[2026年01月01日] 最速準備で試験合格!CWSP-208問題の事前予備 [Q73-Q92]

Share

[2026年01月01日] 最速準備で試験合格!CWSP-208問題の事前予備

CWSP-208のPDF問題集リアル2026最近更新された問題


CWNP CWSP-208 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • WLAN セキュリティ設計とアーキテクチャ:この試験では、確立されたポリシーに沿って適切な WLAN セキュリティソリューションを選択し、導入する無線セキュリティアナリストの能力に重点が置かれます。WPA2、WPA3、802.1X
  • EAP、ゲストアクセス戦略などの認証メカニズムの実装、AES や VPN などの適切な暗号化方式の選択などが含まれます。さらに、このセクションでは、無線監視システムに関する知識、AKM プロセスの理解、VLAN、ファイアウォール、ACL などの有線セキュリティシステムをセットアップして無線インフラストラクチャをサポートする能力も評価されます。受験者は、安全なクライアントオンボーディングの管理、NAC の設定、802.11r などのローミング技術の実装能力もテストされます。最後に、パブリックネットワークの保護、一般的な設定エラーの回避、脆弱なセキュリティプロトコルに関連するリスクの軽減に関する実践を評価します。
トピック 2
  • セキュリティポリシー:このセクションでは、ワイヤレスセキュリティアナリストのスキルを評価し、WLANセキュリティ要件がどのように定義され、組織のニーズと整合されているかを検証します。規制および技術ポリシーの評価、関係者の関与、インフラストラクチャおよびクライアントデバイスのレビューに重点が置かれます。また、高レベルのセキュリティポリシーがライフサイクル全体にわたってどの程度適切に作成、承認、維持されているか、関係者の継続的な意識向上とコンプライアンス確保のためのトレーニング活動も含め、評価されます。
トピック 3
  • 脆弱性、脅威、攻撃:この試験セクションでは、ネットワークインフラストラクチャエンジニアがWLANシステム内の脆弱性と脅威を特定し、軽減する能力を評価します。受験者は、CVEデータベースなどの信頼できる情報源を用いてリスクを評価し、修復策を適用し、隔離プロトコルを実装することが求められます。また、この分野では盗聴やフィッシングなどの攻撃の検知と対応にも重点を置いています。侵入テスト、ログ分析、SIEMシステムやWIPS
  • WIDSなどの監視ツールの使用も含まれます。さらに、資産管理、リスク評価、損失計算などのリスク分析手順を網羅し、情報に基づいたリスク管理計画の策定をサポートします。
トピック 4
  • セキュリティライフサイクル管理:この試験セクションでは、ネットワークインフラストラクチャエンジニアが、新しいテクノロジーの特定から継続的な監視と監査に至るまで、セキュリティライフサイクル全体を監督する能力を評価します。新しいWLAN実装に関連するリスクを評価し、適切な保護を適用し、SIEMなどのツールを使用してコンプライアンスチェックを実行する能力が問われます。受験者は、効果的な変更管理、保守戦略、そして脆弱性を検出し、洞察に富んだセキュリティレポートを生成するための監査ツールの活用能力も実証する必要があります。評価には、ユーザーインタビューの実施、アクセス制御のレビュー、スキャンの実行、組織の目標に沿った調査結果の報告などのタスクが含まれます。

 

質問 # 73
Given: John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website. The bank's website uses the HTTPS protocol to protect sensitive account information. While John was using the hot-spot, a hacker was able to obtain John's bank account user ID and password and exploit this information.
What likely scenario could have allowed the hacker to obtain John's bank account user ID and password?

  • A. John accessed his corporate network with his IPSec VPN software at the wireless hot-spot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.
  • B. John's bank is using an expired X.509 certificate on their web server. The certificate is on John's Certificate Revocation List (CRL), causing the user ID and password to be sent unencrypted.
  • C. The bank's web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
  • D. Before connecting to the bank's website, John's association to the AP was hijacked. The attacker intercepted the HTTPS public encryption key from the bank's web server and has decrypted John's login credentials in near real-time.
  • E. John uses the same username and password for banking that he does for email. John used a POP3 email client at the wireless hot-spot to check his email, and the user ID and password were not encrypted.

