Certified Wireless Security Professional (CWSP) Sample Questions

The Certified Wireless Security Professional (CWSP) certification is a professional-level wireless LAN certification for the CWNP Program. The employee conducts WLAN security audits, implements compliance monitoring systems, and learns how to set up Wireless Intrusion Prevention Systems (WISPS) and build a network’s security architecture.

Prospective Clientele For Certified Wireless Security Professional

• Network Administrators or Consultants
• IT Specialists

As the name implies, the Certified Wireless Security Professional (CWSP) exam consists of 60 multiple-choice questions and is a professional-level exam. The exam lasts 90 minutes and you must pass with a 70% or higher score in online exam. The CWSP certification is valid for three years and must be renewed by passing the most recent version of the Certified Wireless Security Professional exam.

Advanced Sample Questions

A company is implementing wireless security on its network. An attacker is attempting to access the network from a nearby location. What type of wireless security attack is this scenario most likely describing?

• A) Man-in-the-Middle attack
• B) Rogue AP attack
• C) War Driving attack
• D) Denial of Service attack

Answer: A) Man-in-the-Middle attack

Explanation: A Man-in-the-Middle attack involves an attacker intercepting and manipulating the communication between two parties. In this scenario, the attacker is attempting to access the network and potentially steal sensitive information or inject malicious code.

An employee wants to connect their personal device to the company’s wireless network. What security measure should be implemented to prevent unauthorized access to the network?

• A) WPA2 encryption
• B) MAC filtering
• C) SSID hiding
• D) Firewall rules

Answer: B) MAC filtering

Explanation: MAC filtering allows the network administrator to specify which devices are allowed to connect to the network based on their MAC address. This helps prevent unauthorized devices from accessing the network.

A company is using WEP encryption on its wireless network but has noticed a decrease in performance. What should the company do to improve the performance and security of the network?

• A) Implement WPA encryption
• B) Use a stronger password
• C) Disable encryption completely
• D) Increase the number of access points

Answer: A) Implement WPA encryption

Explanation: WEP encryption is easily crackable and does not provide adequate security for modern networks. WPA encryption provides stronger security and improved performance compared to WEP.

A company’s wireless network is experiencing frequent disconnections and slow performance. What is the likely cause of these issues?

• A) Interference from nearby networks
• B) Outdated wireless hardware
• C) Inadequate wireless coverage
• D) Malware on connected devices

Answer: A) Interference from nearby networks

Explanation: Interference from nearby networks, such as other wireless devices or other wireless networks, can cause issues such as disconnections and slow performance. The company should evaluate their wireless network and potentially change the frequency or channel to avoid interference.

An attacker is attempting to gain unauthorized access to a company’s wireless network. What is the attacker most likely trying to accomplish?

• A) Disrupt the network
• B) Steal sensitive information
• C) Increase network traffic
• D) Install malware on connected devices

Answer: B) Steal sensitive information

Explanation: The attacker is attempting to gain unauthorized access to the network to potentially steal sensitive information, such as financial or personal data. They may also be attempting to install malware to further compromise the network.

A company is deploying a new wireless network and wants to ensure the highest level of security. What security protocol should the company use to encrypt wireless traffic?

• A) WEP
• B) WPA
• C) WPA2
• D) WPA3

Answer: C) WPA2

Explanation: WPA2 is the most secure protocol for encrypting wireless traffic, providing robust encryption and authentication mechanisms. WEP and WPA are older protocols with known security vulnerabilities, while WPA3 is the newest protocol but may not be supported by all devices yet.

A company’s wireless network is experiencing high levels of interference and slow speeds. What can the company do to resolve this issue?

• A) Increase the number of access points
• B) Disable encryption
• C) Change the channel used by the network
• D) Upgrade to faster wireless hardware

Answer: C) Change the channel used by the network

Explanation: Interference from nearby wireless networks can cause slow speeds and disconnections on a wireless network. Changing the channel used by the network can help resolve this issue. Increasing the number of access points may help improve performance, but won’t resolve interference issues. Disabling encryption or upgrading hardware may not address the root cause of the problem.

