What statements are true for 802.11 FHSS?

 A   FHSS is affected by narrowband RF interference to a lesser degree than DSSS

 B   FHSS uses all 100 MHz of the 2.4 GHz ISM band
 C   FHSS uses frequency diversity to retransmit lost frames on different frequencies
 D   FHSS is highly susceptible to interference from class 2 Bluetooth systems at a distance of up to 1 mile
(1.6 km)
 E   OFDM technology, found in the IEEE ERP-OFDM standard, is based on 802.11 FHSS technology

Explanation:  Frequency Hopping Spread Spectrum (FHSS) systems use frequency diversity (changing
frequencies). When transmitted frames are not acknowledged when sent on one frequency, the transmitting
system continues retransmitting until it is time to hop to the next frequency in its pseudorandom hop sequence.
It then begins retransmission of the previous data frames on the new frequency. Frequency diversity is very
effective at coping with narrowband RF interference.
Since 802.11 FHSS systems must use a minimum of 75 center frequencies (1 MHz wide each) in a hop
sequence, RF interference on any center frequency will pose a problem for only 1/75th of the system's entire
bandwidth. DSSS systems use a single center frequency with a bandwidth of 22 MHz. Any 1 MHz-wide RF
interfering signal will pose a problem for 1/22nd of the system's entire bandwidth. This one facet of
FHSS/DSSS comparison shows that 802.11 FHSS systems are more than three times better at dealing with
narrowband RF interference than 802.11 DSSS systems

What is the difference between an active and passive site survey?

 A   Passive site surveys create virtual models to predict RF behavior

 B   Passive site surveys manually capture information for RF transmissions in the coverage area
 C   Active site surveys manually capture information for all RF transmissions at the client
 D   Active site surveys associate to a single access point to capture detailed connectivity information
 E   Active site surveys are based on actual radio signal tests performed at the client site

Explanation:  Two types of manual site surveys are passive and active site surveys. In a passive site survey,
samples of RF traffic in different sections of an area are captured and compared, typically identifying RSSI and
SNR values. Active site surveys include associating to a single access point for detailed connectivity testing,
and are the best representative of the true quality of a connection in that location.
Both require manually walking the site sampling actual signal strength, etc. using some sort of assessment
utility, and are based on actual radio signal tests performed at the WLAN client location.

ABC Company is looking to implement a new enterprise WLAN and is deciding upon either a single- or multi-
channel architecture solution. They have hired you as a consultant to help educate them on the advantages and
weaknesses of each solution.
What information can you provide them to help make their decision?

 A   Roaming is improved with single-channel architecture because the client does not have to make any
roaming decisions.
 B   Because single-channel architecture effectively eliminates the need for channel planning, wireless site
surveys are no longer necessary.
 C   Multi-channel architecture solutions take more planning to avoid channel overlap compared to single-
channel architecture solutions.
 D   All access points in a single-channel architecture use the same BSSID (mac address), helping to
prevent a client from distinguishing one access point from another.
 E   Within the same physical space, multi=channel architecture systems can provide greater throughput
capacity than single-channel architecture systems.

Explanation:  Multi-channel architecture networks deploy access points using a different RF channel or

frequency for each transmitter. To provide areas of continuous coverage, access points are placed at intervals,
with each providing coverage in its area, or cell, on a given RF channel. The use of different RF channels
prevents co-channel interference in areas where cells overlap. This overlapping condition is avoided in the
adaptive model by moving access points on the same channel physically as far apart as possible. Wireless
network designers use transmit power to influence the size of each cell, and as much as possible identify the
best RF channel re-use pattern across the network to avoid areas where same-channel cells overlap.
In the multi-channel architecture model, client stations choose to associate to a particular access point by
selecting the appropriate RF channel and tuning out other access points transmitting on other RF channels.
Roaming is accomplished by the client switching its radio to work on the new access point's RF channel. The
handoff between access points is initiated by the client. The client must decide it's time to handover, then select
the target access point and switch to the new RF channel, and then re-authenticate at that access point. Each of
these phases of handover is difficult to accomplish quickly, accurately and consistently.

Single-channel architecture networks use access points that are all tuned to the same RF channel or frequency.
The simplest view of this model shows a number of access points with overlapping coverage forming a
continuous region. Most implementations uses access points that also share the same SSID and MAC address,
and are designed so that the clients cannot distinguish between the access points providing coverage. Instead,
the network decides which access point should transmit and receive data for a particular client. In other words
the client is not involved in any handoff decision. As clients move through a building, the network directs traffic
to them via the nearest access point with available capacity. A WLAN controller is necessary to centrally
manage the handoff decisions.

Because all access points are set to a common RF channel, the only decision to be made is to choose the best
channel for the entire network.

Co-channel interference is a phenomenon where transmissions from one cell spread to a nearby cell on the same
RF channel, causing errors or dropped transmissions due to interference when they coincide with transmissions
to or from devices in that cell. To mitigate co-channel interference, spatial separation is effective because the
greater the distance between the devices causing and suffering interference, the lower the level of the unwanted
received signal. Eventually the interfering signal is reduced to such a low level that it is no longer powerful
enough to disrupt the wanted transmissions.

Because all access points share the same channel, single-channel architecture cannot use spatial separation, and
must attempt to solve co-channel interference using stronger proprietary temporal coordination mechanisms
outside of the 802.11 standards. Detailed access point placement based upon a highly accurate site survey must
be used to minimize the effects of co-channel interference from channel overlap.

By co-locating multiple access points in the same physical area using non-overlapping channels, multi-channel
architecture systems can provide greater overall throughput than a single-channel architecture system.

What are mechanisms defined by the IEEE 802.11-1999 (R2003) standard for providing access control and
privacy on a wireless LAN?

 A   RADIUS authentication services

 B   Wired Equivalent Privacy (WEP)
 C   Temporal Key Integrity Protocol (TKIP)
 D   Shared Key authentication
 E   802.1X/EAP authentication
 F   IPSec Virtual Private Networking (VPN)

Explanation:  The 802.11-1999 (R2003) standard defines Shared Key Authentication and Wired Equivalent
Privacy (WEP) as methods of providing access control and privacy per sections 8.1.2 and 8.2.1 as shown below:
8.1.2 Shared Key authentication
Shared Key authentication supports authentication of STAs as either a member of those who know a shared
secret key or a member of those who do not. IEEE 802.11 Shared Key authentication accomplishes this without
the need to transmit the secret key in the clear; however, it does require the use of the WEP privacy mechanism.
Therefore, this authentication scheme is only available if the WEP option is implemented. Additionally, the
Shared Key authentication algorithm shall be implemented as one of the dot11AuthenticationAlgorithms at any
STA where WEP is implemented.

The required secret, shared key is presumed to have been delivered to participating STAs via a secure channel
that is independent of IEEE 802.11.

8.2 The Wired Equivalent Privacy (WEP) algorithm

8.2.1 Introduction
Eavesdropping is a familiar problem to users of other types of wireless technology. IEEE 802.11 specifies a
wired LAN equivalent data confidentiality algorithm. Wired equivalent privacy is defined as protecting
authorized users of a wireless LAN from casual eavesdropping. This service is intended to provide functionality
for the wireless LAN equivalent to that provided by the physical security attributes inherent to a wired medium.