正解:E

解説:
In this scenario, although the bank's website uses HTTPS (which encrypts communications between John's browser and the bank's server), the compromise did not occur during the banking session itself. Instead, the attacker exploited a common security mistake: credential reuse.
John reused his email credentials for his bank login, and he accessed his email using a POP3 client without encryption at a public hotspot. This means his username and password were sent in cleartext, which is trivially easy to sniff on an open wireless network. Once an attacker obtained those credentials, they could use them to log into his bank account if the same credentials were used there.
Here's how this aligns with CWSP knowledge domains:
* CWSP Security Threats & Attacks: This is a classic example of credential harvesting via cleartext protocols (POP3), and password reuse, both of which are significant risks in WLAN environments.
* CWSP Secure Network Design: Recommends use of encrypted protocols (e.g., POP3S or IMAPS) and user education against password reuse.
* CWSP WLAN Security Fundamentals: Emphasizes that open Wi-Fi networks offer no encryption by default, leaving unprotected protocols vulnerable to sniffing and interception.
Other answer options and why they are incorrect:
* A & D are invalid because an expired or unsigned certificate may cause browser warnings but won't result in sending credentials unencrypted unless the user bypasses HTTPS (which wasn't stated).
* C is incorrect: IPSec VPNs encrypt all data between the client and VPN endpoint-including credentials.
* E is technically incorrect and misleading: intercepting the public key of an HTTPS session doesn't allow decryption of the credentials due to asymmetric encryption and session key security. Real-time decryption of HTTPS traffic without endpoint compromise is not feasible.
References:
CWSP-208 Study Guide, Chapters 3 (Security Policy) and 5 (Threats and Attacks) CWNP CWSP-208 Official Study Guide CWNP Exam Objectives - WLAN Authentication, Encryption, and VPNs CWNP Whitepapers on WLAN Security Practices


質問 # 74
Given: ABC Hospital wishes to create a strong security policy as a first step in securing their 802.11 WLAN.
Before creating the WLAN security policy, what should you ensure you possess?

  • A. Awareness of the exact vendor devices being installed
  • B. Management support for the process
  • C. End-user training manuals for the policies to be created
  • D. Security policy generation software

正解:B

解説:
Developing a robust WLAN security policy requires buy-in from executive or senior management. Without management support, it's difficult to enforce compliance, allocate resources, or prioritize security among other organizational objectives. This foundational step ensures that policy creation and enforcement are feasible and aligned with organizational goals.
Incorrect:
A). Device/vendor specifics are addressed later during implementation.
C). End-user training materials are created after the policy is finalized.
D). Security policy software can assist, but is not essential compared to management support.
References:
CWSP-208 Study Guide, Chapter 2 (Policy Development and Implementation) CWNP WLAN Lifecycle Framework


質問 # 75
What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

  • A. EAP-TTLS
  • B. EAP-GTC
  • C. H-REAP
  • D. LEAP
  • E. PEAP

正解:A

解説:
EAP-TTLS (Tunneled Transport Layer Security) supports flexible inner authentication methods including:
MS-CHAPv2
EAP-GTC (Generic Token Card)
EAP-TLS (in some configurations)
This versatility allows EAP-TTLS to be used with a wide range of back-end authentication systems, while only requiring a server-side certificate.
Incorrect:
A). H-REAP (now FlexConnect) is a Cisco AP deployment mode, not an EAP type.
B). EAP-GTC is a simple authentication method and not a tunnel or container for others.
D). PEAP typically supports MS-CHAPv2 but not EAP-GTC or EAP-TLS as inner methods.
E). LEAP uses MS-CHAPv1 and is considered deprecated and insecure.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Methods)


質問 # 76
Given: Your network implements an 802.1X/EAP-based wireless security solution. A WLAN controller is installed and manages seven APs. FreeRADIUS is used for the RADIUS server and is installed on a dedicated server named SRV21. One example client is a MacBook Pro with 8 GB RAM.
What device functions as the 802.1X/EAP Authenticator?

