[Q60-Q83] 検証済みCWSP-208問題集PDF資料 [2025]

Share

検証済みCWSP-208問題集PDF資料 [2025]

最新のCWSP-208実際の無料試験問題更新された122問あります

質問 # 60
Given: You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured.
In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?

  • A. RTS
  • B. CTS
  • C. Probe request
  • D. Beacon
  • E. Data frames

正解:D

解説:
The RSN (Robust Security Network) Information Element (IE) is used to advertise the security capabilities of a wireless network, particularly for WPA2 and WPA3 networks. This RSN IE is contained in Beacon and Probe Response management frames, not in Probe Request, RTS, CTS, or Data frames. The Beacon frame is sent periodically by an AP to announce its presence and includes critical information about the BSS, including security settings like the RSN IE.
You would use a protocol analyzer to capture Beacon frames and inspect the RSN IE field to confirm if a BSS is properly configured to use RSN protections such as WPA2-Enterprise or WPA2-Personal.
References:
CWSP-208 Study Guide, Chapter 6 - WLAN Discovery & Enumeration
CWNP CWSP-208 Objectives: "802.11 Frame Analysis" and "Understanding RSN Information Element Fields"


質問 # 61
Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).
Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?

  • A. Fragmentation threshold
  • B. Cell radius
  • C. Output power
  • D. Administrative password

正解:D

解説:
For security and proper management, each autonomous AP must have:
A unique, non-default administrative password.
This ensures attackers cannot guess login credentials and access AP settings.
Especially critical when managing via web interface, which may expose login portals to the local network.
Incorrect:
A). Fragmentation threshold is rarely adjusted except for special performance tuning.
C & D. Output power and cell radius settings are adjusted during RF design, but they don't relate to staging
/security directly.
References:
CWSP-208 Study Guide, Chapter 7 (AP Deployment Security)
CWNP WLAN Deployment Hardening Best Practices


質問 # 62
Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company's employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.
What security implementation will allow the network administrator to achieve this goal?

  • A. Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect.
  • B. Implement two separate SSIDs on the AP-one for WPA-Personal using TKIP and one for WPA2- Personal using AES-CCMP.
  • C. Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect.
  • D. Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP.

正解:B


質問 # 63
What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)

  • A. Authentication, association, and acknowledgment frames are protected if management frame protection is enabled, but deauthentication and disassociation frames are not.
  • B. Management frame protection protects disassociation and deauthentication frames.
  • C. 802.11w frame protection protects against some Layer 2 denial-of-service (DoS) attacks, but it cannot prevent all types of Layer 2 DoS attacks.
  • D. When frame protection is in use, the PHY preamble and header as well as the MAC header are encrypted with 256- or 512-bit AES.

正解:B、C

解説:
A). 802.11w (now part of 802.11-2012) introduces protection for management frames, especially disassociation and deauthentication frames, helping prevent spoofing-based DoS attacks. However, it cannot prevent all types of Layer 2 DoS (e.g., RF jamming).
D). Specifically, 802.11w protects disassociation and deauthentication frames by signing them with cryptographic keys.
Incorrect:
B). The MAC header and PHY preamble are not encrypted under any standard.
C). Authentication and association frames are not protected by 802.11w; only certain management frames are.
References:
CWSP-208 Study Guide, Chapter 6 (802.11w Management Frame Protection)
IEEE 802.11w and 802.11-2012 Standards


質問 # 64
After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?

  • A. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.
  • B. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.
  • C. Authorized PEAP usernames must be added to the WIPS server's user database.
  • D. Separate security profiles must be defined for network operation in different regulatory domains

正解:B

解説:
After deploying a WIPS, an essential baseline activity is to classify all detected devices in the RF environment. These classifications allow the system to enforce security policies and detect policy violations.
Classifications include:
Authorized (managed devices)
Rogue (unauthorized, possibly dangerous)
Neighbor (not part of your network but legitimate)
External or Ad hoc devices
Without this initial classification, WIPS cannot properly assess threats or trigger alarms.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Classification and Threat Management CWNP CWSP-208 Objectives: "Device Classification and Policy Enforcement"


質問 # 65
For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?

  • A. At least six antennas must be installed in each sensor.
  • B. A location chipset (GPS) must be installed with it.
  • C. The RF environment must be sampled during an RF calibration process.
  • D. All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.

正解:C

解説:
For a WIPS system to perform location patterning (also called RF fingerprinting), it must first perform an RF calibration or RF site survey. This process involves sampling signal strengths from known locations to develop a model of how signals propagate in the environment. This "fingerprint" is then used to triangulate or estimate the positions of rogue devices.


