
検証済みCWSP-208問題集PDF資料 [2025]
最新のCWSP-208実際の無料試験問題更新された122問あります
質問 # 60
Given: You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured.
In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?
- A. RTS
- B. CTS
- C. Probe request
- D. Beacon
- E. Data frames
正解:D
解説:
The RSN (Robust Security Network) Information Element (IE) is used to advertise the security capabilities of a wireless network, particularly for WPA2 and WPA3 networks. This RSN IE is contained in Beacon and Probe Response management frames, not in Probe Request, RTS, CTS, or Data frames. The Beacon frame is sent periodically by an AP to announce its presence and includes critical information about the BSS, including security settings like the RSN IE.
You would use a protocol analyzer to capture Beacon frames and inspect the RSN IE field to confirm if a BSS is properly configured to use RSN protections such as WPA2-Enterprise or WPA2-Personal.
References:
CWSP-208 Study Guide, Chapter 6 - WLAN Discovery & Enumeration
CWNP CWSP-208 Objectives: "802.11 Frame Analysis" and "Understanding RSN Information Element Fields"
質問 # 61
Given: You must implement 7 APs for a branch office location in your organization. All APs will be autonomous and provide the same two SSIDs (CORP1879 and Guest).
Because each AP is managed directly through a web-based interface, what must be changed on every AP before enabling the WLANs to ensure proper staging procedures are followed?
- A. Fragmentation threshold
- B. Cell radius
- C. Output power
- D. Administrative password
正解:D
解説:
For security and proper management, each autonomous AP must have:
A unique, non-default administrative password.
This ensures attackers cannot guess login credentials and access AP settings.
Especially critical when managing via web interface, which may expose login portals to the local network.
Incorrect:
A). Fragmentation threshold is rarely adjusted except for special performance tuning.
C & D. Output power and cell radius settings are adjusted during RF design, but they don't relate to staging
/security directly.
References:
CWSP-208 Study Guide, Chapter 7 (AP Deployment Security)
CWNP WLAN Deployment Hardening Best Practices
質問 # 62
Given: ABC Company has 20 employees and only needs one access point to cover their entire facility. Ten of ABC Company's employees have laptops with radio cards capable of only WPA security. The other ten employees have laptops with radio cards capable of WPA2 security. The network administrator wishes to secure all wireless communications (broadcast and unicast) for each laptop with its strongest supported security mechanism, but does not wish to implement a RADIUS/AAA server due to complexity.
What security implementation will allow the network administrator to achieve this goal?
- A. Implement an SSID with WPA-Personal that allows both AES-CCMP and TKIP clients to connect.
- B. Implement two separate SSIDs on the AP-one for WPA-Personal using TKIP and one for WPA2- Personal using AES-CCMP.
- C. Implement an SSID with WPA2-Personal that allows both AES-CCMP and TKIP clients to connect.
- D. Implement an SSID with WPA2-Personal that sends all broadcast traffic using AES-CCMP and unicast traffic using either TKIP or AES-CCMP.
正解:B
質問 # 63
What statements are true about 802.11-2012 Protected Management Frames? (Choose 2)
- A. Authentication, association, and acknowledgment frames are protected if management frame protection is enabled, but deauthentication and disassociation frames are not.
- B. Management frame protection protects disassociation and deauthentication frames.
- C. 802.11w frame protection protects against some Layer 2 denial-of-service (DoS) attacks, but it cannot prevent all types of Layer 2 DoS attacks.
- D. When frame protection is in use, the PHY preamble and header as well as the MAC header are encrypted with 256- or 512-bit AES.
正解:B、C
解説:
A). 802.11w (now part of 802.11-2012) introduces protection for management frames, especially disassociation and deauthentication frames, helping prevent spoofing-based DoS attacks. However, it cannot prevent all types of Layer 2 DoS (e.g., RF jamming).
D). Specifically, 802.11w protects disassociation and deauthentication frames by signing them with cryptographic keys.
Incorrect:
B). The MAC header and PHY preamble are not encrypted under any standard.