  • A. MacBook Pro
  • B. WLAN Controller/AP
  • C. RADIUS server
  • D. SRV21

正解:B

解説:
Comprehensive Detailed Explanation:
In the 802.1X/EAP framework:
The Authenticator is the device that controls access to the network - typically the AP or WLAN controller.
The Authenticator passes EAP messages between the Supplicant (client) and the Authentication Server (RADIUS).
Incorrect:
A). SRV21 is the RADIUS server (Authentication Server), not the Authenticator.
C). The MacBook Pro is the Supplicant.
D). RADIUS server handles Authentication, not Authenticator functionality.
References:
CWSP-208 Study Guide, Chapter 4 (802.1X Architecture Roles)
CWNP AAA and Authentication Design


質問 # 77
For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?

  • A. At least six antennas must be installed in each sensor.
  • B. A location chipset (GPS) must be installed with it.
  • C. All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.
  • D. The RF environment must be sampled during an RF calibration process.

正解:D

解説:
For a WIPS system to perform location patterning (also called RF fingerprinting), it must first perform an RF calibration or RF site survey. This process involves sampling signal strengths from known locations to develop a model of how signals propagate in the environment. This "fingerprint" is then used to triangulate or estimate the positions of rogue devices.


質問 # 78
Given: An 802.1X/EAP implementation includes an Active Directory domain controller running Windows Server 2012 and an AP from a major vendor. A Linux server is running RADIUS and it queries the domain controller for user credentials. A Windows client is accessing the network.
What device functions as the EAP Supplicant?

  • A. Linux server
  • B. An unlisted WLAN controller
  • C. Windows client
  • D. Access point
  • E. An unlisted switch
  • F. Windows server

正解:C

解説:
In an 802.1X/EAP authentication model:
Supplicant: The device requesting access (the Windows client).
Authenticator: The AP or switch enforcing access decisions.
Authentication Server: The RADIUS server (Linux in this case), which communicates with a backend credential database (Active Directory).
The Windows client runs the EAP supplicant software to initiate authentication.
Incorrect:
A). The Linux server is the Authentication Server (not Supplicant).
C). The AP acts as the Authenticator.
D). The Windows Server is the credential store, not the supplicant.
References:
CWSP-208 Study Guide, Chapter 4 (802.1X Roles and Communication)
CWNP 802.1X Architecture Diagram


質問 # 79
Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Choose 2)

  • A. DoS
  • B. Eavesdropping
  • C. Social engineering
  • D. Rogue APs

正解:B、C

解説:
Wireless Intrusion Prevention Systems (WIPS) are excellent for detecting on-air threats such as rogue APs, DoS attacks, spoofing, and misconfigured devices. However, WIPS cannot detect:
C). Eavesdropping - Passive listening on wireless transmissions cannot be detected because no signal is transmitted by the attacker.
D). Social engineering - Human-based attacks like phishing or pretexting fall outside the scope of wireless monitoring.
Incorrect:
A). Rogue APs can be detected via MAC address comparison, frame analysis, and signal triangulation.
B). DoS attacks, such as deauth floods or RF jamming, can be detected with appropriate WIPS sensors.
References:
CWSP-208 Study Guide, Chapter 5 (WLAN Threats and Attacks)
CWNP WIPS Implementation Guidelines
CWNP Whitepapers on Wireless Threat Detection Capabilities


質問 # 80
In an effort to optimize WLAN performance, ABC Company has upgraded their WLAN infrastructure from
802.11a/g to 802.11n. 802.11a/g clients are still supported and are used throughout ABC's facility. ABC has always been highly security conscious, but due to budget limitations, they have not yet updated their overlay WIPS solution to 802.11n or 802.11ac.
Given ABC's deployment strategy, what security risks would not be detected by the 802.11a/g WIPS?