質問 # 66
In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?

  • A. At public hot-spots in which many clients use diverse applications
  • B. In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities
  • C. In home networks in which file and printer sharing is enabled
  • D. In university environments using multicast video training sourced from professor's laptops

正解:A

解説:
Peer-to-peer blocking (also called client isolation) is useful in open or public WLANs to prevent devices from communicating directly with each other.
B). In public hot-spots, isolating users helps protect against malware spread, snooping, and attacks from nearby devices.
Incorrect:
A). In home networks, peer-to-peer communication is often desired for file sharing.
C). Voice over Wi-Fi may rely on peer communication (e.g., multicast).
D). In university setups using multicast, peer-to-peer restrictions could hinder functionality.
References:
CWSP-208 Study Guide, Chapter 3 (Access Control and WLAN Policies)
CWNP WLAN Best Practices for Public Networks


質問 # 67
Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization.
What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)

  • A. RADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.
  • B. The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.
  • C. RADIUS can reassign a client's 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.
  • D. RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.
  • E. The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.

正解:A、B

解説:
Comprehensive Detailed Explanation:
B). Vendor-Specific Attributes (VSAs) allow integration with WLAN vendors' controllers to assign roles, VLANs, QoS levels, etc., during user authentication.
E). Standard or vendor-specific RADIUS attributes can dynamically assign permission levels based on group membership, department, or role.
Incorrect:
A). RADIUS does not directly manage DHCP functions.
C). SSID is selected by the user's device, not by the RADIUS server.
D). RADIUS uses ACCESS-REJECT, not "DO-NOT-AUTHORIZE," and it is not OS-specific.
References:
CWSP-208 Study Guide, Chapter 4 (RADIUS and Policy Assignment)
CWNP RADIUS Deployment Best Practices


質問 # 68
You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)

  • A. Generating PMKs that can be imported into 802.11 RSN-compatible devices
  • B. Generating secret keys for RADIUS servers and WLAN infrastructure devices
  • C. Generating passwords for WLAN infrastructure equipment logins
  • D. Generating dynamic session keys used for IPSec VPNs
  • E. Generating passphrases for WLAN systems secured with WPA2-Personal

正解:A、B、E

解説:
A utility that combines a secret and salt to generate a random string is effectively a key derivation tool. It can be used to:
Generate PMKs (Pairwise Master Keys) to preload ready-made keys into RSN devices Generate shared secrets (e.g., RADIUS shared secrets, WLAN controller keys) Create strong passphrases for WPA2-Personal networks Using it for IPSec session keys is less common (those are usually dynamically negotiated), and creating management passwords is possible but not the main us


質問 # 69
What software and hardware tools are used together to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network? (Choose 2)

  • A. DHCP server software and access point software
  • B. A low-gain patch antenna and terminal emulation software
  • C. MAC spoofing software and MAC DoS software
  • D. A wireless workgroup bridge and a protocol analyzer
  • E. RF jamming device and a wireless radio card

正解:A、E

解説:
To hijack a wireless client, attackers often use:
An RF jamming device to disconnect the client from the legitimate AP (via deauth attacks or RF disruption) A rogue AP (created using access point software) that impersonates the real network DHCP server software to assign IP addresses and act as a gateway, completing the fake network Incorrect:
B). Terminal emulation is not relevant.
C). Workgroup bridges and protocol analyzers are for monitoring, not attacking.
E). MAC spoofing and DoS do not complete a hijack.
References:
CWSP-208 Study Guide, Chapter 5 (Hijacking Tools and Techniques)
CWNP Practical WLAN Attack Tools Guide


質問 # 70
What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?

  • A. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.
  • B. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.
  • C. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.
  • D. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.

正解:C

解説:
The PTK derivation requires:
PMK
ANonce (generated by the Authenticator)
SNonce (generated by the Supplicant)
MAC addresses of both Authenticator and Supplicant
Both the Supplicant and Authenticator derive the same PTK using identical inputs during the 4-Way Handshake.
Incorrect:
B). The nonces are shared-each party uses both ANonce and SNonce.
C). Nonces indicate no such validation message.
D). The MACs are part of the PTK input but not used to generate the nonces themselves.
References:
CWSP-208 Study Guide, Chapter 3 (4-Way Handshake)
IEEE 802.11i Key Management Process


質問 # 71
Given: A network security auditor is preparing to perform a comprehensive assessment of an 802.11ac network's security.
What task should be performed at the beginning of the audit to maximize the auditor's ability to expose network vulnerabilities?

