




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Administered by CWNP, this certification tests deep knowledge of WLAN security including WEP/WPA/WPA / , encryption, authentication, EAP types, rogue device detection, WLAN policy, and wireless penetration testing. Ideal for enterprise WLAN security experts.
Typology: Exams
1 / 118
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which passive scanning technique involves listening to management frames like beacon frames to identify nearby wireless networks? A) Active scanning B) Passive scanning C) Probe request scanning D) Rogue AP detection Answer: B Explanation: Passive scanning involves listening to management frames such as beacon frames transmitted periodically by APs to discover wireless networks without actively sending probe requests. Question 2. What tool is commonly used for passive wireless discovery by capturing and analyzing 802.11 frames? A) Aircrack-ng B) Kismet C) Wireshark D) NetStumbler Answer: B Explanation: Kismet is a widely used passive wireless network detector and sniffer that captures 802.11 frames for discovery and analysis without transmitting probe requests.
Question 3. Which management frame is primarily used by clients to announce their presence and request connection to an AP? A) Beacon frame B) Probe request C) Authentication frame D) Probe response Answer: B Explanation: Probe request frames are sent by clients actively searching for available networks; they request information from APs to establish a connection. Question 4. Which of the following attacks exploits IV collisions in WEP by analyzing repeated IVs to recover the encryption key? A) ChopChop attack B) IV collision attack C) KRACK attack D) Evil twin attack Answer: B Explanation: IV collision attacks in WEP exploit the reuse of IVs, allowing attackers to analyze packet patterns and recover the WEP key through statistical methods. Question 5. The KRACK attack targets vulnerabilities in which Wi-Fi security protocol?
A) Evil twin attack B) Rogue AP attack C) Man-in-the-middle attack D) Deauthentication attack Answer: A Explanation: An evil twin is a malicious AP configured to mimic a legitimate one, tricking clients into connecting so attackers can intercept credentials or session data. Question 8. What is a primary vulnerability of WPA/WPA2-Enterprise (802.1X/EAP) networks that attackers exploit using rogue APs? A) Weak PSK B) Credential harvesting through fake authentication servers C) IV collisions D) Broadcast storm Answer: B Explanation: Rogue APs can impersonate legitimate 802.1X servers, capturing user credentials during the authentication process, leading to credential theft. Question 9. Which attack involves overwhelming a wireless network by sending a large number of deauthentication frames? A) Jamming
B) Disassociation flood C) Deauthentication attack D) Spectrum poisoning Answer: C Explanation: Deauthentication attacks flood a target with deauth frames, forcing clients to disconnect, effectively causing a denial of service. Question 10. Which interference technique involves intentionally transmitting signals to disrupt wireless communication channels? A) Jamming B) Sniffing C) War chalking D) War driving Answer: A Explanation: Jamming involves transmitting noise or signals on the frequency to interfere with legitimate wireless communication, disrupting network availability. Question 11. Which type of attack targets the ARP cache in wireless environments to redirect traffic through malicious actors? A) DNS spoofing B) ARP poisoning
C) Spectrum jamming D) WPA cracking Answer: B Explanation: Client misassociation occurs when clients connect to unauthorized or malicious APs due to misconfigurations or lack of proper security controls. Question 14. MAC spoofing involves changing the MAC address of a device to: A) Evade detection B) Increase bandwidth C) Improve signal strength D) Reduce interference Answer: A Explanation: MAC spoofing is used to hide the true identity of a device or impersonate another device, aiding in evasion of MAC-based blacklists or detection. Question 15. Hidden SSIDs are considered less secure because they: A) Prevent clients from connecting B) Are easily discoverable through passive scanning C) Encrypt the SSID broadcast D) Require additional authentication
Answer: B Explanation: Hidden SSIDs are not broadcast openly but can still be discovered through passive scanning by capturing management frames, providing limited security benefits. Question 16. War driving refers to the activity of: A) Scanning for open wireless networks while driving B) Launching denial of service attacks C) Setting up rogue access points D) Analyzing RF spectrum for interference Answer: A Explanation: War driving involves driving around with a wireless device to discover and map open or poorly secured wireless networks. Question 17. Which specialized hardware device is often used to perform RF spectrum analysis during security assessments? A) Wi-Fi analyzer B) Directional antenna C) Spectrum analyzer D) Sniffer card Answer: C
Explanation: Regular assessments help identify vulnerabilities and weaknesses in the wireless environment, enabling timely remediation to prevent attacks. Question 20. Which type of event is best monitored using centralized logging systems integrated with SIEM for wireless environments? A) User complaints B) Network performance metrics C) Security incidents and anomalies D) Hardware failure logs Answer: C Explanation: Centralized logging and SIEM integration enable detection, analysis, and response to security incidents and anomalies in wireless networks. Question 21. Which protocol is primarily used for encrypting wireless data in WPA2-Enterprise networks? A) TKIP B) AES with CCMP C) WEP D) WPA3-SAE Answer: B Explanation: WPA2-Enterprise uses AES encryption with CCMP for securing data confidentiality and integrity.