  • A. 802.11n client spoofing the MAC address of an authorized 802.11n client
  • B. 802.11a STA performing a deauthentication attack against 802.11n APs
  • C. Hijacking attack performed by using a rogue 802.11n AP against an 802.11a client
  • D. Rogue AP operating in Greenfield 40 MHz-only mode

正解:D

解説:
An 802.11a/g-based WIPS cannot detect rogue activity that occurs in 802.11n/ac-specific modes, including Greenfield (HT-only) operation and use of 40 MHz channels, which are not part of the 802.11a/g specification. Greenfield mode disables legacy support, so a WIPS limited to 802.11a/g radios won't even
"see" these frames. This leaves a significant blind spot for detecting certain types of rogue devices or attacks using newer PHYs.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Capabilities and Limitations
CWNP CWSP-208 Objectives: "Protocol Compatibility and Threat Detection"


質問 # 81
Given: The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.
What single WLAN security feature should be implemented to comply with these requirements?

  • A. Mutual authentication
  • B. Role-based access control
  • C. Group authentication
  • D. RADIUS policy accounting
  • E. Captive portal

正解:B

解説:
Role-Based Access Control (RBAC) allows administrators to define user roles and enforce network access permissions based on the user's identity. By implementing RBAC in the WLAN, you can:
Grant the Marketing group access only to the file/email server and the Internet Prevent access to other internal resources This single feature enables fine-grained restriction without needing multiple SSIDs or ACLs.
Other options don't provide the necessary flexibility:
A). Mutual authentication ensures secure identity verification but doesn't control network access scope B & D & E do not provide targeted resource-level access control References:
CWSP#207 Study Guide, Chapter 6 (Access Control Policy and RBAC)


質問 # 82
Given: The ABC Corporation currently utilizes an enterprise Public Key Infrastructure (PKI) to allow employees to securely access network resources with smart cards. The new wireless network will use WPA2- Enterprise as its primary authentication solution. You have been asked to recommend a Wi-Fi Alliance-tested EAP method.
What solutions will require the least change in how users are currently authenticated and still integrate with their existing PKI?

  • A. EAP-FAST
  • B. LEAP
  • C. EAP-TTLS/MSCHAPv2
  • D. PEAPv0/EAP-TLS
  • E. PEAPv0/EAP-MSCHAPv2
  • F. EAP-TLS

正解:F

解説:
ABC Corporation already uses PKI and smart cards. EAP-TLS:
Is a certificate-based authentication protocol.
Integrates seamlessly with PKI infrastructure.
Is supported and certified by the Wi-Fi Alliance.
Incorrect:
A). EAP-FAST uses PACs, not certificates.
C). PEAPv0/EAP-MSCHAPv2 does not use certificates on the client side and is less secure.
D). LEAP is deprecated and insecure.
E). PEAPv0/EAP-TLS is not a standardized combination.
F). EAP-TTLS/MSCHAPv2 requires password-based authentication inside a tunnel, not certificate-based authentication.
References:
CWSP-208 Study Guide, Chapter 4 (EAP-TLS and PKI)
CWNP WPA2-Enterprise Integration Guidelines


質問 # 83
ABC Company has deployed a Single Channel Architecture (SCA) solution to help overcome some of the common problems with client roaming. In such a network, all APs are configured with the same channel and BSSID. PEAPv0/EAP-MSCHAPv2 is the only supported authentication mechanism.
As the Voice over Wi-Fi (STA-1) client moves throughout this network, what events are occurring?

  • A. The WLAN controller is querying the RADIUS server for authentication before the association of STA-
    1 is moved from one AP to the next.
  • B. The WLAN controller controls the AP to which STA-1 is associated and transparently moves this association in accordance with the physical location of STA-1.
  • C. STA-1 controls when and where to roam by using signal and performance metrics in accordance with the chipset drivers and 802.11k.
  • D. STA-1 initiates open authentication and 802.11 association with each AP prior to roaming.