Data confidentiality depends on an external key management service to distribute data enciphering/deciphering
keys. The IEEE 802.11 standards committee specifically recommends against running an IEEE 802.11 LAN
with privacy but without authentication. While this combination is possible, it leaves the system open to
significant security threats

The 802.11i-2004 amendment specifies which two authentication mechanisms?

  A   MAC filters
 B   VPN services
 C   Kerberos services
 D   Preshared key
 E   802.1X port-based access control
 F   Authenticated DHCP

Explanation:  The 802.11i amendment specifies use of 802.1X/EAP and Preshared keys. 802.1X is a port-
based access control mechanism specified by the 802.1X-2004 standard. It is used, along with EAP, to provide
flexible and secure WLAN authentication. There are many types of EAP, and the 802.11i amendment only
specifies a generic 802.1X/EAP framework by which to authenticate clients. Each EAP type has its own RFC.
When 802.1X/EAP is used, the RFC for the EAP type in use specifies how the AAA key will be exported. The
AAA key is used to make the Pairwise Master Key (PMK), which is then used, during the 4-Way Handshake, to
derive the Pairwise Transient Key (PTK). With Preshared keys, a passphrase is entered into the authenticator
and supplicant. Both the authenticator and the supplicant perform a passphrase-to-preshared key (PSK) mapping
algorithm. The PSK is equal to the PMK, and the PTK is derived during a 4-Way handshake the same way with
Preshared key authentication as it is with 802.1X/EAP

Given: A functional security policy describes technology-related procedures that must be followed to maintain a
secure network.

Which elements belong in a functional security policy?

 A   Password policies

 B   Training requirements
 C   Risk assessment
 D   Asset management
 E   Impact analysis
 F   Violation Reporting Procedures

Explanation:  A functional security policy describes technology-related procedures that must be followed to
keep the network secure, and provides specific methods of mitigating threats described in the general security
policy.
A functional policy should contain password policies, training requirements, acceptable usage, security
configuration for devices, and asset management.

Risk assessment, impact analysis, and violation reporting procedures and enforcement belong in the general
security policy

TCP/IP Address Resolution For IP Multicast Addresses

(Page 1 of 2)
Like most discussions of address resolution, the preceding sections all focus on unicast
communication, where a datagram is sent from one source device to one destination device. Whether
direct mapping or dynamic resolution is used for resolving a network layer address, it is a relatively
simple matter to resolve addresses when there is only one intended recipient of the datagram.
TCP/IP uses ARP for its dynamic resolution scheme, which is designed for unicast resolution only.

However, the Internet Protocol also supports multicasting of datagrams, as I explain in the topics on
IP multicasting and IP multicast addressing. In this situation, the datagram must be sent to multiple
recipients, which complicates matters considerably. We need to establish a relationship of some sort
between the IP multicast group address and the addresses of the devices at the data link layer. We
could do this by converting the IP multicast datagram to individual unicast transmissions at the data
link layer, each using ARP for resolution, but this would be horribly inefficient.

Direct Mapping Technique for IEEE 802 Multicast MAC Addresses

When possible, IP makes use of the multicast addressing and delivery capabilities of the underlying
network to deliver multicast datagrams on a physical network. Perhaps surprisingly, even though ARP
employs dynamic resolution, multicast address resolution is done using a version of the direct
mapping technique. By defining a mapping between IP multicast groups and data link layer multicast
groups we enable physical devices to know when to pay attention to multicasted datagrams.

The most commonly used multicast-capable data link addressing scheme is the IEEE 802 addressing
system best known for it use in Ethernet networks. These data link layer addresses have 48 bits,
arranged into two blocks of 24. The upper 24 bits are arranged into a block called the organizationally
unique identifier (OUI), with different values assigned to individual organizations; the lower 24 bits are
then used for specific devices.

The Internet Assigned Number Authority (IANA) itself has an OUI that it uses for mapping multicast
addresses to IEEE 802 addresses. This OUI is "01:00:5E". To form a mapping for Ethernet, 24 bits
are used for this OUI and the 25th (of the 48) is always zero. This leaves 23 bits of the original 48 to
encode the multicast address. To do the mapping, the lower-order 23 bits of the multicast address are
used as the last 23 bits of the Ethernet address starting with "01:00:5E" for sending the multicast
message. This process is illustrated in Figure 51.
  

Figure 51: Mapping of Multicast IP Addresses to IEEE 802 Multicast MAC Addresses

IP multicast addresses consist of the bit string “1110” followed by a 28-bit multicast group address. To
create a 48-bit multicast IEEE 802 (Ethernet) address, the top 24 bits are filled in with the IANA’s
multicast OUI, 01-00-5E, the 25th bit is zero, and the bottom 23 bits of the multicast group are put into
the bottom 23 bits of the MAC address. This leaves 5 bits (shown in pink) that are not mapped to the
MAC address, meaning that 32 different IP addresses may have the same mapped multicast MAC
address.

Key Concept: IP multicast addresses are resolved to IEEE 802 (Ethernet) MAC addresses using a
direct mapping technique that uses 23 of the 28 bits in the IP multicast group address.

In a wireless environment experiencing the effects of multipath, what is the result of using a technology with a
longer guard interval?

 A   Robustness of the system improves.

 B   The system is capable of greater capacity.
 C   Symbol transmission time is increased.
 D   Signal-to-noise ratio is reduced.

Explanation:  Wireless systems must address issues with self-interference known as intersymbol interference
or ISI and fading due to multipath. Preventing multipath errors is acheived by transmitting a short block of data
(a symbol) and then waiting until the additional multipath signals fade before sending another symbol. This
waiting time is know as the guard interval.
When multipath is present, a longer guard interval leads to a more robust system. However, during the guard
interval, the system cannot use the available spectrum, lowering the effective channel capacity. Therefore, the
guard interval should be minimized.

What information is considered necessary to provide a professional site survey?

 A   RSSI
 B   Non-802.11 interference
 C   Security settings
 D   Noise floor
 E   Access point configuration

Explanation:  RF site surveys are the single most important part of a successful wireless implementation. If a
thorough site survey is not performed, the wireless LAN might never work properly, and the site could spend
significant amounts of money on hardware that doesn't perform the intended tasks. Site surveys answer how
many access points should be used, and where they should be placed.
To properly answer those two questions, a professional site survey should identify RSSI values and both
wireless and non-wireless interference sources. RSSI values vary by vendor and may include signal strength, bit
error rate (BER), signal-to-noise ratio (SNR), and load balancing requirements.

Given: ABC Corporation is designing a security solution for their new wireless network. Some client device
applications use Layer 3 protocols other than IP. A consultant has recommended VPN technology as part of the
wireless solution, but ABC does not know which VPN protocol should be used.

What VPN protocol is appropriate?

