CWS WLAN Security Concepts Questions and Answers

Question 1

A network administrator is reviewing the security configuration of a corporate WLAN. The goal is to provide strong authentication for corporate users by validating them against a central directory. Each user should have unique credentials, and the system must support mutual authentication. Which of the following security solutions is the MOST appropriate for this requirement?

Accepted Answer

WPA2-Enterprise with EAP-TLS

Answer

WPA2-Enterprise (and WPA3-Enterprise) uses the IEEE 802.1X standard for port-based network access control. When combined with an Extensible Authentication Protocol (EAP) type like EAP-TLS, it provides robust, per-user authentication using digital certificates for both the client and the server (mutual authentication), meeting all the specified requirements. WPA3-Personal uses a single password for all users, MAC filtering is easily spoofed, and WPS has known security vulnerabilities.

Question 2

During a security audit, a junior technician discovers a consumer-grade wireless access point connected to a corporate network switch port in the marketing department. This AP was not installed by the IT team. How is this type of unauthorized device BEST classified?

Accepted Answer

Rogue Access Point

Answer

A Rogue Access Point is any wireless access point connected to a wired network without authorization from the network administrator. This scenario perfectly describes a rogue AP, which creates a significant security vulnerability by bypassing corporate network security controls. An Evil Twin impersonates a legitimate AP, while an ad-hoc network is a peer-to-peer connection between clients without an AP.

Question 3

Which security vulnerability, discovered in 2017, exposed a fundamental weakness in the WPA2 protocol's 4-way handshake, allowing an attacker to decrypt Wi-Fi traffic by forcing nonce reuse?

Accepted Answer

KRACK (Key Reinstallation Attack)

Answer

The Key Reinstallation Attack (KRACK) is a vulnerability in the WPA2 protocol that allows an attacker within range to exploit the 4-way handshake. By manipulating and replaying handshake messages, the attacker can force a client to reinstall an already-in-use key, leading to the reuse of nonces and potentially allowing for decryption, packet injection, and other attacks.

Question 4

A company wants to enhance its WLAN security by protecting against deauthentication and disassociation attacks, which can be used to disrupt wireless service. Which IEEE 802.11 amendment specifically addresses this by providing protection for management frames?

Accepted Answer

802.11w

Answer

The IEEE 802.11w amendment, also known as Protected Management Frames (PMF), is designed to protect certain types of management frames, including deauthentication and disassociation frames, from being spoofed. This prevents attackers from forging these frames to disconnect legitimate clients from the network. 802.11r is for fast BSS transition, 802.11k for radio resource measurement, and 802.11e for Quality of Service.

Question 5

An organization is migrating to WPA3-Personal security. What is the primary authentication method that replaces the Pre-Shared Key (PSK) handshake used in WPA2-Personal to provide stronger protection against offline dictionary attacks?

Accepted Answer

Simultaneous Authentication of Equals (SAE)

Answer

WPA3-Personal replaces the PSK authentication method of WPA2 with Simultaneous Authentication of Equals (SAE). SAE is resistant to offline dictionary attacks because it requires a live interaction with the access point for each password guess, making it significantly more difficult for an attacker to crack the password. AES is an encryption cipher, TKIP is an older, less secure protocol, and EAP is a framework used in Enterprise modes.

CWS Exam Practice Test

CWS Exam Practice Test

CWS WLAN Security Concepts Questions and Answers