What authentication method is referenced in the 802.11-2016 and 802.11-2020 specifications and is recommended for robust WI-AN client security?
Correct Answer: B
The authentication method that is referenced in the 802.11-2016 and 802.11-2020 specifications and is recommended for robust WLAN client security is 802.1X/EAP. 802.1X/EAP stands for IEEE 802.1X Port-Based Network Access Control with Extensible Authentication Protocol and is a framework that provides strong authentication and dynamic encryption key generation for WLAN clients. 802.1X/EAP involves three parties: the supplicant (the client), the authenticator (the AP or the controller), and the authentication server (usually a RADIUS server). The supplicant sends its credentials (such as username and password, certificate, or token) to the authenticator, which forwards them to the authentication server. The authentication server verifies the credentials and sends a response to the authenticator, which grants or denies access to the supplicant. The authentication server also generates a master key that is used to derive encryption keys for the data frames between the supplicant and the authenticator. 802.1X/EAP supports various EAP methods that offer different levels of security and flexibility, such as EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, and EAP-SIM. SSL, IPSec, and WEP are not authentication methods, but rather encryption or security protocols that are not specific to WLANs or referenced in the 802.11 specifications. References: [CWNP Certified Wireless Network Administrator Official Study Guide: ExamCWNA-109], page 299; [CWNA: Certified Wireless Network Administrator Official Study Guide: ExamCWNA-109], page 289.
Question 37
What statement about the IEEE 802.11-2016 QoS facility is true?
Correct Answer: C
802.11 QoS is achieved by giving high priority queues a statistical advantage at winning contention. 802.11 QoS is based on the Enhanced Distributed Channel Access (EDCA) mechanism, which defines four access categories (ACs) for different types of traffic: Voice, Video, Best Effort, and Background. Each AC has its own transmit queue and contention parameters, such as Arbitration Interframe Space (AIFS), Contention Window (CW), and Transmission Opportunity (TXOP). These parameters determine how long a station has to wait before transmitting a frame and how long it can occupy the channel. Higher priority ACs have shorter AIFS, smaller CW, and longer TXOP, which means they have more chances to access the channel and send more data than lower priority ACs. However, this does not guarantee that higher priority ACs will always win the contention, as there is still a random backoff process involved. Therefore, 802.11 QoS is a statistical service that provides different levels of service quality based on traffic categories. References: , Chapter 10, page 403; , Section 6.1
Question 38
You are using a tool that allows you to see signal strength for all Aps in the area with a visual representation. It shows you SSIDs available and the security settings for each SSID. It allows you to filter by frequency band to see only 2.4 GHz networks or only 5 GHz networks. No additional features are available. What kind of application is described?
Correct Answer: D
The tool described is a WLAN (Wireless Local Area Network) scanner tool. WLAN scanner tools are designed to provide information about the wireless networks in a given area, including: * Signal Strength: They show the signal strength of all access points (APs) in the vicinity, which is crucial for understanding the coverage area and potential interference. * SSID Visualization: These tools display the SSIDs (Service Set Identifiers) of available networks, allowing users to identify different wireless networks easily. * Security Settings Information: WLAN scanner tools often show the type of security implemented on each network, such as WPA2, WEP, etc. * Frequency Band Filtering: They allow users to filter and view networks based on the frequency band (2.4 GHz or 5 GHz), which is useful for analyzing network distribution and planning. While protocol analyzers, site survey utilities, and spectrum analyzers are also used in wireless networking, their functions are distinct from what is described: * Protocol Analyzersare more sophisticated and are used to capture and analyze network traffic. * Site Survey Utilitiesare used to map signal coverage and plan network layouts, often with more advanced features for detailed site surveys. * Spectrum Analyzersprovide a detailed view of the frequency spectrum and non-Wi-Fi interference but don't typically focus on SSIDs or security settings. Thus, the correct answer is D, a WLAN scanner tool, based on the functionalities described. References: * CWNA Certified Wireless Network Administrator Official Study Guide: Exam PW0-105, by David D. Coleman and David A. Westcott. * Tools and techniques for wireless network analysis and troubleshooting.
Question 39
What statement about 802.3, Clause 33 Power over Ethernet is true?
Correct Answer: D
https://www.cablinginstall.com/articles/2012/08/cat-6a-vs-cat-5e-poe.html The statement that the lowest voltage drop is achieved when using CAT6 cable instead of Cat5 or CAT5e is true about 802.3, Clause 33 Power over Ethernet. Power over Ethernet (PoE) is a technology that allows electrical power to be delivered over Ethernet cables along with data signals. PoE is defined by IEEE 802.3, Clause 33 and has several variants, such as PoE (802.3af), PoE+ (802.3at), and PoE++ (802.3bt). PoE works by using a device called PSE (Power Sourcing Equipment) that injects power into the Ethernet cable and a device called PD (Powered Device) that receives power from the Ethernet cable. The PSE can be either an endpoint device, such as a switch or a router, or a midspan device, such as an injector or a splitter, that is inserted between two Ethernet devices. The PD can be any device that requires power, such as an access point, a camera, or a phone. One of the factors that affects PoE performance is voltage drop, which is the reduction of voltage that occurs as current flows through a cable due to its resistance. Voltage drop can cause power loss and inefficiency in PoE systems, as well as damage to PDs if the voltage falls below their minimum requirement. To minimize voltage drop, it is recommended to use high-quality cables with low resistance and short length. Among the common types of Ethernet cables, CAT6 has the lowest resistance and therefore the lowest voltage drop compared to Cat5 or CAT5e. CAT6 also has higher bandwidth and data rate than Cat5 or CAT5e, making it more suitable for PoE applications. References: 1, Chapter 7, page 263; 2, Section 4.4
Question 40
What security option for 802.11 networks supports SAE and requires protected management frames? * WPA
Correct Answer: C
The security option for 802.11 networks that supports SAE and requires protected management frames is WPA3. WPA3 stands for Wi-Fi Protected Access version 3 and is the latest security standard for WLANs. WPA3 supports two modes: WPA3-Personal and WPA3-Enterprise. WPA3-Personal uses Simultaneous Authentication of Equals (SAE) as the key exchange protocol, which provides stronger protection against offline dictionary attacks and password guessing than WPA2-Personal. WPA3 also requires protected management frames, which are encrypted frames that prevent spoofing, replay, or denial-of-service attacks on management frames such as deauthentication or disassociation frames. WPA, WPA2, and OWE do not support SAE or require protected management frames. References: [CWNP Certified Wireless Network Administrator Official Study Guide: ExamCWNA-109], page 307; [CWNA: Certified Wireless Network Administrator Official Study Guide: ExamCWNA-109], page 297.
