When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?
A. The 802.1X Controlled Port is blocked until Vender Specific Attributes (VSAs) are exchanged inside a RADIUS packet between the Authenticator and Authentication Server.
B. The 802.1X Controlled Port remains blocked until an IP address is requested and accepted by the Supplicant.
C. The 802.1X Controlled Port is always blocked, but the Uncontrolled Port opens after the EAP authentication process completes.
D. The 4-Way Handshake must be performed before the 802.1X Controlled Port changes to the unblocked state.
正解:D
質問 2:
What elements should be addressed by a WLAN security policy? (Choose 2)
A. End-user training for password selection and acceptable network use
B. Social engineering recognition and mitigation techniques
C. Enabling encryption to prevent MAC addresses from being sent in clear text
D. The exact passwords to be used for administration interfaces on infrastructure devices
E. How to prevent non-IT employees from learning about and reading the user security policy
正解:A,B
質問 3:
ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.
What types of wireless attacks are protected by 802.11w? (Choose 2)
A. Social engineering attacks
B. Layer 2 Disassociation attacks
C. Robust management frame replay attacks
D. RF DoS attacks
正解:B,C
質問 4:
When implementing a WPA2-Enterprise security solution, what protocol must the selected RADIUS server support?
A. EAP
B. CCMP and TKIP
C. IPSec/ESP
D. LWAPP, GRE, or CAPWAP
E. LDAP
正解:A
質問 5:
What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?
A. Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.
B. Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.
C. Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.
D. The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.
正解:A
質問 6:
What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)
A. EAP-TTLS
B. LEAP
C. EAP-MD5
D. EAP-TLS
E. PEAPv0/MSCHAPv2
正解:A,D,E
質問 7:
Given: ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United
States. 802.1X/EAP is ABC's preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources.
What security best practices should be followed in this deployment scenario?
A. RADIUS services should be provided at branch offices so that authentication server and supplicant credentials are not sent over the Internet.
B. Remote management of the WLAN controller via Telnet, SSH, HTTP, and HTTPS should be prohibited across the WAN link.
C. An encrypted VPN should connect the WLAN controller and each remote controller-based AP, or each remote site should provide an encrypted VPN tunnel to HQ.
D. APs at HQ and at each branch office should not broadcast the same SSID; instead each branch should have a unique ID for user accounting purposes.
正解:C
質問 8:
What policy would help mitigate the impact of peer-to-peer attacks against wireless-enabled corporate laptop computers when the laptops are also used on public access networks such as wireless hot-spots?
A. Require Port Address Translation (PAT) on each laptop.
B. Require secure applications such as POP, HTTP, and SSH.
C. Require VPN software for connectivity to the corporate network.
D. Require WPA2-Enterprise as the minimal WLAN security solution.
正解:C
質問 9:
Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.
Before creating the WLAN security policy, what should you ensure you possess?
A. End-user training manuals for the policies to be created
B. Security policy generation software
C. Awareness of the exact vendor devices being installed
D. Management support for the process
正解:D