  • A. Identify the manufacturer of the wireless infrastructure hardware.
  • B. Identify the manufacturer of the wireless intrusion prevention system.
  • C. Identify the skill level of the wireless network security administrator(s).
  • D. Identify the IP subnet information for each network segment.
  • E. Identify the wireless security solution(s) currently in use.

正解:E

解説:
Before conducting a security audit of an 802.11ac WLAN, it is essential to know the current security implementations-such as the use of WPA2-Enterprise, 802.1X, or MAC filtering. This helps the auditor tailor tests to identify gaps, weaknesses, or misconfigurations in the existing system. Understanding the security solutions provides the most immediate insight into potential vulnerabilities.


質問 # 72
An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?

  • A. Man-in-the-middle
  • B. Hijacking
  • C. ASLEAP
  • D. DoS

正解:D

解説:
A Denial-of-Service (DoS) attack focuses on preventing legitimate users from accessing network resources. In this case, the attacker has not accessed files or data but is interrupting services. This aligns perfectly with a DoS attack scenario.
References:
CWSP-208 Study Guide, Chapter 5 (WLAN Threat Categories)
CWNP Learning Center: DoS and Availability Attacks


質問 # 73
ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.
What types of wireless attacks are protected by 802.11w? (Choose 2)

  • A. Layer 2 Disassociation attacks
  • B. Social engineering attacks
  • C. Robust management frame replay attacks
  • D. RF DoS attacks

正解:A、C

解説:
802.11w, also known as Protected Management Frames (PMF), is designed to protect specific types of 802.11 management frames such as disassociation and deauthentication frames. These frames were previously sent unencrypted and could be spoofed by attackers to disconnect clients (DoS attacks). With 802.11w, these frames are cryptographically protected, mitigating such attacks.
PMF also includes replay protection for these management frames, preventing attackers from capturing and replaying them to disrupt network connectivity.
References:
CWSP-208 Study Guide, Chapter 6 (Wireless LAN Security Solutions)
IEEE 802.11w-2009 amendment
CWNP Whitepapers on PMF and Management Frame Protection


質問 # 74
Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)

  • A. Application-layer traffic inspection
  • B. Configuration distribution for autonomous APs
  • C. Wireless vulnerability assessment
  • D. Policy enforcement and compliance management
  • E. Analysis and reporting of AP CPU utilization

正解:C、D

解説:
WIPS systems provide proactive security by continuously scanning for threats and ensuring WLAN policy compliance. Their capabilities include:
B). Wireless vulnerability assessment: Scanning for misconfigured APs, weak encryption, and unauthorized devices.
E). Policy enforcement and compliance: Ensuring security settings adhere to enterprise or regulatory requirements and alerting on deviations.
Other options like application-layer inspection and AP CPU monitoring are outside the WIPS function scope.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Services and Capabilities
CWNP CWSP-208 Objectives: "WIPS Threat Mitigation and Enforcement"


質問 # 75
What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?

  • A. Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.
  • B. Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.
  • C. Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.
  • D. The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.

正解:B

解説:
Opportunistic Key Caching (OKC) is a non-standardized fast roaming method that allows clients to roam between APs without repeating the full 802.1X/EAP authentication process.
OKC was proposed by vendors (not the IEEE or Wi-Fi Alliance), so there was no formal certification early on.
This led to inconsistent and delayed client support, preventing widespread adoption.
Incorrect:
A). OKC does not involve inter-controller roaming in most scenarios; it's a local caching method.
C). The cryptographic overhead was not a significant barrier compared to lack of standardization.
D). OKC was not defined in IEEE 802.11r-Fast BSS Transition (FT) was.
References:
CWSP-208 Study Guide, Chapter 6 (Fast Secure Roaming)
CWNP Wireless Mobility Standards Overview


質問 # 76
What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?

  • A. The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.
  • B. The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.
  • C. The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.
  • D. The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.

正解:D

解説:
The Pairwise Transient Key (PTK) is derived during the 4-Way Handshake and is used to generate:
The EAPOL-Key Confirmation Key (KCK)
The EAPOL-Key Encryption Key (KEK)
The Temporal Key (TK), which encrypts unicast traffic
Incorrect:
A). The Group Master Key (GMK) is used to derive the GTK, not the PTK.
C). PTK is not XOR'd with the PSK-PTK is derived from PMK + other session parameters.
D). PMK is never encrypted or transmitted; it is pre-shared or derived and remains local.
References:
CWSP-208 Study Guide, Chapter 3 (PTK and 4-Way Handshake)
IEEE 802.11i-2004 Specification


質問 # 77
What preventative measures are performed by a WIPS against intrusions?