An attacker is attempting to connect to a company’s wireless network. What type of attack is the attacker attempting?

• A) War Driving
• B) Rogue AP
• C) Man-in-the-Middle
• D) Denial of Service

Answer: B) Rogue AP

Explanation: A Rogue AP is a wireless access point that has been set up by an attacker on the company’s network without authorization. This type of attack allows the attacker to potentially access sensitive information or steal data from connected devices. War Driving involves searching for wireless networks while driving or walking, Man-in-the-Middle involves intercepting and manipulating communication between two parties, and Denial of Service involves overwhelming a network with traffic to prevent legitimate users from accessing it.

A company wants to secure their wireless network from unauthorized access. What security measure should the company implement to prevent unauthorized access to the network?

• A) Disable encryption
• B) Implement MAC filtering
• C) Disable SSID broadcast
• D) Use a strong password

Answer: B) Implement MAC filtering

Explanation: MAC filtering allows the network administrator to specify which devices are allowed to connect to the network based on their MAC address. This helps prevent unauthorized devices from accessing the network. Disabling encryption, disabling SSID broadcast, and using a strong password can provide some level of security, but may not be enough to fully prevent unauthorized access.

A company’s wireless network is experiencing high levels of unauthorized access. What should the company do to resolve this issue?

• A) Disable encryption
• B) Increase the number of access points
• C) Implement stronger security protocols
• D) Implement network segmentation

Answer: C) Implement stronger security protocols

Explanation: Unauthorized access to a wireless network can occur due to weak or outdated security protocols. Implementing stronger security protocols, such as WPA2, can help prevent unauthorized access to the network. Increasing the number of access points may improve performance, but won’t necessarily prevent unauthorized access. Disabling encryption or implementing network segmentation may not address the root cause of the problem.

Basic Sample Questions

Question 1 –

What kind of WLAN attack is avoided by using a per-MPDU TKIP sequence counter (TSC)?

• A. Weak-IV
• B. Replay
• C. Forgery
• D. Bit-flipping
• E. Session hijacking

Answer –B

Question 2 –

What 802.11 WLAN security issue is addressed directly by mutual authentication?

• A. Weak password policies
• B. Wireless hijacking attacks
• C. MAC spoofing
• D. Disassociation attacks
• E. Offline dictionary attacks
• F. Weak Initialization Vectors

Answer –B

Question 3 –

The wireless network is used by ABC Company for highly sensitive network traffic. As a result, they intend to protect their network in every way possible. They are constantly investigating new network threats and preventative measures. They are curious about the security benefits of 802.11w but want to know its limitations.
802.11w protects against what types of wireless attacks? (Select 2)

• A. RF DoS attacks
• B. Layer 2 Disassociation attacks
• C. Effective frame replay management attacks
• D. Social engineering ploys

Answer – B, C

Question 4 –

You are configuring seven access points to prevent common security threats. The APs are to be installed in a small business, and the company decided to install all consumer-grade wireless routers to save money. The wireless routers will be linked to a switch, which will be linked directly to the Internet connection, providing 50 Mbps of Internet bandwidth to be shared by 53 wireless and 17 wired clients. What security measures can you implement given only the hardware referenced to ensure the wireless network is as secure as possible from common attacks?

• A. WPA-Enterprise
• B. 802.1X/EAP-PEAP
• C. WPA2-Enterprise
• D. WPA2-Personal

Answer –D

Question 5 –

WPA-Personal and MAC filtering are used to implement a WLAN.
What common wireless network attacks could this network be vulnerable to? (Select 3)

• A. Offline dictionary attacks
• B. MAC Spoofing
• C. ASLEAP
• D. DoS

Answer –A, B, D

Question 6 –

A network attack is currently underway. The attack prevents users from accessing resources needed for business operations, but the attacker has no access to any files or data. What type of attack is being described?