正解:A

解説:
An 802.11a/g-based WIPS cannot detect rogue activity that occurs in 802.11n/ac-specific modes, including Greenfield (HT-only) operation and use of 40 MHz channels, which are not part of the 802.11a/g specification. Greenfield mode disables legacy support, so a WIPS limited to 802.11a/g radios won't even
"see" these frames. This leaves a significant blind spot for detecting certain types of rogue devices or attacks using newer PHYs.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Capabilities and Limitations
CWNP CWSP-208 Objectives: "Protocol Compatibility and Threat Detection"


質問 # 84
Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company's employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.
What security implementation will allow the network administrator to achieve this goal?

  • A. Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect.
  • B. Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect.
  • C. Implement two separate SSIDs on the AP-one for WPA-Personal using TKIP and one for WPA2- Personal using AES-CCMP.
  • D. Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP.

正解:C


質問 # 85
Role-Based Access Control (RBAC) allows a WLAN administrator to perform what network function?

  • A. Provide two or more user groups connected to the same SSID with different levels of network privileges.
  • B. Allow access to specific files and applications based on the user's WMM access category.
  • C. Minimize traffic load on an AP by requiring mandatory admission control for use of the Voice access category.
  • D. Allow simultaneous support for multiple EAP types on a single access point.

正解:A

解説:
RBAC enables dynamic assignment of different access privileges (e.g., VLAN, ACLs, bandwidth) to users even when they connect through the same SSID. This simplifies SSID management while maintaining fine- grained access control.
Incorrect:
A). Admission control is a QoS/WMM function, not RBAC.
B). Access category (AC) affects frame prioritization, not file/app access.
D). Multiple EAP types are supported in authentication servers-not directly tied to RBAC.
References:
CWSP-208 Study Guide, Chapter 6 (Role-Based Access Control and SSID Simplification)


質問 # 86
What elements should be addressed by a WLAN security policy? (Choose 2)

  • A. Social engineering recognition and mitigation techniques
  • B. End-user training for password selection and acceptable network use
  • C. How to prevent non-IT employees from learning about and reading the user security policy
  • D. Enabling encryption to prevent MAC addresses from being sent in clear text
  • E. The exact passwords to be used for administration interfaces on infrastructure devices

正解:A、B

解説:
A strong WLAN security policy should encompass both technical controls and user education.
C). Educating users about secure password creation and acceptable use policies helps reduce risks due to weak authentication and misuse.
E). Social engineering is a common attack vector, and educating users to recognize and report such attempts is critical.
Incorrect:
A). MAC addresses are always transmitted in the clear, even with encryption.
B). Policies should be shared with users to promote compliance and awareness.
D). Passwords for administrative systems should not be disclosed in public documentation or policy documents.
References:
CWSP-208 Study Guide, Chapter 2 (Security Policies and End-User Training) CWNP WLAN Security Policy Templates


質問 # 87
Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

  • A. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.
  • B. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.
  • C. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.
  • D. In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.

正解:A、C、D

解説:
Client VLAN assignment at the controller can be achieved through:
B). RADIUS attributes (e.g., Tunnel-Private-Group-ID) for dynamic VLAN assignment.
C). Static mappings in the WLAN controller's local user DB.
D). SSID-to-VLAN bindings assign traffic from specific SSIDs to specific VLANs.
Incorrect:
A). The AP connects to the controller over a tunneled link. VLAN configuration at the AP's Ethernet port does not impact client VLAN assignment in centralized forwarding mode.
References:
CWSP-208 Study Guide, Chapter 6 (Dynamic VLAN Assignment)
CWNP WLAN Controller Configuration Guides


質問 # 88
Given: You manage a wireless network that services 200 wireless users. Your facility requires 20 access points, and you have installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution.
In this configuration, the wireless network is initially susceptible to what type of attacks? (Choose 2)

  • A. Layer 1 DoS
  • B. Application eavesdropping
  • C. Offline dictionary attacks
  • D. Layer 3 peer-to-peer
  • E. Encryption cracking
  • F. Session hijacking

