit What is illustrated on the RF spectrum analyzer?

A. A low-power narrow band RF attacks is in progress on channel 11, causing significant 802.11 interference.

B. A frequency hoping device is being used as a signal jammer on channel 11 only.

C. An HR/DSSS AP and an ERP AP are both operating on channel 11 simultaneously.

D. An ERP AP operating normally on channel 11.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=149

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

150

What security weakness is presented in pre-RSNA system using 802.1X with dynamic WEP?

A. There is support for authentication of individual users.

B. All version of EAP used with dynamic WEP pass the user name across the wireless medium in clear text.

C. The session key is crackable if enough traffic is transmitted using the key. D.With out notification, APs downgrade the security mechanism to 104-bit static WEP when the client device does not support dynamic WEP.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=150

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

151

Exhibit What type of system is installed in graphics?

A. Distributed RF spectrum analyzer

B. Wireless Intrusion Prevention System

C. WLAN Controller Device Monitors

D. WLAN Emulation System

E. Wireless VPN Management System

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=151

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

152

Exhibit Joe�s new laptop is experiencing difficulty connecting to ABC Company�s 802.11

WLAN using 802.1X/EAP PEAOv0. The company�s wireless network action network administrator assured Joe that his laptop was authorized in the WIPS for connectivity to all marketing department APs before it was given to him yesterday the WIPS terminations given to him yesterday. The WIPS termination policy is shown in exhibit. What are some possible reasons that Joe can not connect to the network?

A. Joe disabled his laptop�s integrated 802.11 radio and is using a personal PC card radio with a different chipset, drivers, and client utilities.

B. An ASLEAP attack has been detected on APs to which Joe�s laptop was trying to associate. This WIPS responded by disabling the APs.

C. Joe�s 802.11radio sending too many probe request and EAPoL start frame due to corrupted driver.

D. Joe configured his 802.11 radio card to transmit at 100mW to increase his SNR. The

WIPS is detecting his much out put power as a DoS attack.

E. Joe changed the system limit on his computer, and WIPS is detecting this as usage time violation.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=152

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

153

Given: Many corporations have guest VLANs configured on their WLAN controller that allow visitors to have wireless internet access only. What risks are associated with implementing the guest VLAN without any protocol filtering features enabled? (Choose 2)

A. Unauthorized users can perform internet based network attacks through the WLAN.

B. Intruders can send spam to the internet through the guest VLAN.

C. Peer-to-peer attacks between the guest users can not be prevented without protocol filtering.

D. Once guest users are associated to the WLAN, they can capture 802.11 frames from the corporate VLANs.

E. Guest users can reconfigure APs in the guest VKAN unless unsecure network management protocols (e.g. Telnet, HTTP) are filtered.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=153

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

154

What limitations are present with PMK caching (or PMKSA caching) when 802.1X/EAP authentication is in use?

A. PMK caching may only be supported when the authentication server (SA) is collocated with the authenticator, as with WLAN controllers using an internal RADIUS server.

B. PMK caching has a maximum PMKSA storage threshold of five keys, which limits the fast roaming capability to a mobility group of five APs.

C. PMK caching allows to fast roaming between APs when they are managed by a single controller, but it does not support inter-controller handoffs

D. PMK caching can only retain PMKSAs once they are present, but it can not create new PMKSAs without a full 802.1X/EAP authentication nor can it distribute an existing

PMKSA to other APs.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=154

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

155

In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

A. In home networks in which file and pointer sharing is enabled

B. In corporate VoWiFi is networks with push to talk multicast capabilities

C. At public hotspots in which many clients use diverse application

D. In university environment with multicast training

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=155

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

156

As a primary security engineer for a large corporate network you have been asked to author a new security policy for the wireless network while most clients devices support 802.11X authentication some legacy devices still passphrase. When writing the 802.11 security policy, what password related items should be addressed?

A. Password should include a combination of upper and lower case latter, numbers, and special characters.

B. Certificate should always by recommended instead of passwords for 802.11 client authentication.

C. Password complexity should be maximized so that the weak IV attacks are prevented.

D. Password creation process should be defined to maximize the strength of PSK based authentication.

E. MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical

WPA2=PSK passphrase.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=156

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

157

When opportunistic key caching (OKC) is supported on the wireless network, what steps must occur before a successful roam is completed? (Choose 2)

A. EAP authentication must be conducted between the supplicant and AS

B. The AS must be queried for derivation of new PMK

C. The authenticator must query the RADIUS server to validate the supplicant

D. New open system authentication must be performed

E. Supplicant and authenticator must establish a new PTK

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=157

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

158

Exhibit Choose the statement that explains that why the frame exchanged from Exhibit -1 took more frames than the frames exchanged from Exhibit-2 when both authentication were successful.

