Reliable CWNP CWSP-207 Exam Dumps

Question No: 1

MultipleChoice

You have an AP implemented that functions only using 802.11-2012 standard methods for the WLAN communications on the RF side and implementing multiple SSIDs and profiles on the management side configured as follows:

1. SSID: Guest -- VLAN 90 -- Security: Open with captive portal authentication -- 2 current clients

2. SSID: ABCData -- VLAN 10 -- Security: PEAPv0/EAP-MSCHAPv2 with AES-CCMP -- 5 current clients

3. SSID: ABCVoice -- VLAN 60 -- Security: WPA2-Personal -- 2 current clients

Two client STAs are connected to ABCData and can access a media server that requires authentication at the Application Layer and is used to stream multicast video streams to the clients.

What client stations possess the keys that are necessary to decrypt the multicast data packets carrying these videos?

Options

AOnly the members of the executive team that are part of the multicast group configured on the media server

BAll clients that are associated to the AP using the ABCData SSID

CAll clients that are associated to the AP using any SSID

DAll clients that are associated to the AP with a shared GTK, which includes ABCData and ABCVoice.

Question No: 2

MultipleChoice

Given: In XYZ's small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.

What statement about the WLAN security of this company is true?

Options

AIntruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.

BA successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.

CAn unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.

DAn unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user's 4-Way Handshake.

EBecause WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.

Question No: 3

MultipleChoice

When used as part of a WLAN authentication solution, What is the role of LDAP?

Options

AA data retrieval protocol used by an authentication service such as RADIUS

BAn IEEE X.500 standard compliant database that participates in the 802.1X port-based access control process

CA SQL compliant authentication service capable of dynamic key generation and distribution

DA role-based access control protocol for filtering data to/from authenticated stations.

EAn Authentication Server (AS) that communicates directly with, and provides authentication for, the Supplicant.

Question No: 4

MultipleChoice

Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.

What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?

Options

AJohn's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.

BJohn uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.

CJohn accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.

DThe bank's web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

EBefore connecting to the bank's website, John's association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank's web server and has decrypted John's login credentials in near real-time.

Free CWNP CWSP-207 Exam Dumps April 2026