正解:A、C

解説:
Though AES-CCMP is secure and 802.1X authentication is strong, LEAP is inherently weak because:
B). LEAP uses MS-CHAPv1, making it vulnerable to offline dictionary attacks once challenge/response exchanges are captured.
F). Layer 1 DoS attacks (such as RF jamming or interference) can be launched regardless of authentication mechanisms.
Incorrect:
A). AES-CCMP resists encryption cracking.
C). Peer-to-peer at Layer 3 is unrelated to LEAP or 802.1X vulnerabilities.
D). Application-layer eavesdropping is mitigated if encryption is properly implemented.
E). Session hijacking is more difficult with proper authentication and encryption in place.
References:
CWSP-208 Study Guide, Chapters 5 and 6 (LEAP vulnerabilities and DoS)
CWNP Threat Matrix and Attack Vectors
IEEE 802.11i and Cisco LEAP documentation


質問 # 89
You are configuring seven APs to prevent common security attacks. The APs are to be installed in a small business and to reduce costs, the company decided to install all consumer-grade wireless routers. The wireless routers will connect to a switch, which connects directly to the Internet connection providing 50 Mbps of Internet bandwidth that will be shared among 53 wireless clients and 17 wired clients.
To ensure the wireless network is as secure as possible from common attacks, what security measure can you implement given only the hardware referenced?

  • A. WPA2-Enterprise
  • B. 802.1X/EAP-PEAP
  • C. WPA2-Personal
  • D. WPA-Enterprise

正解:C

解説:
Given that only consumer-grade routers are used and no RADIUS server or enterprise infrastructure is mentioned, WPA2-Personal is the most secure option available. It uses a pre-shared key (PSK) for authentication and AES-CCMP for encryption, offering strong protection for small businesses lacking enterprise equipment.
Enterprise methods such as WPA2-Enterprise, 802.1X, and EAP-PEAP require a RADIUS server or authentication backend, which isn't supported in typical consumer-grade routers.
References:
CWSP-208 Study Guide, Chapter 3 (WLAN Security Technologies)
CWNP Wi-Fi Security Deployment Guide for Small Businesses
CWNP E-Learning Modules: WPA2-PSK vs WPA2-Enterprise


質問 # 90
Which one of the following is a valid reason to avoid the use of EAP-MD5 in production WLANs?

  • A. It is not a valid EAP type.
  • B. It does not support the outer identity.
  • C. It does not support mutual authentication.
  • D. It does not support a RADIUS server.

正解:C

解説:
EAP-MD5:
Only authenticates the client.
Does not provide mutual authentication, making it vulnerable to man-in-the-middle attacks.
It also does not protect the user's identity or credentials in a secure tunnel.
Incorrect:
A). The outer identity concept is not relevant to EAP-MD5 since it doesn't support tunneling.
B). EAP-MD5 is a valid EAP type, just insecure.
D). It can be used with a RADIUS server, but security is insufficient.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Method Comparison)
CWNP EAP Implementation Considerations


質問 # 91
Given: You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data.
What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

  • A. Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.
  • B. Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops.
    It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.
  • C. The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.
  • D. Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.
  • E. All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

正解:B

解説:
Most integrated Wi-Fi adapters in Windows laptops are not capable of entering "monitor mode" or capturing
802.11ac frames properly. Compatibility with protocol analyzers like Wireshark or Omnipeek requires special drivers or specific USB adapters. Therefore, it is recommended to use a USB adapter known to support monitor mode and frame capture on 802.11ac for accurate and complete data capture.
Incorrect:
A). Not all adapters support protocol analyzer features.
C). MU-MIMO support is irrelevant for frame capture.
D). Other analyzers besides Wireshark can decode 802.11ac (e.g., Omnipeek).
E). Remote capture is not the only method-local USB adapters are effective too.
References:
CWSP-208 Study Guide, Chapter 7 (WLAN Analysis Tools)
CWNP Protocol Analyzer Guide
Vendor documentation: Riverbed, Omnipeek, Wireshark Adapter Support Lists


質問 # 92
......

CWSP-208問題集と練習テスト(122試験問題):https://www.passtest.jp/CWNP/CWSP-208-shiken.html

リリースCWNP CWSP-208更新された問題PDF:https://drive.google.com/open?id=1TTycG_IquwZD4IoxZz084N-x-e11Or2B