 A   EAP-TTLS
 B   Kerberos
 C   PPTP
 D   SSH2
 E   WPA

Explanation:  PPTP is a new networking protocol that supports multiprotocol virtual private networks (VPNs),
enabling remote users to access corporate networks securely across the Internet by dialing into an Internet
Service Provider (ISP) or by connecting directly to the Internet. PPTP offers the following advantages:
* Lower Transmission Costs: PPTP uses the Internet as a connection instead of a long-distance telephone
number or 800 service. This can greatly reduce transmission costs.
* Lower Hardware Costs: PPTP enables modems and ISDN cards to be separated from the RAS server. Instead,
they can be located at a modem pool or at a communications server (resulting in less hardware for an
administrator to purchase and manage).
* Lower Administrative Overhead: With PPTP, network administrators centrally manage and secure their
remote access networks at the RAS server. They need to manage only user accounts instead of supporting
complex hardware configurations.
* Enhanced Security: Above all, the PPTP connection over the Internet is encrypted and secure, and it works
with any protocol (including, IP, IPX, and NetBEUI).

PPTP provides a way to route PPP packets over an IP network. Since PPTP allows multiprotocol encapsulation,
you can send any type of packet over the network. For example you can send IPX packets over the Internet.
PPTP treats your existing corporate network as a PSTN, ISDN, or X.25 network. This virtual WAN is
supported through public carriers, such as the Internet.

None of the other options are VPN protocols

What must occur before a client can send and receive data on a wireless network?

 A   Know the SSID used by the access point

 B   Complete the 2-way association handshake
 C   Must disassociate with a previous access point
 D   Authenticate after establishing association
 E   Must use a MAC address included in the access point's MAC filter

Explanation:  Before a wireless client can transmit data on a wireless network, it must join the network by
associating with it using a 2-way handshake.
A client can use the 'any' SSID to join a network that does not disable that capability. Authentication always
occurs before association. When using Open System authentication, the authentication process will always
succeed but must still occur before the association process can begin. A WLAN client in a single access point
system would not have to disassociate before associating with the access point. MAC filters are not required in
a wireless system.

ABC Company has implemented WPA2-Enterprise with PEAP on their WLAN. They use POP3/SSL for email
retrieval. At what OSI layers is encryption applied using these security protocols?

 A   Layer-1
 B   Layer-2
 C   Layer-3
 D   Layer-4
 E   Layer-7

Explanation:  All EAP types are Layer2 protocols. POP3 is an email retrieval protocol at layer7. Other
examples of secure application (layer7) protocols include FTP/SSL, FTP/SSH, SNMP/SSL, HTTPS, and
SNMPv3

Wireless Intrusion Prevention Systems (WIPS) started as Wireless Intrusion Detection Systems (WIDS). WIPS
can both detect and prevent some network attacks, whereas WIDS can only detect and report network
intrusions. Which wireless network attacks can WIPS prevent?

 A   Narrowband RF jamming of a spread spectrum channel

 B   EAP-Start flooding against an access point
 C   Association of authorized clients to rogue access points
 D   Deauthentication attacks against access points by intruders

Explanation:  The physical layer for WLANs is the 'air' and, as such, is a shared medium. Some types of
attack, particularly wireless denial of service attacks, take advantage of the difficulty in securing Layer-1 in
WLANs. Further, some attacks may only take one frame to cause a disruption, which means that by the time the
'bad' frame is detected, it is already too late to stop. Some of the strengths and weaknesses with WIPS include:
1. Narrowband RF jamming cannot be directly mitigated by a WIPS since the physical medium is being flooded
with what amounts to noise. The WIPS can be used to help identify and triangulate the location of the source
device so that another control (i.e. a security guard) can address the RF jammer.

2. EAP-Start flooding can be detected, but again, not directly prevented by a WIPS. Since this attack is intended
to waste AP resources by beginning a large number of wireless 'conversations' there is no connection or
association for the WIPS to block. This attack is somewhat analogous to the old SYN-Flood attacks that were
intended to create a large number of embryonic connections on servers and thus use up available resources.

3. Deauthentication attacks are going to pose a similar problem to WIPS as the EAP-Start flooding mode. These
attacks use a short, fire-and-forget method to cause problems in the WLAN. The WIPS can identify the attacker
and then other means can be used to take it down.

4. Since association takes a number of exchanges and has the intent of establishing connectivity with the rogue
AP, the WIPS can step into the middle of the exchange and shut it down. By monitoring the RF environment for
new APs (and new beacons) the WIPS can remain aware of changes and new potential sources of attack. Once
and AP has been designated as hostile, clients can be effectively blocked from successfully associating until the
rogue device can be tracked down and removed

ABC Company has recently installed an ERP-OFDM wireless LAN and is in the process of performing a
baseline throughput analysis. The network administrator thinks that the ERP-OFDM network's performance is
much closer to expected HR-DSSS values and wishes to discover what is causing the performance degradation.
What troubleshooting tools could the network administrator use for this task?

 A   An 802.11 frame generator application

 B   Distributed spectrum analysis system
 C   Wireless Intrusion Prevention System (WIPS)
 D   Laptop protocol analyzer
 E   A PC Card manufacturer's client utilities
Explanation:  An RF spectrum analyzer (whether handheld, laptop-based, or distributed) would help you locate
narrowband or wideband RF interference which could be causing 802.11 frame retransmission. Retransmissions
cause severe throughput degradation. WIPS and Laptop protocol analyzers are both capable of finding security
and performance problems such as:
1. Rogue access points that are interfering with authorized systems
2. Use of protection mechanisms in a BSS due to HR-DSSS (802.11b) systems present in/around an ERP-
OFDM (802.11g) system

The difference between Laptop protocol analyzers and WIPS is where their WLAN radios are located. WIPS
use distributed sensors around premises, but laptop protocol analyzers use a single, integrated PCMCIA or
MiniPCI radio card

You are designing a wireless system for the ABC Company. Which of the following modulation and encoding
characteristics should you consider?

 A   Using DQPSK will give you twice the data rate at the same signaling rate compared to DBPSK.
 B   Encoding refers to how an RF signal is manipulated to represent data, while modulation refers to how
changes in an RF signal are translated into ones and zeros.
 C   PSK and CCK are types of modulation used in the HR-DSSS standard.
 D   CCK is used to achieve data rates of 1, 2, 5.5 and 11 Mbps

Given: ERP-OFDM wireless networks use Orthogonal Frequency Division Multiplexing to achieve data rates of
up to 54 Mbps.

What is true of OFDM technology?

 A   Used to communicate with HR-DSSS devices when configured for 'mixed' mode
 B   Uses four 'pilot' channels for channel monitoring
 C   Sub-divides the 2.4 GHz channels into 52 discrete sub-carriers
 D   Sub-carriers are approximately 100 kHz wide
 E   Uses Complementary Code Keying for greater reliability

Explanation:  Orthogonal Frequency Division Multiplexing (OFDM) is used by OFDM (802.11a) and ERP-
OFDM (802.11g) networks to achieve data rates of up to 54 Mbps, subdividing channels in to 52 discrete sub-
carriers (300 kHz each in ERP-OFDM (802.11g)). Four sub-carriers are used as 'pilot' channels for monitoring
the channel, and are not available for data transmissions, while 48 are used to transmit data.
ERP-OFDM (802.11g) supports both OFDM and Direct Sequence Spread Spectrum (DSSS), and must use
DSSS when communicating with HR-DSSS (802.11b) devices in 'mixed' mode. DSSS uses Complementary
Code Keying (CCK) to achieve data rates of 5.5 and 11 Mbps. OFDM is often implemented using convolution
coding, such as with OFDM (802.11a) and ERP-OFDM (802.11g)
Given: ABC Corporation is designing a security solution for their new wireless network. Some client device
applications use Layer 3 protocols other than IP. A consultant has recommended VPN technology as part of the
wireless solution, but ABC does not know which VPN protocol should be used.

