Q11. Which of the following does PEAP use to authenticate the user inside an encrypted tunnel? Each correct answer represents a complete solution. Choose two.

Q12. You work as a Network Administrator for Tech Perfect Inc. The company has a secure wireless network. Since the company’s wireless network is so dynamic, it requires regular auditing to maintain proper security. For this reason, you are configuring NetStumbler as a wireless auditing tool. What services can NetStumbler provide? Each correct answer represents a complete solution. Choose all that apply.

Q13. After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify the security threats?

Q14. A networksecurity auditor is preparing to perform a comprehensive assessment of an 802.11ac network’s security. What task should be performed at the beginning of the audit to maximize the auditor’s ability to expose network vulnerabilities?

Q15. ABC Company has recently installed a WLAN controller and configured it to support WPA2- Enterprise security. The administrator has configured a security profile on the WLAN controller for each group within the company (Marketing, Sales, and Engineering). How are authenticated users assigned to groups so that they receive the correct security profile within the WLAN controller?

Q16. You work as a network administrator for Web Perfect Inc. You configure both WPA and EAP authentications on a client computer in the company’s wireless network.
Where will the encryption key be located during the active user session? Each correct answer represents a part of the solution. Choose two.

Q17. You work as a Network Administrator for Tech Perfect Inc. The company has a wireless LAN infrastructure. The management wants to prevent unauthorized network access to local area networks and other information assets by the wireless devices. What will you do?

Q18. Yousupport a coffee shop and have recently installed a free 802.11ac wireless hotspot for the benefit of your customers. You want to minimize legal risk in the event that the hotspot is used for illegal Internet activity.
What option specifies the best approach to minimize legal risk at this public hotspot while maintaining an open venue for customer Internet access?

Q19. The Marketing department’s WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources. What single WLAN security feature should beimplemented to comply with these requirements?

Q20. Joe’s new laptop is experiencing difficulty connecting to ABC Company’s 802.11 WLAN using
802.1X/EAP PEAPv0. The company’s wireless network administrator assured Joe that his laptop was authorized in the WIPS management console for connectivity to ABC’s network before it was given to him. The WIPS termination policy includes alarms for rogue stations, rogue APs, DoS attacks and unauthorized roaming. What is a likely reason that Joe cannot connect to the network?

Q21. For which one of the following purposes would aWIPS not be a good solution?

Q22. The following numbered items show some of the contents of each of the four frames exchanged during the
4-way handshake.
* Encrypted GTK sent
* Confirmation of temporal key installation
* ANonce sent from authenticator to supplicant
* SNonce sent from supplicant to authenticator, MIC included
Arrange the frames in the correct sequence beginning with the start of the 4-way handshake.

Q23. ABC Corporation is evaluating the security solution for their existing WLAN. Two of their supported solutions include a PPTP VPN and 802.1X/LEAP. They have used PPTP VPNs because of their wide support in server and desktop operating systems. While both PPTP and LEAP adhere to the minimum requirements of the corporate security policy, some individuals have raised concerns about MS-CHAPv2 (and similar) authentication and the known fact that MS-CHAPv2 has proven vulnerable in improper implementations. As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication?

Q24. Which of the following security methods can be used to detect the DoS attack in order to enhance the security of the network?

Q25. When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?

Q26. Which one of the following is not a role defined in the 802.1X authentication procedures used in
802.11 and 802.3 networks for port-based authentication?

Q27. Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM. What device functions as the
802.1X/EAP Authenticator?

Q28. You work as a Network Administrator for Blue Well Inc. The company has a Windows Server
2008 domain based network. All client computers on the network run Windows Vista Ultimate.
Andy, a Finance Manager, uses Windows Mail to download his e-mails to his inbox. He complains that every now and then he gets mails asking for revealing personal or financial information. He wants that such mails are not shown to him.
Which of the following steps will you take to accomplish the task?

Q29. ABC Company is implementing a secure 802.11 WLAN at their headquarters (HQ) building in New York and at each of the 10 small, remote branch offices around the United States.
802.1X/EAP is ABC’s preferred security solution, where possible. All access points (at the HQ building and all branch offices) connect to a single WLAN controller located at HQ. Each branch office has only a single AP and minimal IT resources. What security best practices should be followed in this deployment scenario?

Q30. As the primary security engineer for a large corporate network, you have been asked to author a new securitypolicy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods. When writing the 802.11 security policy, what password-related items should be addressed?

Q31. The IEEE 802.11 standard defined Open System authentication as consisting of two auth frames and two assoc frames. In a WPA2-Enterprise network, what process immediately follows the 802.11 association procedure?

Q32. While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does not use significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth. What kind of signal is described?

Q33. Which of the following keys is derived from Group Master Key (GMK)?

Q34. Which of the following security protocols uses a single, manually configured, static key for data encryption that is shared by the client and the WAP?