Question 22. WPA3 introduces which feature to improve security over WPA2? A) TKIP encryption B) Simultaneous Authentication of Equals (SAE) C) WEP compatibility D) Open network mode Answer: B Explanation: WPA3 uses SAE (Simultaneous Authentication of Equals) to provide stronger password-based authentication resistant to offline attacks. Question 23. Which network segmentation technique involves creating separate virtual LANs for different user groups to enhance security? A) VLANs B) VPNs C) NAT D) DMZ Answer: A Explanation: VLANs segment network traffic logically, isolating different user groups or devices to reduce the attack surface.
A) To increase network throughput B) To detect and block malicious wireless activities C) To extend Wi-Fi coverage D) To authenticate users Answer: B Explanation: WIPS actively monitors, detects, and prevents malicious or unauthorized wireless activities, enhancing security. Question 27. Which device component is most critical to physically secure to prevent tampering in a wireless environment? A) Client devices B) Access points and controllers C) Network switches D) Workstations Answer: B Explanation: Securing access points and controllers physically prevents tampering, theft, or unauthorized modification of wireless infrastructure. Question 28. Regular firmware updates for wireless devices are vital because they: A) Improve signal strength
B) Fix security vulnerabilities C) Increase coverage area D) Reduce power consumption Answer: B Explanation: Firmware updates often contain patches for security vulnerabilities, reducing the risk of exploitation. Question 29. Which security measure is most effective for managing mobile devices connecting to enterprise wireless networks? A) MAC filtering B) Mobile Device Management (MDM) C) Hidden SSIDs D) WEP encryption Answer: B Explanation: MDM enforces security policies on mobile devices, including encryption, remote wipe, and app controls, ensuring secure connections. Question 30. Which is a best practice in wireless security policy development? A) Disabling all encryption B) Allowing open networks for guest access C) Defining clear acceptable use and incident response procedures
Answer: C Explanation: The analysis phase involves investigating the incident, identifying attack vectors, and understanding its scope and impact. Question 33. Which physical security measure involves environmental controls to protect wireless infrastructure? A) CCTV monitoring B) Securing access points in locked enclosures C) Employee background checks D) Network segmentation Answer: B Explanation: Environmental controls, such as locking enclosures and climate control, prevent physical tampering and damage to wireless hardware. Question 34. When onboarding personnel, what security best practice should be followed? A) Assigning default passwords B) Conducting background checks and providing security training C) Allowing open access to all network resources D) Avoiding documentation Answer: B
Explanation: Proper onboarding includes background checks and security awareness training to mitigate insider threats and ensure security compliance. Question 35. Which security tool helps identify rogue access points by comparing detected APs to authorized lists? A) Spectrum analyzer B) Site survey tools C) Rogue AP detection software D) Packet sniffer Answer: C Explanation: Rogue AP detection software scans for unauthorized APs and compares them against authorized lists to identify potential threats. Question 36. Which wireless security protocol is most vulnerable to dictionary attacks when used with weak passwords? A) WPA2-Personal B) WPA C) WEP D) WPA2-Enterprise Answer: A Explanation: WPA2-Personal’s PSK is vulnerable to dictionary attacks if weak passwords are used, as attackers can attempt common passwords offline.
Question 39. Which method is used to securely connect wireless clients to a corporate network over untrusted networks? A) WEP encryption B) WPA2-Personal C) VPN over wireless D) MAC filtering Answer: C Explanation: VPNs create secure tunnels over untrusted networks, encrypting data between clients and the corporate network. Question 40. What is the primary security concern with cloud-managed wireless access points? A) Signal interference B) Data privacy and API security risks C) Limited coverage D) Increased power consumption Answer: B Explanation: Cloud management introduces data privacy concerns and potential API security vulnerabilities that must be addressed through proper controls. Question 41. In SDN-enabled wireless networks, securing the control plane involves:
A) Disabling all control protocols B) Implementing strong authentication and encryption for control traffic C) Using open protocols D) Avoiding centralized control Answer: B Explanation: Securing the control plane requires strong authentication and encryption to prevent unauthorized access and manipulation of network policies. Question 42. Which quantum-resistant cryptographic approach is gaining relevance for future wireless security? A) RSA B) ECC C) Post-Quantum Cryptography (PQC) algorithms D) WEP Answer: C Explanation: PQC algorithms are designed to withstand attacks from quantum computers and are increasingly considered for securing future wireless communications. Question 43. Ethical hacking in wireless security should always begin with: A) Exploiting known vulnerabilities