What VPN protocol is appropriate?

 A   EAP-TTLS
 B   Kerberos
 C   PPTP
 D   SSH2
 E   WPA

Explanation:  PPTP is a new networking protocol that supports multiprotocol virtual private networks (VPNs),
enabling remote users to access corporate networks securely across the Internet by dialing into an Internet
Service Provider (ISP) or by connecting directly to the Internet. PPTP offers the following advantages:
* Lower Transmission Costs: PPTP uses the Internet as a connection instead of a long-distance telephone
number or 800 service. This can greatly reduce transmission costs.
* Lower Hardware Costs: PPTP enables modems and ISDN cards to be separated from the RAS server. Instead,
they can be located at a modem pool or at a communications server (resulting in less hardware for an
administrator to purchase and manage).
* Lower Administrative Overhead: With PPTP, network administrators centrally manage and secure their
remote access networks at the RAS server. They need to manage only user accounts instead of supporting
complex hardware configurations.
* Enhanced Security: Above all, the PPTP connection over the Internet is encrypted and secure, and it works
with any protocol (including, IP, IPX, and NetBEUI).

PPTP provides a way to route PPP packets over an IP network. Since PPTP allows multiprotocol encapsulation,
you can send any type of packet over the network. For example you can send IPX packets over the Internet.
PPTP treats your existing corporate network as a PSTN, ISDN, or X.25 network. This virtual WAN is
supported through public carriers, such as the Internet.

None of the other options are VPN protocols.

Which statements are true regarding deployment of lightweight access points?

 A   Lightweight access points support 802.3af and may connect directly to the WLAN controller or to an
Ethernet switch.
 B   Lightweight access points may connect to the WLAN controller with either a Layer-2 or a Layer-3
protocol.
 C   Lightweight access points may be controlled over either Layer-2 or Layer-3.
 D   Lightweight access points may use DNS to locate their assigned WLAN controller.
 E   Lightweight access points cannot be deployed over the Internet due to Network Address Translation.
 F   Lightweight access points may be configured for 802.11a or 802.11g, but not both simultaneously.
Explanation:  All lightweight APs support 802.3af power over Ethernet. Most, but not all, lightweight access
points support both a layer 2 and a layer 3 protocol for establishing connectivity to their assigned WLAN
switch/controller. Layer 3 protocols might include LWAPP, GRE, and other similar protocols. When distributed
lightweight access points power up, they will receive an IP address from the local LAN segment, including
DNS parameters. The DNS name of their assigned controller will be pre-configured in the lightweight AP. After
a DNS lookup, the lightweight AP will have the correct IP address of its controller, which will allow the AP to
establish a layer3 tunnel terminating at its controller.

ABC Corporation implemented a PPTP/MS-CHAPv2/MPPE-128 VPN to secure its 802.11g WLAN one year
ago. ABC Corp's VPN concentrator has been using local authentication, and they have steadily grown to match
the VPN server's maximum local authentication capacity. As a consultant, you advise the network manager to
consider what steps in order to scale this WLAN security solution and to strengthen its security?

 A   ABC Corp's users should implement personal firewall software to prevent peer-to-peer attacks.
 B   Implement WPA2-Personal at layer2 while leaving the PPTP VPN in place to increase scalability.
 C   PPTP/RC4 should be changed to PPTP/AES to strengthen the VPN's encryption.
 D   Once the VPN server's local database capacity is exceeded, ABC Corp should migrate to IPSec VPN
technology for greater scalability.
 E   ABC Corp should use RADIUS for authentication instead of local authentication on the VPN server.

Explanation:  Most networks are attacked from inside the organization. Implementing personal firewall
software will prevent or at least notify the user when attacks or requests are being made on their computer. The
user will normally be able to accept or deny those actions accordingly. Personal firewalls are also included in
Host Intrusion Prevention Systems (HIPS). Enterprise-capable RADIUS servers scale to large user deployments
whereas local authentication solutions will not. Local authentication solutionsalso utilize the same processor
that the other shared application is using thus making both operate slower when lots of traffic or authentications
occur. This will reduce user throughput at a time when it is needed most. Also, RADIUS servers offer the
ability to integrate into other centralized user databases like LDAP or Microsoft's Active Directory.

What type of attack includes spoofing management frames from the access point that a client is connected to,
and then de-authenticating, or disassociating WLAN clients connected to that access point?

 A   Jamming
 B   Phishing
 C   DoS
 D   Bit-flipping
 E   Hijacking

Explanation:  Denial-of-service attacks are a very different type of threat to the enterprise. Instead of
information or networks being exposed to unauthorized personnel, the hacker is trying to create a service
disruption. Another key difference is that whereas rogue access points,client misassociation, and ad hoc
networks may be unintentionally enabled by the employee, a denial-of-service (DoS) attack requires specific
technical knowledge and planning and therefore is almost always a malicious act. In a DoS attack, the attacker
typically spoofs management frames from the access point that a client is connected to, and de-authenticates, or
disassociates WLAN clients connected to that access point. These attacks are possible because, unlike Ethernet,
WLAN requires management frames for media access and collision avoidance. Because they need to be used
before client stations have completed authentication, these management frames are always unauthenticated and
unencrypted, even if WPA, WPA2 or a VPN are use

ou Answered CorrectlyToday's Date :  September 17, 2010

Given: ERP-OFDM wireless networks use Orthogonal Frequency Division Multiplexing to achieve data rates of
up to 54 Mbps.

What is true of OFDM technology?

 A   Used to communicate with HR-DSSS devices when configured for 'mixed' mode
 B   Uses four 'pilot' channels for channel monitoring
 C   Sub-divides the 2.4 GHz channels into 52 discrete sub-carriers
 D   Sub-carriers are approximately 100 kHz wide
 E   Uses Complementary Code Keying for greater reliability

Explanation:  Orthogonal Frequency Division Multiplexing (OFDM) is used by OFDM (802.11a) and ERP-
OFDM (802.11g) networks to achieve data rates of up to 54 Mbps, subdividing channels in to 52 discrete sub-
carriers (300 kHz each in ERP-OFDM (802.11g)). Four sub-carriers are used as 'pilot' channels for monitoring
the channel, and are not available for data transmissions, while 48 are used to transmit data.
ERP-OFDM (802.11g) supports both OFDM and Direct Sequence Spread Spectrum (DSSS), and must use
DSSS when communicating with HR-DSSS (802.11b) devices in 'mixed' mode. DSSS uses Complementary
Code Keying (CCK) to achieve data rates of 5.5 and 11 Mbps. OFDM is often implemented using convolution
coding, such as with OFDM (802.11a) and ERP-OFDM (802.11g)

You Answered CorrectlyToday's Date :  September 14, 2010

After implementing a wireless network, XYZ Company decided to update their security policy to include a
wireless acceptable use policy.

What are two purposes of this type of policy?