A. Exhibit-1 and Exhibit -2 are using different EAP types.

B. Exhibit-2 has transmission of EAP frames.

C. Exhibit-1 is a TSN, and Exhibit-2 is an RSN

D. Exhibit-1 is association and Exhibit-2 is an initial association.

E. Exhibit-1 and Exhibit-2 are using different cipher suits.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=158

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

159

What TKIP features prevent attacks against the known weaknesses of WEP? (Choose 3)

A. 32 bit ICV (CRC 32)

B. Sequence counters

C. Michael

D. RC5 stream cipher

E. Block cipher support

F. Increased IV length

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=159

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

160

Given: The ABC corporation currently utilizes a public key infrastructure (PKI) to allow employees to securely access network resources using smart cards. The wireless network will use WPA2-Enterprise as its primary security solution. You have been hired to recommend a

Wi-Fi alliance tested EAP method What solutions will require the least change in hoe users are currently authenticated and still integrate with there existing PKI?

A. PEAPv0/EAP-MSCHAPv2

B. EAP-TLS

C. EAP-TTLS/MSCHAPv2

D. PEAPv0/EAP-TLS

E. LEAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=160

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

161

Given: Many travelling business users connect to internet at airports, which often have 802.11g access points with a captive portal for authentication. While using an airport hot spot with this security solution, to what type of wireless attack is user susceptible? (Choose 2)

A. IGMP-snooping

B. Man-in-middle

C. Wi-Fi ARP poising

D. Management interface exploits

E. Wi-Fi pfishing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=161

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

162

Exhibit Review the exhibit and answer the following question. When monitoring APs within A

LAN using a wireless network management system (WNMS, what secure protocol may be used by the WNMS to issue configuration change t APs?

A. TFTP

B. SNMPv3

C. 802.1X/EAP

D. PPTP

E. IPSec/ESP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=162

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

163

What penetative measures are performed by a WIPS against intrusions?

A. Uses SNMP to disable the switch port to which rogue APs connect

B. Deauthentication attack against a classified neighbor AP

C. Evil twin attack against a classified neighbor AP

D. Evil twin attack against a rogue AP

E. EAPoL reject frame flood against AP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=163

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

164

Exhibit What WLAN security function can be performed by the illustrated software utility?

(Choose 3)

A. Generating PMKs that can be imported into 802.11 RSN systems

B. Generating passphrases for WLAN system secured with WPA2-personal

C. Generating random EAP-TTLS session keys

D. Generating passwords for WLAN infrastructure equipment logins

E. Generating high-entropy EAP-TLS passphrase for client authentication

F. Generating secret keys for RADIUS server and WLAN infrastructure devices

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=164

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

165

Exhibit The exhibit shows one of the ABC Company�s APs and its associated clients. AP-

00:1F:C3is configured with three separate WLAN profile, as follows SSID: guestVLAN90security: Open with captive portal authentication-2 current clients SSID: ABCData-VLAN 10security. PEAPv0/EAP\MSCH with AES-CCMP-5 current clients SSID: ABC voice �VLAN

10-security:WPA2-personal-2 current clients Two of the clients stations that are connected via the ABCData SSID are corporate executives. Theses executives are the part of multicast group that is used to share sensitive videos among executive users. What client stations possess the

key that are necessary to decrypt the multicast data packets charring theses sensitive videos?

A. Only the members of executive team that are the part of the multicast group

B. All clients that are associated to AP-00:IF:C3 using the ABCData SSID

C. All clients that are associated to AP:00:IF:C:3 with shared GTK, which includes

ABCData and ABC voice

D. All clients that are associated to AP-00:IF:C3 using any SSID

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=165

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

166

Given: ABC hospital wishes to create a strong security policy as a first step in securing there

802.11 WLAN What are the appropriate sections of a WLAN security policy? (Choose 3)

A. Attack classification

B. Physical security of the RF medium

C. Acceptable use of the network

D. SSID broadcasting regulations

E. End-user and administrator training

F. Network audits

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=166

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

167

What impact may 802.11w have on the efforts of rogue device containment with an overlay

WIPS?