  • A. Uses SNMP to disable the switch port to which rogue APs connect
  • B. ASLEAP attack against a rogue AP
  • C. Deauthentication attack against a classified neighbor AP
  • D. Evil twin attack against a rogue AP
  • E. EAPoL Reject frame flood against a rogue AP

正解:A

解説:
Wireless Intrusion Prevention Systems (WIPS) can proactively respond to detected threats using various techniques. One such preventative measure is integration with the wired infrastructure to mitigate rogue APs by disabling the switch port they are connected to. This is typically done through SNMP or other switch management interfaces.
This form of wired-side containment is more secure and compliant than wireless-side attacks (e.g., deauthentication), which can violate regulations in some jurisdictions.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Architecture and Countermeasures CWNP CWSP-208 Exam Objectives: "WIPS Prevention and Containment Techniques"


質問 # 78
Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs.
Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:
SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher suite The consultant's computer can successfully authenticate and browse the Internet when using the Blue SSID.
The same computer cannot authenticate when using the Red SSID.
What is a possible cause of the problem?

  • A. The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.
  • B. The consultant does not have a valid Kerberos ID on the Blue VLAN.
  • C. The TKIP cipher suite is not a valid option for PEAPv0 authentication.
  • D. The Red VLAN does not use server certificate, but the client requires one.

正解:A

解説:
PEAPv0/EAP-TLS is a tunneled EAP method that requires:
The server to present a certificate for TLS tunnel establishment.
The client to present a valid client certificate within the tunnel (in the case of EAP-TLS).
If the client does not have a valid X.509 certificate installed, authentication will fail.
Incorrect:
A). The server certificate is required for the TLS tunnel, and it is typically present; the issue here lies with the client cert.
B). TKIP is technically compatible with PEAPv0, although AES-CCMP is preferred.
D). Kerberos is unrelated to EAP authentication and VLAN use.
References:
CWSP-208 Study Guide, Chapter 4 (PEAP and EAP-TLS Authentication)
IEEE 802.1X and TLS Frameworks


質問 # 79
Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)

  • A. In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.
  • B. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.
  • C. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.
  • D. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.

正解:A、B、C

解説:
Client VLAN assignment at the controller can be achieved through:
B). RADIUS attributes (e.g., Tunnel-Private-Group-ID) for dynamic VLAN assignment.
C). Static mappings in the WLAN controller's local user DB.
D). SSID-to-VLAN bindings assign traffic from specific SSIDs to specific VLANs.
Incorrect:
A). The AP connects to the controller over a tunneled link. VLAN configuration at the AP's Ethernet port does not impact client VLAN assignment in centralized forwarding mode.
References:
CWSP-208 Study Guide, Chapter 6 (Dynamic VLAN Assignment)
CWNP WLAN Controller Configuration Guides


質問 # 80
Given: The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.
What single WLAN security feature should be implemented to comply with these requirements?

  • A. Captive portal
  • B. Mutual authentication
  • C. Group authentication
  • D. RADIUS policy accounting
  • E. Role-based access control

正解:E

解説:
Role-Based Access Control (RBAC) allows administrators to define user roles and enforce network access permissions based on the user's identity. By implementing RBAC in the WLAN, you can:
Grant the Marketing group access only to the file/email server and the Internet Prevent access to other internal resources This single feature enables fine-grained restriction without needing multiple SSIDs or ACLs.
Other options don't provide the necessary flexibility:
A). Mutual authentication ensures secure identity verification but doesn't control network access scope B & D & E do not provide targeted resource-level access control References:
CWSP#207 Study Guide, Chapter 6 (Access Control Policy and RBAC)


質問 # 81
You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4- way handshake.
Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)

  • A. STA1 is a TSN, and STA2 is an RSN.
  • B. STA1 is a reassociation and STA2 is an initial association.
  • C. STA1 and STA2 are using different cipher suites.
  • D. STA2 has retransmissions of EAP frames.
  • E. STA1 and STA2 are using different EAP types.