 A   Help protect the company from the introduction of malicious software
 B   Reduce the likelihood of online dictionary or brute force attacks
 C   Eliminate the chance of a denial-of-service (DoS) attack
  D   Reduce the number of false-positives reported in a wireless audit
 E   Avoid default or misconfigured infrastructure devices
 F   Avoid unnecessary performance problems on the wireless medium

Explanation:  An acceptable use policy (AUP) is a set of rules which restrict the ways in which the network
may be used. Enforcement of AUPs varies with the network. AUPs are also used by schools, corporations, etc.,
delimiting what is and is not permitted for use of the computers. The intent is to help protect the network from
the introduction of malicious software, and to avoid unnecessary performance problems

What solution provides a method to use legacy equipment that is capable only of WEP encryption to use
equipment that provides RSN capabilities in a mixed environment?

 A   LEAP
 B   802.1X EAP
 C   VLAN
 D   VPN
 E   TSN

Explanation:  Per the IEEE 802.11 handbook Second Edition (the official study guide for CWNE):
'The WEP-40 and WEP-104 values can be used only as group key ciphers. They are never allowed as pairwise
ciphers by IEEE 802.11i. Using WEP-40 or WEP-104 as group key cipher indicates that the WLAN is a TSN.'

'A TSN (Transition security network) is a WLAN using both WEP as well as the authentication and key
management protocols and cipher suites defined by IEEE 802.11i.'

'TSNs provide a method to use legacy equipment that is capable only of WEP encryption and to use equipment
that provides RSN capabilities in a mixed environment.'

Basically, the only difference between a TSN and RSN is if WEP is included.

Note: A TSN still advertises RSN capabilities in an RSN information element in its Beacon and Probe Response
frames.

You Answered CorrectlyToday's Date :  September 3, 2010

Which statement is true regarding networks protected with port-based access control compliant with the
802.1X-2004 standard?

 A   The 802.1X standard addresses access control, authentication framework, and data privacy.
Encryption is mandatory.
 B   The 802.1X standard addresses only access control and authentication framework, not data privacy
  C   The 802.1X standard addresses authentication framework and data privacy. Encryption is optional
based on the EAP type used.
 D   The 802.1X standard addresses authentication framework, access control, and data privacy. EAP is
optional. Encryption is mandatory.

Explanation:  The 802.1X-2004 standard addresses only access control and authentication framework and does
not address data privacy. The secure connection that is implemented by various EAP types is independent of
802.1X functionality.

What is the maximum amount of Watts a PD device can draw from a PSE if the PD does not provide a
recognized classification signature?

 A   0 Watts
 B   15.4 Watts
 C   5 Watts
 D   12.95 Watts

Explanation:  A Power device (PD) can draw only a maximum of 12.95 Watts. The Difference between a
Power Sourcing Equipment (PSE) maximum output and PD maximum draw is due to power drops over the
Ethernet cable.
Per the IEEE 802.3-2005 Clause 33 standard:

33.3.4 PD classifications
A PD may be classified by the PSE based on the classification information provided by the PD. The intent of
PD classification is to provide information about the maximum power required by the PD during operation.
Class 0 is the default for PDs. However, to improve power management at the PSE, the PD may opt to provide a
signature for Class 1 to 3.

The PD is classified based on power. The classification of the PD is the maximum power that the PD will draw
across all input voltages and operational modes.

A PD shall return Class 0 to 3 in accordance with the maximum power draw as specified by Table 33-10.

Class Usage Range of maximum power used by the PD

0 Default 0.44 W to 12.95 W

1 Optional 0.44 W to 3.84 W
2 Optional 3.84 W to 6.49 W
3 Optional 6.49 W to 12.95 W
4 Not allowed Reserved for future use

NOTE-Class 4 is defined but is reserved for future use. A Class 4 signature cannot be provided by a compliant
PD
QUESTION:1

What word describes the bending of an RF signal as it passes between mediums of different density?

A. Diffraction
B. Reflection
C. Refraction
D. Diffusion
E. Scattering

Answer:C
QUESTION:2
What causes an excessively high Voltage Standing Wave Ratio (VSWR) in an 802.11 WLAN?

A. An impedance mismatch between devices in series with the main RF signal

B. Reflected DC voltage on the main RF signal line
C. Refracted RF signal peaks along the main signal path
D. Crosstalk (inductance) between adjacent conductors

Answer:A
QUESTION:3
What factors affect the distance that an RF signal can be effectively received?

A. Transmitting station's antenna type

B. Receiving station's radio sensitivity
C. Fresnel zone blockage
D. Power over Ethernet (PoE) usage
E. Antenna connector type
F. Distance between access points

Answer: A, B, C
QUESTION:4
As an RF wave propagates through space, the wave front experiences natural expansion.
What is the detrimental effect of this expansion in a WLAN system?

A. Linear Diffusion Loss

B. Signal Attenuation
C. Transmission Obfuscation
D. Fresnel Zone Thinning
E. Azimuth Inflation

Answer:B

For The Latest PW0-104 PDF Download Questions PW0-104 Exam Questions: Visit:P W0- 104
QUESTION:5

Given: ABC Company's network administrator was just asked to install a 5 GHz OFDM bridge link between two buildings. He
connected a WLAN bridge with a 50-ohm output to a 50-ohm RF coaxial cable. He connected the other end of the RF coaxial cable to
a 25-ohm, 6 dBi Yagi antenna.

What is the maximum VSWR between the WLAN bridge and the Yagi antenna?

A. 1.0:1 B. 1.1:1 C. 1.2:1

D. 1.5:1 E. 2.0:1 F. 1.0:2

Answer:E
QUESTION:6
Given: Return Loss is the decrease of forward energy in a system because some of the power is
being reflected back toward the transmitter.
What can cause a high return loss in an RF transmission system?

A. A Voltage Standing Wave Ratio (VSWR) of 1.5:1

B. An impedance mismatch between devices in the RF system
C. Cross-polarization of the RF signal as it passes through the RF system
D. The use of multiple connector types in the RF system (e.g. N-type and SMA-type)
E. Low output power at the transmitter and use of a high-gain antenna

Answer:B
QUESTION:7
What factor is NOT taken into account when calculating the System Operating Margin of a point-to-
point outdoor WLAN bridge link?

A. Operating frequency
B. Tx antenna gain
C. Tx power
D. Rx cable loss
E. Antenna height
F. Rx sensitivity
G. Distance

Answer:E
QUESTION:8
Given: A WLAN transmitter that emits a 200 mW signal is connected to a cable with a 9 dB loss.

For The Latest PW0-104 PDF Download Questions PW0-104 Exam Questions: Visit:P W0- 104
If the cable is connected to an antenna with a 10 dBi gain, what is the EIRP at the antenna element?

A. 50 mW
B. 250 mW
C. 500 mW
D. 750 mW
E. 1000 mW

Answer:B

QUESTION:9
In a long-distance RF link, what statement about Fade Margin is true?

A. Fade Margin is an amount of signal strength in addition to the Link Budget.

B. The Fade Margin of a long-distance RF link does not account for antenna gain.
C. Fade Margin is rarely taken into account on a long-distance RF link.
D. Fade Margin and Jamming Margin are synonymous, interchangeable terms.

Answer:A
QUESTION:10
Which units of measure are used to describe relative power level changes?
A. dBm
B. dBi
C. dB

D. mW
E. dBW
Answer: B, C
QUESTION:11
Given: A 802.11 WLAN transmitter that emits an 80 mW signal is connected to a cable with 3 dB loss.
The cable is connected to an antenna with a 16 dBi gain.
What is the resultant antenna power output (EIRP)?