• A. Hijacking
• B. The man-in-the-middle
• C. ASLEAP
• D. DoS

Answer –D

Question 7 –

Given: WLAN attacks are usually carried out by hackers in order to exploit a specific vulnerability within a network. Which of the following statements correctly associates the type of WLAN attack with the exploited vulnerability? (Select 3)

• A. Management interface exploit attacks are attempts to obtain credentials from managers through social engineering.
• B. Zero-day attacks are always attempting to crack authentication or encryption.
• C. RF DoS attacks prevent wireless communication on a specific frequency or frequency range from being successful.
• D. Hijacking attacks disrupt a legitimate connection and establish a new one with an evil twin AP.
• E. Social engineering attacks are carried out in order to obtain sensitive information from unsuspecting users.
• F. Layer 3 DoS attacks against authenticated client stations are known as association flood attacks.

Answer – C, D, E

Question 8 –

Given: An attack conducted by an authorized network user who knows the passphrase is one of the security risks introduced by WPA2-Personal. To decrypt other users’ traffic, the attacker must obtain specific information from the other users’ 4-way handshake. What other three inputs must a protocol analyzer collect in addition to the Pairwise Master Key (PMK) and the supplicants address (SA) to recreate encryption keys? (Select 3)

• A. Authenticator nonce
• B. Supplicant nonce
• C. Authenticator address (BSSID)
• D. GTKSA
• E. Authentication Server nonce

Answer –A, B, C

Question 9 –

What are the primary requirements for a network to be classified as a Robust Security Network (RSN)?

• A. Token cards must be used for authentication.
• B. Dynamic WEP-104 encryption must be enabled.
• C. WEP may not be used for encryption.
• D. WPA-Personal must be supported for authentication and encryption.
• E. WLAN controllers and APs must not support SSHv1.

Answer –C

Question 10 –

Given: You’re combining multiple packet captures with a Wireless Aggregator utility. There is one capture for each of channels 1, 6, and 11. What sort of troubleshooting are you most likely doing with such a tool?

• A. Failure analysis of wireless adapters.
• B. The source of the interference.
• C. Issues with fast secure roaming.
• D. Detection of narrowband DoS attacks.

Answer –C

Question 11 –

Which of the following security attacks cannot be detected by a WIPS solution of any kind? (Select 2)

• A. Rogue APs
• B. DoS
• C. Eavesdropping
• D. Social engineering

Answer – C, D

Question 12 –

What attacks can be used to obtain the credentials of a valid user on a public hotspot network? Select the only completely correct answer.

• A. Social engineering and/or eavesdropping
• B. RF DoS and/or physical theft
• C. MAC denial of service and/or physical theft
• D. Authentication cracking and/or RF DoS
• E. Code injection and/or XSS

Answer –A

Question 13 –

During a hijacking attack, what WLAN client device behavior is exploited by an attacker?

• A. If the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate with a better-signal-quality access point.
• B. If the RF signal between a client and an access point is lost, the client will not attempt to reconnect until the 120-second hold down timer has expired.
• C. Client stations and access points do not need to perform another 4-way handshake after the initial association and 4-way handshake, even if connectivity is lost.
• D. According to the Wi-Fi Alliance, clients that use Open System authentication must allow direct client-to-client connections, even when connected to an infrastructure BSS.
• E. Before scanning the 5 GHz band, client drivers look for and connect to access points in the 2.4 GHz band.

Answer –A

Question 14 –

What software and hardware tools are used in tandem to hijack a wireless station from an authorized wireless network and redirect it to an unauthorized wireless network? (Select 2)

• A. An RF jammer and a wireless radio card
• B. A patch antenna with a low gain and terminal emulation software
• C. A wireless workgroup bridge and a protocol analyzer
• D. Access point and DHCP server software
• E. MAC spoofing software and MAC DoS software, for example.

