CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CWNP
  5. CWSP-207

Free CWSP-207 Exam Braindumps (page: 14)

Page 13 of 31
PDF with 119 Questions

Which one of the following describes the correct hierarchy of 802.1X authentication key derivation?

  1. The MSK is generated from the 802.1X/EAP authentication. The PMK is derived from the MSK. The PTK is derived from the PMK, and the keys used for actual data encryption are a part of the PTK.
  2. If passphrase-based client authentication is used by the EAP type, the PMK is mapped directly from the user's passphrase. The PMK is then used during the 4-way handshake to create data encryption keys.
  3. After successful EAP authentication, the RADIUS server generates a PMK. A separate key, the MSK,
    is derived from the AAA key and is hashed with the PMK to create the PTK and GTK.
  4. The PMK is generated from a successful mutual EAP authentication.
    When mutual authentication is not used, an MSK is created. Either of these two keys may be used to derive the temporal data encryption keys during the 4-way handshake.

Answer(s): A



What statement is true regarding the nonces (ANonce and SNonce) used in the IEEE 802.11 4 Way Handshake?

  1. Both nonces are used by the Supplicant and Authenticator in the derivation of a single PTK.
  2. The Supplicant uses the SNonce to derive its unique PTK and the Authenticator uses the ANonce to derive its unique PTK, but the nonces are not shared.
  3. Nonces are sent in EAPoL frames to indicate to the receiver that the sending station has installed and validated the encryption keys.
  4. The nonces are created by combining the MAC addresses of the Supplicant, Authenticator, and Authentication Server into a mixing algorithm.

Answer(s): A



When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?

  1. The 802.1X Controlled Port is always blocked, but the Uncontrolled Port opens after the EAP authentication process completes.
  2. The 802.1X Controlled Port remains blocked until an IP address is requested and accepted by the Supplicant.
  3. The 4-Way Handshake must be performed before the 802.1X Controlled Port changes to the unblocked state.
  4. The 802.1X Controlled Port is blocked until Vender Specific Attributes (VSAs) are exchanged inside a RADIUS packet between the Authenticator and Authentication Server.

Answer(s): C



Given: ABC Company secures their network with WPA2-Personal authentication and AES-CCMP encryption.

What part of the 802.11 frame is always protected from eavesdroppers by this type of security?

  1. All MSDU contents
  2. All MPDU contents
  3. All PPDU contents
  4. All PSDU contents

Answer(s): A






Post your Comments and Discuss CWNP CWSP-207 exam with other Community members:

CWSP-207 Exam Discussions & Posts