A. 802.11w introduces data integrity protection for some management and action frames, which may limits the methods used by WIPS to disconnect, and mitigate the impact of, rogue AP or client communications

B. 802.11w introduces new mechanisms by which unassociated clients can send

Deauthentication frames that can not be rejected by APs. This introduces new security concerns for WIPS containing Deauthentication attacks

C. 802.11 introduces a mechanism to Encrypt MAC headers in management and control frames, which have traditionally have been used by WIPS to detect network threats such as hijacking attacks and MAC spoofing

D. 802.11w inadvertently exposes new methods for attacks to exploit TKIP countermeasure using spoofed management frames of legitimate stations. WIPS solutions are in capable of preventing this type of attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=167

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

168

In An IEEE 802.11-complaint WLAN, when is 802.1X controlled port placed into the

unblocked state?

A. After open system authentication

B. After any group handshake

C. After the 4-way handshake

D. After RADIUS authentication

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=168

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

169

When using a tunneled EAP type, what is protected from clear text across the wireless medium?

A. X.509 certificates

B. User credentials

C. EAPoL keys

D. Pairwise Master keys

E. Server credentials

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=169

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

170

Exhibit The illustration shows the 802.11 association procedure from the IEEE 802.11 standard. In a WPA2- Enterprise network what process immediately flows the 802.11 association procedure?

A. 802.1XEAP authentication

B. 4-way handshake

C. Group key handshake

D. RADIUS shared secret lookup

E. DHCP request

F. EAP Passphrase-to-PSK mapping

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=170

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

171

Given: WLAN protocol analyzers can read and reject many wireless frame parameters. What parameter is needed to physically locate rogue APs with a protocol analyzer?

A. Single strength

B. RSNE

C. RSSO

D. IP address

E. Noise Flow

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=171

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

172

802.11r introduces new frame exchange protocol to support key management during fast secure transitions. Two of the new exchange protocols are the Over-the �air protocol and the other-

DS FT protocol. In what ways do these frames exchange protocols differ from each other?

A. In Over-the �air protocol sends frames directly to new AP, while the other the DS

FT protocol used the old AP to forward the frames to the New AP via the wired network.

B. Over-the �air FT protocol uses the 4 way handshake to establish encryption keys, while the over the DS ft protocol does not.

C. Over-the �air FT protocol is used during a layer 2 roam, while the over-the-DS FT protocol does not.

D. Over-the �air FT protocol used during layer 2 raom, while the over-the-DS FT protocol is used when layer 3 rams are occurring

E. Over-the �air FT protocol rules ion 802.11k neighbor reports to initiate roaming decisions, while the other-the DS FT protocol does not.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=172

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

173

Exhibit ABC Company has deployed single channel architecture (SCA) solution to help overcome some of the common problems with the client roaming. The figure shows the overlapping coverage area of multiple APs in ABC�s network. In this network all APs are configured with the same channel and BSSID. PEAPv0/EAP-MSCHAPv2 is only supported authentication mechanism. As the VoWiFi client move through out this network, what events are occurring?

A. STA-1 controls when and where to roam by using signal and performance matrices in accordance with the chipset drivers.

B. The WLAN controller is querying the RADIUS server for authentication before

STA-1�s association is moved from one AP to the next.

C. STA-1 initiates open authentication and 802.11 associations with each AP prior to

Roaming.

D. The WLAN controller controls the AP to which STA-1 is associated and transparently moves this association in accordance with STA-1�s physical location.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=173

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

174

As part of large organization�s security policy how should a wireless security professional address to problem of rogue access points?

A. Use a WPA-2 Enterprise complaint security solution with strong mutual authentication and encryption.

B. Hide the SSID of legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.

C. All authorized APs should have there wired ports quarantined to specific VLAN for threat neutralization and analysis.

D. A trained employee should install and monitor and WIPS rogue detection and response measures.

E. Conduct through mutual facility scans with spectrum analyzers to detect rogue AP

RF signature.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=174

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

175

Given: ABC corporation is selecting a security solution for there new WLAN. Two of there considered solutions PPTP VPN and 802.1XEAP. They have considered a PPTP VPN and because it is included with both server and desktop operating system. With both solutions are considered strong enough to adhere to corporate security police, the company is worried about security weakness of MS-CHAPv2 authentication. As a consultant what do you tell ABC

Corporation about implementing MS-CHAPv2 authentication? (Choose 2)

A. MS-CHAPv2 is secure when implemented with AES-CCMP encryption.

B. MS-CHAPv2 is complaint with WPA-personal, not WPA-2-Enterprise.

C. MS-CHAPv2 is only appropriate for WLAN security when used inside a TLSencrypted tunnel.

D. MS-CHAPv2 uses anonymous differ-Helliman authentication, and therefore secure.

E. MS-CHAPv2 is only secure when combined with WEP.

F. MS-CHAPv2 is subject to offline dictionary attacks.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=175

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

176

Given: ABC Corporation�s 802.11 WLAN is comprised of a redundant WLAN controller paid and 30-access points. ABC implemented WEP encryption with IPSec VPN technology to secure there wireless communication because it was the strongest security solution available at the time it was implemented. IT management has had decided to upgrade the WLAN infrastructure and implement VoWiFi and is connected with security because most VoWiFi phones do no support IPSec. As the wireless network administrator, what new security solution would be best for protecting ABC�s data?