A. 160 mW B. 320 mW C. 800 mW

D. 1200 mW
E. 1600 mW
Answer:E
QUESTION:12

What factors are required to establish a high quality 2.4 GHz point-to-point RF link at a distance of 3
miles (5 kilometers)?

A. Accurate Link Budget calculations

B. Accurate Earth Bulge calculations
C. System Operating Margin (SOM) of at least 20 dB
D. A minimum antenna gain of 13 dBi
E. A Fresnel Zone that is at least 60% clear of obstructions

Answer: A, E
QUESTION:13
What phrase defines Equivalent Isotropically Radiated Power (EIRP)?

A. Transmitter output power plus attached cable and connector loss

B. Transmitter output power only
C. Power supplied to the antenna plus antenna gain
D. Reflected power due to an impedance mismatch in the signal path
E. Power supplied to an RF antenna

Answer:C

QUESTION:14
What term describes the effect of increasing the intensity of an RF wave when the RF antenna lobe is
focused in a desired direction?

A. Directional Extension
B. Active Amplification
C. Beam Compression
D. Passive Gain
E. Phased Propagation

Answer:D
QUESTION:15
Which antenna types can be used in a scenario where simple receive diversity is required?

A. Omni-directional
B. Patch
C. Yagi
D. Grid
E. MIMO Sector
F. Sector Array

Answer: A, B
QUESTION:16

For The Latest PW0-104 PDF Download Questions PW0-104 Exam Questions: Visit:P W0- 104
While working on a presentation document in a conference room equipped with a wireless network,
you notice that, as you turn your laptop in different directions, your wireless signal strength changes.
What statement describes the RF signal property that is primarily responsible for this change in signal
strength?

A. The RF signal's amplitude is changing due to a change in the visual line-of-sight.

B. The RF signal's wavelength is being affected by varying antenna gain.
C. The RF signal's multipath is changing the amount of RF absorbed by nearby objects.
D. The RF signal's phase is oscillating due to electromagnetic interference (EMI).
E. The RF signal's polarization is different than the receiving antenna.

Answer:E
QUESTION:17
What antenna characteristic decreases as the gain of the antenna is increased?

A. Beamwidth
B. Range
C. Dissipated heat
D. Polarization radius
E. Fresnel Zone

Answer:A
QUESTION:18
What characteristics determine the diameter of the first Fresnel Zone for a 802.11 WLAN link?

A. Antenna beamwidths
B. Size of the antenna elements
C. Distance between the antennas
D. Frequency of the transmission
E. Transmission power
F. Antenna gain

Answer: C, D
QUESTION:19
What statements about the beamwidth of an RF antenna are true?
A. The lower the gain of an antenna, the more narrow one or both beamwidths become.
B. The RF signal stops propagating at the beamwidth borders.
C. Beamwidth is calculated by the -3 dB points from the center axis, both horizontally and vertically.
D. Horizontal beamwidth is displayed (in degrees) on the antenna Azimuth Chart.
E. Beamwidth is calculated using the length of the antenna element.

Answer: C, D

For The Latest PW0-104 PDF Download Questions PW0-104 Exam Questions: Visit:P W0- 104
QUESTION:20
What antenna technologies are used to help overcome null areas of RF coverage due to multipath?

A. Simple Diversity
B. Phase Dispersion
C. Circular Polarization
D. Beam Linearization
E. Transmit Beamforming
F. Spectral Clarification

Answer: A, E

What statements are true for 802.11 FHSS?

 A   FHSS is affected by narrowband RF interference to a lesser degree than DSSS

 B   FHSS uses all 100 MHz of the 2.4 GHz ISM band
 C   FHSS uses frequency diversity to retransmit lost frames on different frequencies
 D   FHSS is highly susceptible to interference from class 2 Bluetooth systems at a distance of up to 1 mile
(1.6 km)
 E   OFDM technology, found in the IEEE ERP-OFDM standard, is based on 802.11 FHSS technology

Explanation:  Frequency Hopping Spread Spectrum (FHSS) systems use frequency diversity (changing
frequencies). When transmitted frames are not acknowledged when sent on one frequency, the transmitting
system continues retransmitting until it is time to hop to the next frequency in its pseudorandom hop sequence.
It then begins retransmission of the previous data frames on the new frequency. Frequency diversity is very
effective at coping with narrowband RF interference.
Since 802.11 FHSS systems must use a minimum of 75 center frequencies (1 MHz wide each) in a hop
sequence, RF interference on any center frequency will pose a problem for only 1/75th of the system's entire
bandwidth. DSSS systems use a single center frequency with a bandwidth of 22 MHz. Any 1 MHz-wide RF
interfering signal will pose a problem for 1/22nd of the system's entire bandwidth. This one facet of
FHSS/DSSS comparison shows that 802.11 FHSS systems are more than three times better at dealing with
narrowband RF interference than 802.11 DSSS systems

Senior management of XYZ Company is complaining that implementations of their client's wireless networks
take too long to complete. They want to know if a complete RF site survey is necessary. As their senior wireless
systems analyst, what do you tell them?

 A   Self-managing wireless networks minimize the need for an onsite site survey
  B   Must know RF behavior and interference sources to determine access point placement
 C   Virtual site surveys are just as accurate and eliminate the need for expensive manual site surveys
 D   A wireless network will not work if a site survey is not first completed
 E   Performing a site survey will ensure wireless networks will not experience co-channel interference

Explanation:  RF site surveys are the single most important part of a successful wireless implementation. If a
thorough site survey is not performed, the wireless LAN might never work properly, and the site could spend
significant amounts of money on hardware that doesn't perform the intended tasks. Site surveys answer how
many access points should be used, and where they should be placed.
Self-organizing systems rely on the logic of the access points to sense the environment and make adjustments to
channel selection and power output, minimizing or eliminating the need for manual site surveys, depending on
the accuracy of the decision making.
Virtual site surveys use predictive modeling to forecast a WLAN's coverage areas, channel assignments, data
rates, AP number and placement, and power output of each AP. Virtual site surveys can be highly accurate,
depending on the accuracy of the information provided in the model, and offer a great 'starting point' for AP
placement.

Manual site surveys are typically used to validate a predictive analysis and 'tweak' access point placement,
making them more accurate. Because they sample actual RF signals, they are able to identify outside wireless
networks that may cause co-channel interference and affect the design of the wireless implementation.

Which configurations are considered optional for Wi-Fi Protected Setup Certification?

 A   Near Filed Communications (NFC)

 B   Personal Identification Number (PIN)
 C   Universal Serial Bus (USB)
 D   Push Button Configuration (PBC)
 E   Pre-shared Key (PSK)

Explanation:  The Wi-Fi Protected Setup specification mandates that all Wi-Fi CERTIFIED products that
support Wi-Fi Protected Setup are tested and certified to include both PIN and PBC configurations in APs, and
at a minimum, PIN in client devices. A Registrar, which can be located in a variety of devices, including an AP
or a client, issues the credentials necessary to enroll new clients on the network. In order to enable users to add
devices from multiple locations, the specification also supports having multiple Registrars on a single network.
Registrar capability is mandatory in an AP.
The optional NFC and USB methods, like PBC, join devices to a network without requiring the manual entry of
a PIN. In NFC configuration, Wi-Fi Protected Setup is activated simply by touching the new device to the AP
or another device with Registrar capability. The USB method transfers credentials via a USB flash drive (UFD).
Both provide strong protection against adding an unintended device to the network. However, Wi-Fi
certification for USB and NFC is not currently available.

