CWSP-208 Exam Dumps - Certified Wireless Security Professional (CWSP)

Opportunistic Key Caching (OKC) is a non-standardized fast roaming method that allows clients to roam between APs without repeating the full 802.1X/EAP authentication process.

OKC was proposed by vendors (not the IEEE or Wi-Fi Alliance), so there was no formal certification early on.

This led to inconsistent and delayed client support, preventing widespread adoption.

Incorrect:

A. OKC does not involve inter-controller roaming in most scenarios; it's a local caching method.

C. The cryptographic overhead was not a significant barrier compared to lack of standardization.

D. OKC was not defined in IEEE 802.11r—Fast BSS Transition (FT) was.

WIPS platforms with multiple sensors can locate rogue devices using:

A. TDoA: Measures the time difference a signal takes to reach multiple sensors; requires synchronized clocks.

C. Trilateration using RSSI: Estimates distance based on signal strength from three or more known sensor positions.

E. RF Fingerprinting: Matches received signals to known RF patterns in the environment for device positioning.

AoA requires directional antennas (not typical with dipoles), and GPS is used for locating mobile sensors or vehicles, not indoor rogues.

Many protocol analyzers require special drivers or place the NIC into monitor/promiscuous mode. When used this way, the original driver stack may be altered or replaced. Afterward, if not correctly reloaded, the adapter may lack full 802.1X support or required encryption features. This is likely the case here — Mary's WLAN adapter is still under the control of or affected by the analyzer’s NIC driver, which doesn’t support PEAP properly.

For troubleshooting fast roaming (e.g. 802.11r) across channels, a portable protocol analyzer with dual- or multi-band 802.11n adapters enables:

Simultaneous packet capture on different channels

Capturing handoff-related frames and timing analysis in roaming scenarios

This setup allows detailed capture of reassociation, authentication, and 4-Way Handshake processes, essential for diagnosing roaming delays.

Other options (WIPS, spectrum analyzer, autonomous AP) do not support detailed 802.11 frame capture across multiple channels during roaming events.

Rogue APs pose a significant risk and should be detected and mitigated automatically.

D. A properly configured Wireless Intrusion Prevention System (WIPS) can detect unauthorized APs and prevent client associations to them in real time.

Incorrect:

A. While WPA2-Enterprise adds client-level protection, it does not detect rogue APs.

B. Hiding SSIDs is ineffective—SSIDs are still discoverable in management frames.

C. Manual scans are labor-intensive and impractical for ongoing monitoring.

E. Port security controls wired threats but cannot detect rogue APs using wireless signals.

Developing a robust WLAN security policy requires buy-in from executive or senior management. Without management support, it’s difficult to enforce compliance, allocate resources, or prioritize security among other organizational objectives. This foundational step ensures that policy creation and enforcement are feasible and aligned with organizational goals.

Incorrect:

A. Device/vendor specifics are addressed later during implementation.

C. End-user training materials are created after the policy is finalized.

D. Security policy software can assist, but is not essential compared to management support.

A strong WLAN security policy should encompass both technical controls and user education.

C. Educating users about secure password creation and acceptable use policies helps reduce risks due to weak authentication and misuse.

E. Social engineering is a common attack vector, and educating users to recognize and report such attempts is critical.

Incorrect:

A. MAC addresses are always transmitted in the clear, even with encryption.

B. Policies should be shared with users to promote compliance and awareness.

D. Passwords for administrative systems should not be disclosed in public documentation or policy documents.

Peer-to-peer blocking (also called client isolation) is useful in open or public WLANs to prevent devices from communicating directly with each other.

B. In public hot-spots, isolating users helps protect against malware spread, snooping, and attacks from nearby devices.

Incorrect:

A. In home networks, peer-to-peer communication is often desired for file sharing.

C. Voice over Wi-Fi may rely on peer communication (e.g., multicast).

D. In university setups using multicast, peer-to-peer restrictions could hinder functionality.