Answer –A, D

Question 15 –

Given: Many computer users access the Internet through airports, which frequently have 802.11n access points with a captive portal for authentication. What type of wireless attack is a user vulnerable to while using an airport hotspot with this security solution? (Select 2)

• A. Man-in-the-Middle
• B. Wi-Fi phishing
• C. Management interface exploits
• D. UDP port redirection
• E. IGMP snooping

Answer – A, B

Question 16 –

Given: During 802.1X/LEAP authentication, the username is sent in clear text across the wireless medium. Why is this significant in terms of security?

• A. Personal Access Credential (PAC) and X.509 certificate validation require the username.
• B. Because the username is an input to the exploited LEAP challenge/response hash, it must be known in order to conduct authentication cracking.
• C. In WPA and WPA2 authentication, the 4-Way Handshake nonces are based on the username.
• D. The username can be found in a dictionary file that contains a list of commonly used username/password combinations.

Answer – B

Question 17 –

Given: WPA2-Personal is used by two autonomous 802.11ac APs and 12 client devices in XYZ’s small business. What statement about this company’s WLAN security is true?

• A. An offline dictionary attack can be used to obtain the pass and gain network access, but they will be unable to decrypt the data traffic of other users.
• B. To successfully attack all unicast traffic on the network, a weak dictionary attack and the capture of the most recent 4-Way Handshake for each client would be required.
• C. Because WPA2-Personal does not encrypt multicast or broadcast traffic, an unauthorized wireless client device cannot associate but can eavesdrop on some data.
• D. If an unauthorized WLAN user captures the BSSID, client MAC address, and a user’s 4-Way Handshake, he can decode data frames of authorized users using a protocol analyzer.
• E. Because WPA2-Personal employs Open System Authentication, which is followed by a 4-Way Handshake, hijacking attacks are simple to carry out.

Answer –B

Question 18 –

Given: The Aircrack-ng WLAN software tool is capable of capturing and transmitting modified 802.11 frames over a wireless network. It is included with Kali Linux and some other Linux distributions. What are three applications for such a tool? (Select 3)

• A. Sending a deauthentication frame in order to disconnect a user from the AP.
• B. Examining a WIPS’s configuration and functionality by simulating common attack sequences
• C. Examining the RADIUS server and authenticator in order to discover the RADIUS shared secret
• D. Cracking the authentication or encryption processes that are poorly implemented in some WLANs

Answer –A, B, D

Question 19-

Assume you manage a wireless network with 200 wireless users. You need 20 access points for your facility, and you’ve installed an IEEE 802.11-compliant implementation of 802.1X/LEAP with AES-CCMP as an authentication and encryption solution. What types of attacks are initially vulnerable to the wireless network in this configuration? (Select 2)

• A. Encryption cracking
• B. Offline dictionary attacks
• C. Layer 3 peer-to-peer
• D. Application eavesdropping
• E. Session hijacking
• F. Layer 1 DoS

Answer – B, F

Question 20 –

In Linux, you perform a protocol capture with Wireshark and a compatible 802.11 adapter. When you look at the capture, you’ll notice an auth req frame and an auth rsp frame. After that, you’ll notice an assoc req frame and an assoc rsp frame. Following that, you’ll notice DHCP communications and then ISAKMP protocol packets. What type of security solution is being represented?

• A. 802.1X/EAP-TTLS
• B. Open 802.11 authentication with IPSec
• C. 802.1X/PEAPv0/MS-CHAPv2
• D. WPA2-Personal with AES-CCMP
• E. EAP-MD5

Answer –B

Question 21 –

How should a wireless security professional address the problem of rogue access points as part of a large organization’s security policy?

• A. For network access of corporate devices, use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption.
• B. Hide the SSID of all legitimate APs on the network so that intruders can’t use it on rogue APs.
• C. Perform extensive manual facility scans with spectrum analyzers to detect rogue AP RF signatures.
• D. For rogue detection and response measures, a trained employee should install and configure a WIPS.
• E. Enable port security on Ethernet switch ports with no more than three MAC addresses per port.

Answer – D