When attempting to join a wireless network, what will a wireless client station do?

 A   Send out beacons looking for an access point with the same SSID
  B   Answer with a probe response if it shares the same SSID as an access point
 C   Authenticate the access point automatically when using Open System Authentication
 D   Fail authentication if configured with the wrong WEP key when using Shared Key Authentication

Explanation:  Shared Key authentication uses the WEP key to authenticate the station; therefore, Shared Key
authentication requires that a WEP key be correctly configured in both the client and the AP.

You are a wireless network administrator for ABC Corporation. Currently ABC Corp has a VPN concentrator
that uses a PPTP/MS-CHAPv2/MPPE-128 VPN security solution for its 100 WLAN users. Since the WLAN
was installed, there have been multiple successful attacks against ABC Corp's access points since they are using
Open System authentication. ABC Corp wants to update their WLAN security solution. Which security solution
would improve the security of ABC Corp's access points while increasing encryption strength and network
scalability?

 A   L2TP/IPSec with AES-192

 B   WPA2-Enterprise with EAP-TTLS
 C   SSH2 with 3DES
 D   WEP with Shared Key authentication

Explanation:  This question has to do with the architecture of ABC Corp's wireless design and security
implementation. The current design provides for a fully open access point, with a VPN concentrator residing
behind the AP on the wired network. Security is implemented through client-to-VPN concentrator encrypted
connections; however, the wireless medium is fully open.
In order to address the requirement of 'improve the security of the access points' L2TP/IPSec with AES-192 and
SSH2 with 3DES are out. These options (IPSec and SSH) enhance or alter the encryption tools and techniques
used to connect the client and internal security devices. These options do not alter the access point itself, which
is still left open

Given: You are transmitting data using an ERP-OFDM access point connected to an 18 dBi omnidirectional
antenna through a cable producing 3dB loss.

If you wanted to transmit at the maximum allowed EIRP, what would be the dBm rating at the Intentional
Radiator?

 A   18
 B   36
 C   30
 D   15
 E   21

Explanation:  Omnidirectional antennas are always treated as point-to-multipoint (PtMP) connections.

Regulatory bodies such as the FCC and others mandate PtMP connections in the 2.4 GHz band (in which HR-
DSSSERP-OFDM (802.11bg) operates) may not exceed 36 dBm (4 Watts).
Additionally, PtMP links must follow the '1:1 Rule' which mandates the maximum 2.4 GHz PtMP power from
the Intentional Radiator (an RF device specifically designed to generate and radiate RF signals, including all
cabling and connectors except the antenna) is 1000 mW (1 Watt) if using an antenna capable of 6 dBi gain (1
Watt + 6 dBi = 4 Watts). For each 3 dBi antenna gain is increased, IR power must be reduced by 3 dB (keeping
the total dBm at or below the 36 dBm limit).

An intentional radiator is defined by the FCC and other regulatory bodies as an RF device specifically designed
to generate and radiate RF signals, and includes the RF device and all cabling and connectors up to, but not
including, the antenna.

If the maximum is 36 dBm and the system uses an 18 dBi antenna (+18 dBi) then 36 - 18 = 18 dBm of
maximum EIRP

Which security solution is the best way to defeat an offline dictionary attack against a wireless network?

 A   Implement WPA2-Personal

 B   Implement EAP-LEAP
 C   Implement EAP-MD5
 D   Implement WPA-Enterprise

Explanation:  Most password-based authentication algorithms are susceptible to online (active) and offline
(passive) dictionary attacks. During a dictionary attack, an attacker tries to guess a user's password and gain
network access by using every 'word' in a dictionary of common passwords or possible combinations of
passwords. A dictionary attack relies on the fact that a password is often a common word, name, or
concatenation of words or names with a minor modification such as a trailing digit or two. Longer passwords
with a variety of characters (such as 4yosc10cP!) offer the greatest protection against dictionary attacks.
An offline dictionary attack is carried out in two phases to uncover the user's password. In the first phase, the
attacker captures the challenge-response messages between the user and the access network. In the second
phase, the attacker looks for a password match by computing a list of possible challenge-response messages
(using a pre-computed dictionary) and comparing these messages against the captured challenge-response
message. The attacker uses known authentication protocol vulnerabilities to reduce the size of the user password
dictionary. Using a strong password policy and periodically expiring user passwords significantly reduces an
offline attack tool's success. Unlike online attacks, offline attacks are not easily detected.

WPA2-Personal, EAP-LEAP and EAP-MD5 are all susceptible to offline dictionary attacks

Which two types of attacks can be defeated by using a strong password?

 A   Dictionary
 B   Brute Force
 C   Spoofing
 D   Jamming
 E   Injection
 F   Hijacking
Explanation:  A dictionary attack consists of trying 'every word in the dictionary' as a possible password for an
encrypted message. A dictionary attack is generally more efficient than a brute force attack, because users
typically choose poor passwords. Dictionary attacks are generally far less successful against systems that use
passphrases instead of passwords.
The longer the password, the more combinations must be tried before it is successfully cracked.

A strong password has the following characteristics:

- Contains at least eight characters.
- Contains characters from each of the following three groups:
- Uppercase and lowercase letters (A, a, B, b, C, c, and so on)
- Numbers
- Symbols (such as ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] : ; ' < > ? , . /)
- Contains at least one symbol character in the second through sixth positions
- Is significantly different from passwords previously used
- Does not contain your name or user name
- Is not a common word or name

You are considering upgrading your wireless security solution from WEP to WPA-Personal. What weakness
would not be addressed in your security solution?

 A   Forgery attacks

 B   Jamming attacks
 C   Replay attacks
 D   Dictionary attacks
 E   Collision attacks
 F   Weak Key Attacks

Explanation:  WPA-Personal (sometimes called WPA-PSK (pre-shared key)) addresses weaknesses found in

WEP, including forgery, weak-key attacks, collision attacks, and replay attacks. Forgery attacks are performed
by capturing encrypted packets, changing some of the data within them, and then resending the packets.
WPA-Personal supports TKIP encryption, which uses an improved message-integrity check (MIC) called
Michael to thwart attempts to tamper with packets en route. WEP constructs a per-packet RC4 key by
concatenating an RC4 base key and the packet Initialization Vector (IV). Weak key attacks look at a series of
packets with different IVs to determine the RC4 base key. TKIP uses key-mixing to derive short-lived
encryption keys. Collision attacks occur when a key is repeated using the same IV, allowing the data to be
recovered. TKIP expands the amount of bits used for the IV (from 24 to 48).

Replay attacks occur when an attacker eavesdrops, records transmitted data, and then retransmits the data. TKIP
uses a sequencing number for generated packets. WPA-Personal's implementation of TKIP has already been
found to be vulnerable to dictionary attacks through an application called coWPAtty. All wireless security
solutions are vulnerable to Jamming attacks.