正解:E

解説:
Different EAP types involve varying numbers of exchanges:
EAP-TLS, for example, involves more exchanges due to certificate negotiation.
EAP-MD5 or PEAP might involve fewer steps.
Thus, the most likely reason for different frame counts during successful authentication is the use of different EAP types.
Incorrect:
A). Cipher suites are negotiated after EAP, not during it.
B). Retransmissions would typically cause noticeable delay and not result in exactly 11 frames.
C). Reassociation does not significantly reduce EAP frame count.
D). RSN/TSN differences are not directly related to EAP exchange length.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Protocol Operation)
IEEE 802.1X and EAP Behavior Documentation


質問 # 82
In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce? (Choose 2)

  • A. The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).
  • B. They are added together and used as the GMK, from which the GTK is derived.
  • C. They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.
  • D. They are input values used in the derivation of the Pairwise Transient Key.
  • E. They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.

正解:D、E

解説:
In the 802.11 4-Way Handshake:
D: The ANonce (from the AP) and SNonce (from the STA) are critical entropy values used along with the PMK, MAC addresses, etc., to derive the PTK securely.
E: This process ensures both parties derive the same PTK without ever transmitting the key over the air, mitigating interception risk.
Incorrect:
A). Nonces are not padding bytes.
B). Nonces are not the MIC; MIC is a separate integrity mechanism.
C). GMK and GTK are for group keys, not derived from nonces.
References:
CWSP-208 Study Guide, Chapter 3 (4-Way Handshake Mechanics)
IEEE 802.11i Specification


質問 # 83
......


CWNP CWSP-208 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • 脆弱性、脅威、攻撃:この試験セクションでは、ネットワークインフラストラクチャエンジニアがWLANシステム内の脆弱性と脅威を特定し、軽減する能力を評価します。受験者は、CVEデータベースなどの信頼できる情報源を用いてリスクを評価し、修復策を適用し、隔離プロトコルを実装することが求められます。また、この分野では盗聴やフィッシングなどの攻撃の検知と対応にも重点を置いています。侵入テスト、ログ分析、SIEMシステムやWIPS
  • WIDSなどの監視ツールの使用も含まれます。さらに、資産管理、リスク評価、損失計算などのリスク分析手順を網羅し、情報に基づいたリスク管理計画の策定をサポートします。
トピック 2
  • セキュリティポリシー:このセクションでは、ワイヤレスセキュリティアナリストのスキルを評価し、WLANセキュリティ要件がどのように定義され、組織のニーズと整合されているかを検証します。規制および技術ポリシーの評価、関係者の関与、インフラストラクチャおよびクライアントデバイスのレビューに重点が置かれます。また、高レベルのセキュリティポリシーがライフサイクル全体にわたってどの程度適切に作成、承認、維持されているか、関係者の継続的な意識向上とコンプライアンス確保のためのトレーニング活動も含め、評価されます。
トピック 3
  • セキュリティライフサイクル管理:この試験セクションでは、ネットワークインフラストラクチャエンジニアが、新しいテクノロジーの特定から継続的な監視と監査に至るまで、セキュリティライフサイクル全体を監督する能力を評価します。新しいWLAN実装に関連するリスクを評価し、適切な保護を適用し、SIEMなどのツールを使用してコンプライアンスチェックを実行する能力が問われます。受験者は、効果的な変更管理、保守戦略、そして脆弱性を検出し、洞察に富んだセキュリティレポートを生成するための監査ツールの活用能力も実証する必要があります。評価には、ユーザーインタビューの実施、アクセス制御のレビュー、スキャンの実行、組織の目標に沿った調査結果の報告などのタスクが含まれます。
トピック 4
  • WLAN セキュリティ設計とアーキテクチャ:この試験では、確立されたポリシーに沿って適切な WLAN セキュリティソリューションを選択し、導入する無線セキュリティアナリストの能力に重点が置かれます。WPA2、WPA3、802.1X
  • EAP、ゲストアクセス戦略などの認証メカニズムの実装、AES や VPN などの適切な暗号化方式の選択などが含まれます。さらに、このセクションでは、無線監視システムに関する知識、AKM プロセスの理解、VLAN、ファイアウォール、ACL などの有線セキュリティシステムをセットアップして無線インフラストラクチャをサポートする能力も評価されます。受験者は、安全なクライアントオンボーディングの管理、NAC の設定、802.11r などのローミング技術の実装能力もテストされます。最後に、パブリックネットワークの保護、一般的な設定エラーの回避、脆弱なセキュリティプロトコルに関連するリスクの軽減に関する実践を評価します。

 

CWSP-208認定概要最新のCWSP-208PDF問題集はこちら:https://www.passtest.jp/CWNP/CWSP-208-shiken.html

無料CWSP-208試験ブレーン問題集認定ガイド問題と解答:https://drive.google.com/open?id=1ekjP6fbtolPy9ffo2av-JpTJB0EvJxST