10/23/24, 5:08 PM Individual Response

8.6.9 Practice Questions

Candidate: Damola Quadri (redFedora)
Date: 10/23/2024, 5:08:26 PM • Time Spent: 02:08
Score: 80% Passing Score: 80%

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b3… 1/13
10/23/24, 5:08 PM Individual Response

Question 1. Correct

A company's wireless network has been experiencing intermittent connectivity issues and
slower than usual data transfer speeds.

The network administrator recently updated the firmware on the wireless access point (WAP)
as part of a routine maintenance procedure. The update was applied during a scheduled
downtime and the network was functional when the downtime ended.

However, the issues started appearing the next day. The administrator has checked the WAP
settings and everything seems to be in order.

What could be the MOST likely cause of these issues?

The network administrator failed to properly test new updates before

pushing them out to the network.

The Wi-Fi signal strength was set too high, causing interference.

The WAP's firewall was accidentally disabled during the update.

The MAC address filtering system was not configured correctly.

Explanation

The correct answer is most likely that the network administrator failed to properly test new
updates before pushing them out to the network. Not properly testing new updates before
pushing them out to the network could lead to unforeseen issues, such as the ones being
experienced. The update could have introduced bugs or incompatibilities that were not
apparent immediately after the update was applied.

The WAP's firewall being disabled could potentially allow unauthorized access to the network,
but it would not typically cause intermittent connectivity issues or slower data transfer
speeds.

Incorrect configuration of the MAC address filtering system could prevent certain devices
from connecting to the network, but it would not typically cause intermittent connectivity or
slower data transfer speeds for devices that are able to connect.

While a high Wi-Fi signal strength could potentially cause interference, it would not typically
cause the specific issues being experienced unless there were other networks nearby on the
same channel. Additionally, this would not explain why the issues started appearing after the
firmware update.

References

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b3… 2/13
10/23/24, 5:08 PM Individual Response

8.6.2 Wireless Security Facts

q_wl_security_update_firmware_secp8.question.fex

Question 2. Correct

You need to secure your wireless network.

Which security protocol would be the BEST choice?

WEP

802.11n

WPA

EFS

WPA2

Explanation

WEP, WPA, and WPA2 are all security protocols for wireless networks. Each security protocol
protects the wireless data through the use of association keys and encryption protocols.
However, WPA2 provides the best wireless security.

802.11n is a wireless standard with specific parameters for wireless data transmission.

The Encrypting File System (EFS) is a method for encrypting individual files within Windows.

References

8.4.3 Wireless Networking Facts

8.5.2 Wireless Attack Facts

8.6.1 Wireless Security
8.6.2 Wireless Security Facts
q_wl_security_wpa2_02_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b3… 3/13
10/23/24, 5:08 PM Individual Response

Question 3. Correct

The owner of a hotel has contracted with you to implement a wireless network to provide
internet access for guests.

The owner has asked that you implement security controls so that only paying guests are
allowed to use the wireless network. She wants guests to be presented with a login page
when they initially connect to the wireless network. After entering a code provided by the
concierge at check-in, guests should then be allowed full access to the internet. If a user does
not provide the correct code, he or she should not be allowed to access the internet.

What should you do?

Implement pre-shared key authentication

Implement MAC address filtering

Implement 802.1x authentication using a RADIUS server

Implement a captive portal

Explanation

A captive portal would be the best choice in this scenario. A captive portal requires wireless
network users to abide by certain conditions before they are allowed access to the wireless
network. For example, the captive portal could require them to:

Agree to an acceptable use policy

Provide a PIN or password

Pay for access to the wireless network

View information or advertisements about the organization providing the wireless

network (such as an airport or hotel)

When a wireless device initially connects to the wireless network, all traffic to or from that
device is blocked until the user opens a browser and accesses the captive portal webpage.
After the user provides the appropriate code, traffic is unblocked, and the host can access the
network normally.

MAC address filtering and 802.1x authentication would work from a technical standpoint, but
these would be completely unmanageable in a hotel scenario where guests come and go
every day. Using a pre-shared key would require a degree of technical expertise on the part of

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b3… 4/13
10/23/24, 5:08 PM Individual Response

the hotel guests. It could also become problematic if the key were to be leaked, allowing non-
guests to use the wireless network.

References

8.6.4 Wireless Authentication and Access Methods Facts

q_wl_auth_access_captive_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b3… 5/13
10/23/24, 5:08 PM Individual Response

Question 4. Correct

Which EAP implementation is MOST secure?

EAP-TLS

EAP-MD5

LEAP

EAP-FAST

Explanation

EAP-TLS uses Transport Layer Security (TLS) and is considered one of the most secure EAP
standards available. A compromised password is not enough to break into EAP-TLS enabled
systems because the attacker must also have the client's private key.

EAP-MD5 offers minimal security and is susceptible to dictionary attacks and man-in-the-
middle attacks. Lightweight Extensible Authentication Protocol (LEAP) does a poor job of
protecting user authentication credentials and is also susceptible to dictionary attacks.