C). Authentication and association frames are not protected by 802.11w; only certain management frames are.
References:
CWSP-208 Study Guide, Chapter 6 (802.11w Management Frame Protection)
IEEE 802.11w and 802.11-2012 Standards
質問 # 64
After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify security threats?
- A. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.
- B. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.
- C. Authorized PEAP usernames must be added to the WIPS server's user database.
- D. Separate security profiles must be defined for network operation in different regulatory domains
正解:B
解説:
After deploying a WIPS, an essential baseline activity is to classify all detected devices in the RF environment. These classifications allow the system to enforce security policies and detect policy violations.
Classifications include:
Authorized (managed devices)
Rogue (unauthorized, possibly dangerous)
Neighbor (not part of your network but legitimate)
External or Ad hoc devices
Without this initial classification, WIPS cannot properly assess threats or trigger alarms.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Classification and Threat Management CWNP CWSP-208 Objectives: "Device Classification and Policy Enforcement"
質問 # 65
For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?
- A. At least six antennas must be installed in each sensor.
- B. A location chipset (GPS) must be installed with it.
- C. The RF environment must be sampled during an RF calibration process.
- D. All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.
正解:C
解説:
For a WIPS system to perform location patterning (also called RF fingerprinting), it must first perform an RF calibration or RF site survey. This process involves sampling signal strengths from known locations to develop a model of how signals propagate in the environment. This "fingerprint" is then used to triangulate or estimate the positions of rogue devices.
質問 # 66
In what deployment scenarios would it be desirable to enable peer-to-peer traffic blocking?
- A. At public hot-spots in which many clients use diverse applications
- B. In corporate Voice over Wi-Fi networks with push-to-talk multicast capabilities
- C. In home networks in which file and printer sharing is enabled
- D. In university environments using multicast video training sourced from professor's laptops
正解:A
解説:
Peer-to-peer blocking (also called client isolation) is useful in open or public WLANs to prevent devices from communicating directly with each other.
B). In public hot-spots, isolating users helps protect against malware spread, snooping, and attacks from nearby devices.
Incorrect:
A). In home networks, peer-to-peer communication is often desired for file sharing.
C). Voice over Wi-Fi may rely on peer communication (e.g., multicast).
D). In university setups using multicast, peer-to-peer restrictions could hinder functionality.
References:
CWSP-208 Study Guide, Chapter 3 (Access Control and WLAN Policies)
CWNP WLAN Best Practices for Public Networks
質問 # 67
Given: XYZ Company has recently installed a controller-based WLAN and is using a RADIUS server to query authentication requests to an LDAP server. XYZ maintains user-based access policies and would like to use the RADIUS server to facilitate network authorization.
What RADIUS features could be used by XYZ to assign the proper network permissions to users during authentication? (Choose 2)
- A. RADIUS attributes can be used to assign permission levels, such as read-only permission, to users of a particular network resource.
- B. The RADIUS server can support vendor-specific attributes in the ACCESS-ACCEPT response, which can be used for user policy assignment.
- C. RADIUS can reassign a client's 802.11 association to a new SSID by referencing a username-to-SSID mapping table in the LDAP user database.
- D. RADIUS can send a DO-NOT-AUTHORIZE demand to the authenticator to prevent the STA from gaining access to specific files, but may only employ this in relation to Linux servers.
- E. The RADIUS server can communicate with the DHCP server to issue the appropriate IP address and VLAN assignment to users.
正解:A、B
解説:
Comprehensive Detailed Explanation:
B). Vendor-Specific Attributes (VSAs) allow integration with WLAN vendors' controllers to assign roles, VLANs, QoS levels, etc., during user authentication.
E). Standard or vendor-specific RADIUS attributes can dynamically assign permission levels based on group membership, department, or role.
Incorrect:
A). RADIUS does not directly manage DHCP functions.
C). SSID is selected by the user's device, not by the RADIUS server.
D). RADIUS uses ACCESS-REJECT, not "DO-NOT-AUTHORIZE," and it is not OS-specific.
References:
CWSP-208 Study Guide, Chapter 4 (RADIUS and Policy Assignment)
CWNP RADIUS Deployment Best Practices
質問 # 68
You are using a utility that takes input and generates random output. For example, you can provide the input of a known word as a secret word and then also provide another known word as salt input. When you process the input it generates a secret code which is a combination of letters and numbers with case sensitivity. For what is the described utility used? (Choose 3)
- A. Generating PMKs that can be imported into 802.11 RSN-compatible devices
- B. Generating secret keys for RADIUS servers and WLAN infrastructure devices
- C. Generating passwords for WLAN infrastructure equipment logins
- D. Generating dynamic session keys used for IPSec VPNs
- E. Generating passphrases for WLAN systems secured with WPA2-Personal
正解:A、B、E
解説:
A utility that combines a secret and salt to generate a random string is effectively a key derivation tool. It can be used to:
Generate PMKs (Pairwise Master Keys) to preload ready-made keys into RSN devices Generate shared secrets (e.g., RADIUS shared secrets, WLAN controller keys) Create strong passphrases for WPA2-Personal networks Using it for IPSec session keys is less common (those are usually dynamically negotiated), and creating management passwords is possible but not the main us
質問 # 69
What software and hardware tools are used together to hijack a wireless station from the authorized wireless network onto an unauthorized wireless network? (Choose 2)
- A. DHCP server software and access point software
- B. A low-gain patch antenna and terminal emulation software
- C. MAC spoofing software and MAC DoS software
- D. A wireless workgroup bridge and a protocol analyzer
- E. RF jamming device and a wireless radio card
正解:A、E
解説:
To hijack a wireless client, attackers often use:
An RF jamming device to disconnect the client from the legitimate AP (via deauth attacks or RF disruption) A rogue AP (created using access point software) that impersonates the real network DHCP server software to assign IP addresses and act as a gateway, completing the fake network Incorrect:
B). Terminal emulation is not relevant.
C). Workgroup bridges and protocol analyzers are for monitoring, not attacking.
E). MAC spoofing and DoS do not complete a hijack.
References:
CWSP-208 Study Guide, Chapter 5 (Hijacking Tools and Techniques)
CWNP Practical WLAN Attack Tools Guide
質問 # 70
What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?
- A. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.
- B. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.
- C. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.
- D. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.
正解:C
解説:
The PTK derivation requires:
PMK
ANonce (generated by the Authenticator)
SNonce (generated by the Supplicant)
MAC addresses of both Authenticator and Supplicant
Both the Supplicant and Authenticator derive the same PTK using identical inputs during the 4-Way Handshake.
Incorrect:
B). The nonces are shared-each party uses both ANonce and SNonce.
C). Nonces indicate no such validation message.
D). The MACs are part of the PTK input but not used to generate the nonces themselves.
References:
CWSP-208 Study Guide, Chapter 3 (4-Way Handshake)
IEEE 802.11i Key Management Process
質問 # 71
Given: A network security auditor is preparing to perform a comprehensive assessment of an 802.11ac network's security.
What task should be performed at the beginning of the audit to maximize the auditor's ability to expose network vulnerabilities?
- A. Identify the manufacturer of the wireless infrastructure hardware.
- B. Identify the manufacturer of the wireless intrusion prevention system.
- C. Identify the skill level of the wireless network security administrator(s).
- D. Identify the IP subnet information for each network segment.
- E. Identify the wireless security solution(s) currently in use.
正解:E
解説:
Before conducting a security audit of an 802.11ac WLAN, it is essential to know the current security implementations-such as the use of WPA2-Enterprise, 802.1X, or MAC filtering. This helps the auditor tailor tests to identify gaps, weaknesses, or misconfigurations in the existing system. Understanding the security solutions provides the most immediate insight into potential vulnerabilities.
質問 # 72
An attack is under way on the network. The attack is preventing users from accessing resources required for business operations, but the attacker has not gained access to any files or data. What kind of attack is described?
- A. Man-in-the-middle
- B. Hijacking
- C. ASLEAP
- D. DoS
正解:D
解説:
A Denial-of-Service (DoS) attack focuses on preventing legitimate users from accessing network resources. In this case, the attacker has not accessed files or data but is interrupting services. This aligns perfectly with a DoS attack scenario.
References:
CWSP-208 Study Guide, Chapter 5 (WLAN Threat Categories)
CWNP Learning Center: DoS and Availability Attacks
質問 # 73
ABC Company uses the wireless network for highly sensitive network traffic. For that reason, they intend to protect their network in all possible ways. They are continually researching new network threats and new preventative measures. They are interested in the security benefits of 802.11w, but would like to know its limitations.
What types of wireless attacks are protected by 802.11w? (Choose 2)
- A. Layer 2 Disassociation attacks
- B. Social engineering attacks
- C. Robust management frame replay attacks
- D. RF DoS attacks
正解:A、C
解説:
802.11w, also known as Protected Management Frames (PMF), is designed to protect specific types of 802.11 management frames such as disassociation and deauthentication frames. These frames were previously sent unencrypted and could be spoofed by attackers to disconnect clients (DoS attacks). With 802.11w, these frames are cryptographically protected, mitigating such attacks.
PMF also includes replay protection for these management frames, preventing attackers from capturing and replaying them to disrupt network connectivity.
References:
CWSP-208 Study Guide, Chapter 6 (Wireless LAN Security Solutions)
IEEE 802.11w-2009 amendment
CWNP Whitepapers on PMF and Management Frame Protection
質問 # 74
Wireless Intrusion Prevention Systems (WIPS) provide what network security services? (Choose 2)
- A. Application-layer traffic inspection
- B. Configuration distribution for autonomous APs
- C. Wireless vulnerability assessment
- D. Policy enforcement and compliance management
- E. Analysis and reporting of AP CPU utilization
正解:C、D
解説:
WIPS systems provide proactive security by continuously scanning for threats and ensuring WLAN policy compliance. Their capabilities include:
B). Wireless vulnerability assessment: Scanning for misconfigured APs, weak encryption, and unauthorized devices.
E). Policy enforcement and compliance: Ensuring security settings adhere to enterprise or regulatory requirements and alerting on deviations.
Other options like application-layer inspection and AP CPU monitoring are outside the WIPS function scope.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Services and Capabilities
CWNP CWSP-208 Objectives: "WIPS Threat Mitigation and Enforcement"
質問 # 75
What drawbacks initially prevented the widespread acceptance and use of Opportunistic Key Caching (OKC)?
- A. Sharing cached keys between controllers during inter-controller roaming created vulnerabilities that exposed the keys to attackers.
- B. Because OKC is not defined by any standards or certification body, client support was delayed and sporadic early on.
- C. Key exchanges during fast roams required processor-intensive cryptography, which was prohibitive for legacy devices supporting only TKIP.
- D. The Wi-Fi Alliance continually delayed the creation of a client certification for OKC, even though it was defined by IEEE 802.11r.
正解:B
解説:
Opportunistic Key Caching (OKC) is a non-standardized fast roaming method that allows clients to roam between APs without repeating the full 802.1X/EAP authentication process.
OKC was proposed by vendors (not the IEEE or Wi-Fi Alliance), so there was no formal certification early on.
This led to inconsistent and delayed client support, preventing widespread adoption.
Incorrect:
A). OKC does not involve inter-controller roaming in most scenarios; it's a local caching method.
C). The cryptographic overhead was not a significant barrier compared to lack of standardization.
D). OKC was not defined in IEEE 802.11r-Fast BSS Transition (FT) was.
References:
CWSP-208 Study Guide, Chapter 6 (Fast Secure Roaming)
CWNP Wireless Mobility Standards Overview
質問 # 76
What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?
- A. The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.
- B. The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.
- C. The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.
- D. The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.
正解:D
解説:
The Pairwise Transient Key (PTK) is derived during the 4-Way Handshake and is used to generate:
The EAPOL-Key Confirmation Key (KCK)
The EAPOL-Key Encryption Key (KEK)
The Temporal Key (TK), which encrypts unicast traffic
Incorrect:
A). The Group Master Key (GMK) is used to derive the GTK, not the PTK.
C). PTK is not XOR'd with the PSK-PTK is derived from PMK + other session parameters.
D). PMK is never encrypted or transmitted; it is pre-shared or derived and remains local.
References:
CWSP-208 Study Guide, Chapter 3 (PTK and 4-Way Handshake)
IEEE 802.11i-2004 Specification
質問 # 77
What preventative measures are performed by a WIPS against intrusions?
- A. Uses SNMP to disable the switch port to which rogue APs connect
- B. ASLEAP attack against a rogue AP
- C. Deauthentication attack against a classified neighbor AP
- D. Evil twin attack against a rogue AP
- E. EAPoL Reject frame flood against a rogue AP
正解:A
解説:
Wireless Intrusion Prevention Systems (WIPS) can proactively respond to detected threats using various techniques. One such preventative measure is integration with the wired infrastructure to mitigate rogue APs by disabling the switch port they are connected to. This is typically done through SNMP or other switch management interfaces.
This form of wired-side containment is more secure and compliant than wireless-side attacks (e.g., deauthentication), which can violate regulations in some jurisdictions.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Architecture and Countermeasures CWNP CWSP-208 Exam Objectives: "WIPS Prevention and Containment Techniques"
質問 # 78
Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs.
Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:
SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher suite The consultant's computer can successfully authenticate and browse the Internet when using the Blue SSID.
The same computer cannot authenticate when using the Red SSID.
What is a possible cause of the problem?
- A. The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.
- B. The consultant does not have a valid Kerberos ID on the Blue VLAN.
- C. The TKIP cipher suite is not a valid option for PEAPv0 authentication.
- D. The Red VLAN does not use server certificate, but the client requires one.
正解:A
解説:
PEAPv0/EAP-TLS is a tunneled EAP method that requires:
The server to present a certificate for TLS tunnel establishment.
The client to present a valid client certificate within the tunnel (in the case of EAP-TLS).
If the client does not have a valid X.509 certificate installed, authentication will fail.
Incorrect:
A). The server certificate is required for the TLS tunnel, and it is typically present; the issue here lies with the client cert.
B). TKIP is technically compatible with PEAPv0, although AES-CCMP is preferred.
D). Kerberos is unrelated to EAP authentication and VLAN use.
References:
CWSP-208 Study Guide, Chapter 4 (PEAP and EAP-TLS Authentication)
IEEE 802.1X and TLS Frameworks
質問 # 79
Given: Your network includes a controller-based WLAN architecture with centralized data forwarding. The AP builds an encrypted tunnel to the WLAN controller. The WLAN controller is uplinked to the network via a trunked 1 Gbps Ethernet port supporting all necessary VLANs for management, control, and client traffic.
What processes can be used to force an authenticated WLAN client's data traffic into a specific VLAN as it exits the WLAN controller interface onto the wired uplink? (Choose 3)
- A. In the WLAN controller's local user database, create a static username-to-VLAN mapping on the WLAN controller to direct data traffic from a specific user to a designated VLAN.
- B. Configure the WLAN controller with static SSID-to-VLAN mappings; the user will be assigned to a VLAN according to the SSID being used.
- C. During 802.1X authentication, RADIUS sends a return list attribute to the WLAN controller assigning the user and all traffic to a specific VLAN.
- D. On the Ethernet switch that connects to the AP, configure the switch port as an access port (not trunking) in the VLAN of supported clients.
正解:A、B、C
解説:
Client VLAN assignment at the controller can be achieved through:
B). RADIUS attributes (e.g., Tunnel-Private-Group-ID) for dynamic VLAN assignment.
C). Static mappings in the WLAN controller's local user DB.
D). SSID-to-VLAN bindings assign traffic from specific SSIDs to specific VLANs.
Incorrect:
A). The AP connects to the controller over a tunneled link. VLAN configuration at the AP's Ethernet port does not impact client VLAN assignment in centralized forwarding mode.
References:
CWSP-208 Study Guide, Chapter 6 (Dynamic VLAN Assignment)
CWNP WLAN Controller Configuration Guides
質問 # 80
Given: The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources.
What single WLAN security feature should be implemented to comply with these requirements?
- A. Captive portal
- B. Mutual authentication
- C. Group authentication
- D. RADIUS policy accounting
- E. Role-based access control
正解:E
解説:
Role-Based Access Control (RBAC) allows administrators to define user roles and enforce network access permissions based on the user's identity. By implementing RBAC in the WLAN, you can:
Grant the Marketing group access only to the file/email server and the Internet Prevent access to other internal resources This single feature enables fine-grained restriction without needing multiple SSIDs or ACLs.
Other options don't provide the necessary flexibility:
A). Mutual authentication ensures secure identity verification but doesn't control network access scope B & D & E do not provide targeted resource-level access control References:
CWSP#207 Study Guide, Chapter 6 (Access Control Policy and RBAC)
質問 # 81
You are using a protocol analyzer for random checks of activity on the WLAN. In the process, you notice two different EAP authentication processes. One process (STA1) used seven EAP frames (excluding ACK frames) before the 4-way handshake and the other (STA2) used 11 EAP frames (excluding ACK frames) before the 4- way handshake.
Which statement explains why the frame exchange from one STA required more frames than the frame exchange from another STA when both authentications were successful? (Choose the single most probable answer given a stable WLAN.)
- A. STA1 is a TSN, and STA2 is an RSN.
- B. STA1 is a reassociation and STA2 is an initial association.
- C. STA1 and STA2 are using different cipher suites.
- D. STA2 has retransmissions of EAP frames.
- E. STA1 and STA2 are using different EAP types.
正解:E
解説:
Different EAP types involve varying numbers of exchanges:
EAP-TLS, for example, involves more exchanges due to certificate negotiation.
EAP-MD5 or PEAP might involve fewer steps.
Thus, the most likely reason for different frame counts during successful authentication is the use of different EAP types.
Incorrect:
A). Cipher suites are negotiated after EAP, not during it.
B). Retransmissions would typically cause noticeable delay and not result in exactly 11 frames.
C). Reassociation does not significantly reduce EAP frame count.
D). RSN/TSN differences are not directly related to EAP exchange length.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Protocol Operation)
IEEE 802.1X and EAP Behavior Documentation
質問 # 82
In the basic 4-way handshake used in secure 802.11 networks, what is the purpose of the ANonce and SNonce? (Choose 2)
- A. The IEEE 802.11 standard requires that all encrypted frames contain a nonce to serve as a Message Integrity Check (MIC).
- B. They are added together and used as the GMK, from which the GTK is derived.
- C. They are used to pad Message 1 and Message 2 so each frame contains the same number of bytes.
- D. They are input values used in the derivation of the Pairwise Transient Key.
- E. They allow the participating STAs to create dynamic keys while avoiding sending unicast encryption keys across the wireless medium.
正解:D、E
解説:
In the 802.11 4-Way Handshake:
D: The ANonce (from the AP) and SNonce (from the STA) are critical entropy values used along with the PMK, MAC addresses, etc., to derive the PTK securely.
E: This process ensures both parties derive the same PTK without ever transmitting the key over the air, mitigating interception risk.
Incorrect:
A). Nonces are not padding bytes.
B). Nonces are not the MIC; MIC is a separate integrity mechanism.
C). GMK and GTK are for group keys, not derived from nonces.
References:
CWSP-208 Study Guide, Chapter 3 (4-Way Handshake Mechanics)
IEEE 802.11i Specification
質問 # 83
......
CWNP CWSP-208 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
CWSP-208認定概要最新のCWSP-208PDF問題集はこちら:https://www.passtest.jp/CWNP/CWSP-208-shiken.html
無料CWSP-208試験ブレーン問題集認定ガイド問題と解答:https://drive.google.com/open?id=1ekjP6fbtolPy9ffo2av-JpTJB0EvJxST