You Answered CorrectlyToday's Date :  July 20, 2010

Given: An HR-DSSS access point is classified as a Class 2 PD (Powered Device), and uses 5 Watts of power.

When connecting this access point to an 802.3-2005 Clause 33 compliant Power Sourcing Equipment (PSE)
device, how much power is wasted from the PSE's power budget?

 A   2 Watts
 B   10.4 Watts
 C   0 Watts
 D   7 Watts
 E   15.4 Watts

Explanation:  The IEEE 802.3-2005 Clause 33 states:

Table 33-3-Power classifications

Class Usage Minimum power levels at output of PSE

0 Default 15.4 Watts

1 Optional 4.0 Watts
2 Optional 7.0 Watts
3 Optional 15.4 Watts
4 Reserved for future use Treat as Class 0

If a minimum of 7 Watts is reserved, and only 5 Watts are actually used, then there would be 2 Watts of power
wasted.
Which common security solutions used on 802.11 wireless LANs support data encryption?

 A   IPSec/ESP with certificates

 B   IP unnumbered
 C   WPA2-Personal
 D   Shared Key authentication
 E   802.1X/EAP-MD5
  F   Secure Shell

Explanation:  There are three common types of data confidentiality implementations used with 802.11
WLANs:
1. Layer 2 solutions - WEP (RC4), WPA (RC4/TKIP), WPA2/802.11i (AES/CCMP), Proprietary AES-based
2. Layer 3 solutions - PPTP (MS-CHAPv2/MPPE/RC4), IPSec (AES or 3DES)
3. Layer 7 solutions - Applications such as FTP/SSH, POP3/SSL, SNMPv3, HTTPS, SSH2, etc.

IPSec/ESP is capable of using DES, 3DES, AES, and other encryption algorithms to protect data. WPA2-
Personal uses preshared keys for authentication and uses AES-CCMP for data encryption. Secure Shell (SSH)
protects data by encrypting it using a public/private key encryption scheme.

Encryption mechanisms are typically used with authentication mechanisms such as shared key authentication,
preshared keys, 802.1X/EAP, captive portals, challenge/handshake, etc.

802.1X/EAP-MD5 does not support data encryption. IP unnumbered is unrelated to WLAN security in any
manner. Shared Key authentication uses hashing, but the mechanism used thereafter for 'data encryption' is
WEP which is not listed above.

Which common security solutions used on 802.11 wireless LANs support data encryption?

 A   IPSec/ESP with certificates

 B   IP unnumbered
 C   WPA2-Personal
 D   Shared Key authentication
 E   802.1X/EAP-MD5
 F   Secure Shell

Explanation:  There are three common types of data confidentiality implementations used with 802.11
WLANs:
1. Layer 2 solutions - WEP (RC4), WPA (RC4/TKIP), WPA2/802.11i (AES/CCMP), Proprietary AES-based
2. Layer 3 solutions - PPTP (MS-CHAPv2/MPPE/RC4), IPSec (AES or 3DES)
3. Layer 7 solutions - Applications such as FTP/SSH, POP3/SSL, SNMPv3, HTTPS, SSH2, etc.

IPSec/ESP is capable of using DES, 3DES, AES, and other encryption algorithms to protect data. WPA2-
Personal uses preshared keys for authentication and uses AES-CCMP for data encryption. Secure Shell (SSH)
protects data by encrypting it using a public/private key encryption scheme.

Encryption mechanisms are typically used with authentication mechanisms such as shared key authentication,
preshared keys, 802.1X/EAP, captive portals, challenge/handshake, etc.
802.1X/EAP-MD5 does not support data encryption. IP unnumbered is unrelated to WLAN security in any
manner. Shared Key authentication uses hashing, but the mechanism used thereafter for 'data encryption' is
WEP which is not listed above.

You Answered CorrectlyToday's Date :  July 28, 2010

Senior management of XYZ Company is complaining that implementations of their client's wireless networks
take too long to complete. They want to know if a complete RF site survey is necessary. As their senior wireless
systems analyst, what do you tell them?

 A   Self-managing wireless networks minimize the need for an onsite site survey
 B   Must know RF behavior and interference sources to determine access point placement
 C   Virtual site surveys are just as accurate and eliminate the need for expensive manual site surveys
 D   A wireless network will not work if a site survey is not first completed
 E   Performing a site survey will ensure wireless networks will not experience co-channel interference

Explanation:  RF site surveys are the single most important part of a successful wireless implementation. If a
thorough site survey is not performed, the wireless LAN might never work properly, and the site could spend
significant amounts of money on hardware that doesn't perform the intended tasks. Site surveys answer how
many access points should be used, and where they should be placed.
Self-organizing systems rely on the logic of the access points to sense the environment and make adjustments to
channel selection and power output, minimizing or eliminating the need for manual site surveys, depending on
the accuracy of the decision making.
Virtual site surveys use predictive modeling to forecast a WLAN's coverage areas, channel assignments, data
rates, AP number and placement, and power output of each AP. Virtual site surveys can be highly accurate,
depending on the accuracy of the information provided in the model, and offer a great 'starting point' for AP
placement.

Manual site surveys are typically used to validate a predictive analysis and 'tweak' access point placement,
making them more accurate. Because they sample actual RF signals, they are able to identify outside wireless
networks that may cause co-channel interference and affect the design of the wireless implementation.

 A user complains that they cannot connect to the Internet through the wireless network, even though their client
utility shows they are connected with a strong signal. You check their system and see they have been
successfully assigned an IP address of 169.254.138.16. Other stations can access the Internet without issue.

What might be the problem?

 A   Their wireless card's MAC address is not filtered correctly on the access point
  B   They have a mis-configured WEP key
 C   They are not authenticated to the wireless access point
 D   They are not associated to the wireless access point
 E   The access point failed layer 2 mutual authentication
 F   The RADIUS server denied access to the supplicant

Explanation:  An IP address of 169.254.x.x is assigned through Automatic Private IP Addressing (APIPA)

when a DHCP client is unable to obtain an address from a DHCP server. Typically the DHCP client cannot
obtain an IP address from the DHCP server due to a network issue between the two devices (although in some
cases the DHCP server may be down.
IP addresses are negotiated at the network layer (layer 3). In this scenario it appears that the wireless client is
connecting successfully to the access point because the client's WLAN utility shows a strong signal. Most likely
the client is connecting to the access point, but the access point is not allowing it to go past it onto the wired
network. Generally, wireless networks use open authentication, which guarantees any authentication request is
approved, allowing it onto the wireless network.

Reasons why a client may not be allow past the access point include not being in the access point's MAC
address filter list, an incorrect WEP key, or failing an 802.1X/EAP authentication (typically against a RADIUS
server).

Given: Beacons are transmitted periodically to allow mobile stations to locate and identify a BSS, as well as
keep each wireless station in sync with the access point to allow for those stations to use sleep mode.

What part of the beacon is used to keep each wireless station's timer synchronized?

 A   Beacon Interval

 B   Timestamp
 C   Traffic Indication Map (TIM)
 D   DTIM
 E   Sync Field

Explanation:  Each beacon contains a timestamp value placed there by the access point. When stations receive
the beacon, they change their clock to reflect the time of the clock on the access point. This allows stations to
stay synchronized, ensuring time-sensitive functions are performed without error.