Practice CWSP-207 Exam Online

Question 1

Given: Your company has just completed installation of an IEEE 802.11 WLAN controller with 20 controller-based APs. The CSO has specified PEAPv0/EAP-MSCHAPv2 as the only authorized WLAN authentication mechanism. Since an LDAP-compliant user database was already in use, a RADIUS server was installed and is querying authentication requests to the LDAP server. Where must the X.509 server certificate and private key be installed in this network?

A : Supplicant devices

B : LDAP server

C : Controller-based APs

D : WLAN controller

E : RADIUS server

Answer: E

Question 2

Given: You support a coffee shop and have recently installed a free 802.11ac wireless hot-spot for the benefit of your customers. You want to minimize legal risk in the event that the hot-spot is used for illegal Internet activity. What option specifies the best approach to minimize legal risk at this public hot-spot while maintaining an open venue for customer Internet access?

A : Configure WPA2-Enterprise security on the access point

B : Block TCP port 25 and 80 outbound on the Internet router

C : Require client STAs to have updated firewall and antivirus software

D : Allow only trusted patrons to use the WLAN

E : Use a WIPS to monitor all traffic and deauthenticate malicious stations

F : Implement a captive portal with an acceptable use disclaimer

Answer: F

Question 3

What is the purpose of the Pairwise Transient Key (PTK) in IEEE 802.11 Authentication and Key Management?

A :

The PTK is a type of master key used as an input to the GMK, which is used for encrypting multicast data frames.

B : The PTK contains keys that are used to encrypt unicast data frames that traverse the wireless medium.

C : The PTK is XOR'd with the PSK on the Authentication Server to create the AAA key.

D :

The PTK is used to encrypt the Pairwise Master Key (PMK) for distribution to the 802.1X Authenticator prior to the 4-Way Handshake.

Answer: B

Question 4

What wireless security protocol provides mutual authentication without using an X.509 certificate?

A : EAP-FAST

B : EAP-MD5

C : EAP-TLS

D : PEAPv0/EAP-MSCHAPv2

E : EAP-TTLS

F : PEAPv1/EAP-GTC

Answer: A

Question 5

As the primary security engineer for a large corporate network, you have been asked to author a new security policy for the wireless network. While most client devices support 802.1X authentication, some legacy devices still only support passphrase/PSK-based security methods. When writing the 802.11 security policy, what password-related items should be addressed?

A :

MSCHAPv2 passwords used with EAP/PEAPv0 should be stronger than typical WPA2-PSK passphrases.

B : Password complexity should be maximized so that weak WEP IV attacks are prevented.

C :

Static passwords should be changed on a regular basis to minimize the vulnerabilities of a PSK-based authentication.

D : Certificates should always be recommended instead of passwords for 802.11 client authentication.

E : EAP-TLS must be implemented in such scenarios.

Answer: C

Name:	Certified Wireless Security Professional
Exam Code:	CWSP-207
Certification:	CWSP
Vendor:	CWNP
Total Questions:	121
Last Updated:	Nov 11, 2025

CWNP CWSP-207 Answers