A. Migrate to a new multi=factor security solution using WPA-2 personal, MAC filtering, SSID holding, stateful packet inspection and RBA

C.

B. Migrate corporate data clients to WPA-Enterprise and segment VoWiFi phone by assigning them to a different frequency band.

C. Migrate corporate data and VoWiFi devices to WPA-2 Enterprise with OKC support, and segment VoWiFi data on separate VLAN.

D. Migrate all 802.11 data and devices to WPA-personal, and implement a secure

DHCP server to allocate addresses from a segment subnet for the VoWiFi phones.

E. Migrate corporate data clients to WPA-2-Enterprise, and use the RADIUS server to implement MAC-base authentication of VoWiFi phones.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=176

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

177

Select the answer option that arranges the numbered events in correct time sequence for a client associating to BSS using EAP-PEAPv0/MSCHAPv2. 1) Installation of PTK 2) Installation of

4-way handshake 3) 802.11 association 4) 802.1X uncontrolled port is opened for data traffic

5) Client validates server certificate

A. 1-2-4-2-5

B. 5-3-1-2-4

C. 3-4-2-1-5

D. 5-3-4-2-1

E. 4-3-2-1-5

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=177

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

178

When used as portal of WLAN authentication solution, what is rule of LDAP?

A. An authentication server (AS) that communicates directly with, and provide authentication for supplicant.

B. A SQL complaint authentication service capable of encryption key generation and distribution.

C. AnX500 standard compliant database that participates in the 802.1X port-based access control process

D. A data retrieval protocol used by an authentication server such as RADIUS.

E. A role-based access control mechanism for filtering data to/from authenticated stations

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=178

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

179

Exhibit Given: A WLAN protocol analyzer captured the illustrated frame trace of an 802.11g

(ERP) client station connecting to an 802.11g access point. What is shown in included frame trace? (Choose 4)

A. Active scanning

B. WPA2-enterprise authentication

C. 802.11 open system authentication

D. 802.1X with dynamic WEP

E. 4-way handshake

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=179

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

180

What WLAN client device behavior is exploited by an attacker during a hijacking attack?

A. After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake even if connectivity is lost.

B. When the RF signal between a client and an access point is lost, the client will seek to reassociate with another access point with a different SSID and stronger high quality signal.

C. Client drivers typically scan for a connect to access points in the 22.4GHz band before scanning the 5GHz band.

D. When the RF signal between a client and in an access point is disrupted for more than a few seconds, the client device will repeatedly attempt the reestablish both layer 2 and layer 3 connections.

E. As specified by 802.11 standard, clients using open system authentication must allow direct client-to-client connections, even in infrastructure mode

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=180

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

181

Which of the following protocols is used to provide security for network traffic transmitted across a TCP/IP network?

A. TCP

B. IP

C. IPSec

D. UDP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=PW0-204&qno=181

-------------------------------------------------------------------------------------------------------------------------------------

TwPass Certification Exam Features;

- TwPass offers over

2500

Certification exams for professionals.

- More than

98,800

Satisfied Customers Worldwide.

- Average

99.8%

Success Rate.

- Over

120

Global Certification Vendors Covered.

- Services of Professional & Certified Experts available via support.

- Free 90 days updates to match real exam scenarios.

- Instant Download Access!

No Setup required.

- Price as low as $19, which is 80% more cost effective than others.

- Verified answers researched by industry experts.

- Study Material

updated

on regular basis.

- Questions / Answers are downloadable in

PDF

format.

- Mobile Device Supported (Android, iPhone, iPod, iPad)

-

No authorization

code required to open exam.

-

Portable

anywhere.

-

Guaranteed Success

.

- Fast, helpful support 24x7.

View list of All Exams (AE);

http://www.twpass.com/twpass.com/vendors.aspx

Download Any Certication Exam DEMO.

http://www.twpass.com/twpass.com/vendors.aspx

To purchase Full version of exam click below; http://www.TwPass.com/

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement