CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CWNP
  5. CWNA-109

Free CWNA-109 Exam Braindumps (page: 11)

Page 11 of 32
PDF with 122 Questions

You are the network administrator for ABC Company. Your manager has recently attended a wireless security seminar. The seminar speaker taught that a wireless network could be hidden from potential intruders if you disabled the broadcasting of the SSID in Beacons and configured the access points not to respond to Probe Request frames that have a null SSID field.

Your manager suggests implementing these security practices.
What response should you give to this suggestion?

  1. Any 802.11 protocol analyzer can see the SSID in clear text in frames other than Beacons frames.
    This negates any security benefit of trying to hide the SSID in Beacons and Probe Response frames.
  2. To improve security by hiding the SSID, the AP and client stations must both be configured to remove the SSID from association request and response frames. Most WLAN products support this.
  3. Any tenants in the same building using advanced penetration testing tools will be able to obtain the SSID by exploiting WPA EAPOL-Key exchanges. This poses an additional risk of exposing the WPA key.
  4. This security practice prevents manufacturers' client utilities from detecting the SSI As a result, the SSID cannot be obtained by attackers, except through social engineering, guessing, or use of a WIPS.

Answer(s): A

Explanation:

The response that you should give to your manager's suggestion of implementing the security practices of disabling the broadcasting of the SSID in Beacons and configuring the access points not to respond to Probe Request frames that have a null SSID field is that any 802.11 protocol analyzer can see the SSID in clear text in frames other than Beacons frames. This negates any security benefit of trying to hide the SSID in Beacons and Probe Response frames. The SSID (Service Set Identifier) is a human-readable name that identifies a WLAN and allows users to connect to it. The SSID is transmitted in clear text in several types of 802.11 frames, such as Beacon frames, Probe Request frames, Probe Response frames, Association Request frames, Association Response frames, Reassociation Request frames, and Reassociation Response frames. Some people may think that hiding the SSID can improve the security of the WLAN by making it invisible to potential intruders. However, this is not true, as hiding the SSID only removes it from Beacon frames and Probe Response frames that have a null SSID field. The SSID is still present in other types of frames that can be easily captured and analyzed by any 802.11 protocol analyzer or wireless scanner tool. Therefore, hiding the SSID does not provide any real security benefit and may even cause some compatibility and performance issues for legitimate users.


Reference:

1, Chapter 4, page 133; 2, Section 4.1



What cipher suite is specified by the 802.11-2016 standard and is not deprecated?

  1. Wired Equivalent Privacy
  2. Temporal Key Integrity Protocol
  3. Counter Mode with CBC-MAC Pro tocol
  4. Extensible Authentication Protocol

Answer(s): C

Explanation:

The cipher suite specified by the 802.11-2016 standard and is not deprecated is Counter Mode with CBC-MAC Protocol (CCMP). CCMP is an encryption protocol that uses Advanced Encryption Standard (AES) as the underlying cipher and provides confidentiality, integrity, and origin authentication for wireless data. CCMP is the mandatory encryption protocol for WPA2 and WPA3.


Reference:

[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 295; [IEEE Standard for Information technology­Telecommunications and information exchange between systems Local and metropolitan area networks­Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications], page 1560.



To ease user complexity, your company has implemented a single SSID for all employees. However, the network administrator needs a way to control the network resources that can be accessed by each employee based in their department.

What WLAN feature would allow the network administrator to accomplish this task?

  1. RBAC
  2. WPA2
  3. WIPS
  4. SNMP

Answer(s): A

Explanation:

The WLAN feature that would allow the network administrator to control the network resources that can be accessed by each employee based on their department is Role-Based Access Control (RBAC). RBAC is a method of assigning different permissions and policies to users or groups based on their roles in the organization. RBAC can be implemented by using VLANs, ACLs, or firewalls to restrict access to certain network segments or resources. RBAC can also be integrated with 802.1X/EAP authentication to dynamically assign roles and VLANs to users based on their credentials.


Reference:

[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 403; [Role-Based Access Control (RBAC) in Wireless Networks], page 1.



ABC Company is planning a point-to-multipoint outdoor bridge deployment with standalone (autonomous)
802.11 bridge units. 802.1X/EAP will be used for bridge authentication. A Linux-based RADIUS server will be used for authentication.
What device in the bridge implementation acts as the 802.1X Authenticator?

  1. The Ethernet switch
  2. The RADIUS server
  3. All non-root bridges
  4. The root bridge

Answer(s): D

Explanation:

The device in the bridge implementation that acts as the 802.1X Authenticator is the root bridge. The root bridge is the bridge that connects to the wired network and acts as the central point for all other bridges in the point-to-multipoint topology. The root bridge authenticates the non-root bridges using 802.1X/EAP and forwards their authentication requests to the RADIUS server. The non-root bridges act as the 802.1X Supplicants and use EAP methods such as EAP-TLS or EAP-PEAP to authenticate with the root bridge.


Reference:

[CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 459; [Cisco Aironet Wireless Bridges FAQ], question 29.



Page 11 of 32



Post your Comments and Discuss CWNP CWNA-109 exam with other Community members:

Quentin commented on November 14, 2024
I noticed that some comments were related to answers not being 100% correct. But for me as long as questions are real and same as the actual exam I was okay.
Mexico
upvote