EAP-FAST is a replacement for LEAP that uses a protected access credential (PAC) to establish a
TLS tunnel in which client authentication credentials are transmitted.

While more secure than EAP-MD5 and LEAP, EAP-FAST can still be compromised if the attacker
intercepts the PAC.

References

5.9.1 Switch Features

5.9.2 Securing Network Switches

5.9.3 Switch Security Facts
5.9.4 Switch Attacks

8.6.3 Wireless Authentication and Access Methods

8.6.4 Wireless Authentication and Access Methods Facts
q_wl_auth_access_eap_tls_01_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b3… 6/13
10/23/24, 5:08 PM Individual Response

Question 5. Correct

Which of the following do switches and wireless access points use to control access through a
device?

MAC address filtering

Session filtering

IP address filtering

Port number filtering

Explanation

Both switches and wireless access points are Layer 2 devices, meaning they use the MAC
address to make forwarding decisions. Both devices typically include some form of security
that restricts access based on the MAC address.

Routers and firewalls operate at Layer 3 and can use the IP address or port number for
filtering decisions.

A circuit-level gateway is a firewall that can make forwarding decisions based on the session
information.

References

8.6.4 Wireless Authentication and Access Methods Facts

q_wl_auth_access_mac_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b3… 7/13
10/23/24, 5:08 PM Individual Response

Question 6. Correct

Which of the following methods can be used to ensure port security by completely disabling
access to a network?

Implementing IEEE 802.1X Port-based Network Access Control

Physically removing the patch cable from the switch port

MAC filtering

Using a captive portal

Explanation

Physically removing the patch cable from the switch port is the correct answer. This is a
method of port security where access to the physical switch ports and switch hardware is
restricted to authorized staff. The switch port that the wall port cabling connects to can be
administratively disabled, or the patch cable can be physically removed from the switch port.
This method completely disables access to the network.

Implementing IEEE 802.1X Port-based Network Access Control is a method of port security
where a switch requires authentication when a host connects to one of its ports. It uses
authentication, authorization, and accounting (AAA) architecture to control access. However,
this method does not completely disable access to the network.

Using a captive portal is a method used in open networks to force users to agree to terms and
conditions or to pay a fee before being granted access. It does not disable access to the
network, but rather controls it.

MAC filtering is a method of port security where a switch port only permits certain MAC
addresses to connect. This can be done by creating a list of valid MAC addresses or by
specifying a limit to the number of permitted addresses. However, this method does not
completely disable access to the network.

References

5.9.1 Switch Features

5.9.2 Securing Network Switches

5.9.3 Switch Security Facts

5.9.4 Switch Attacks
5.9.5 Switch Attack Facts

5.9.6 Hardening a Switch

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b3… 8/13
10/23/24, 5:08 PM Individual Response

8.6.4 Wireless Authentication and Access Methods Facts

q_wl_auth_access_port_security_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b3… 9/13
10/23/24, 5:08 PM Individual Response

Question 7. Correct

You want to implement 802.1x authentication on your wireless network.

Where would you configure passwords that are used for authentication?

On a certificate authority (CA)

On the wireless access point

On the wireless access point and on each wireless device

On a RADIUS server

Explanation

802.1x authentication uses usernames and passwords, certificates, or devices such as smart
cards to authenticate wireless clients. Authentication requests received by the wireless access
point are passed to a RADIUS server, which validates the login credentials (such as the
username and password).

If you are using pre-shared keys for authentication, configure the same key on the wireless
access point and on each wireless device.

A CA is required to issue a certificate to the RADIUS server.

The certificate proves the identity of the RADIUS server and can also be used to issue
certificates to individual clients.

References

4.8.3 Configuring a RADIUS Solution

4.8.4 RADIUS and TACACS+ Facts

5.9.3 Switch Security Facts

8.4.3 Wireless Networking Facts
8.6.3 Wireless Authentication and Access Methods

8.6.4 Wireless Authentication and Access Methods Facts

q_wl_auth_access_radius_02_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b… 10/13
10/23/24, 5:08 PM Individual Response

Question 8. Incorrect

You are replacing a wired business network with an 802.11g wireless network. You currently
use Active Directory on the company network as your directory service. The new wireless
network has multiple wireless access points, and you want to use WPA2 on the network.

What should you do to configure the wireless network? (Select two.)

Configure devices to run in infrastructure mode

Configure devices to run in ad hoc mode

Use shared secret authentication

Install a RADIUS server and use 802.1x authentication

Use open authentication with MAC address filtering

Explanation

When using wireless access points, configure an infrastructure network. Because you have
multiple access points and an existing directory service, you can centralize authentication by
installing a RADIUS server and using 802.1x authentication.

Use ad hoc mode when you need to configure a wireless connection between two hosts.

Use open authentication with WEP or when you do not want to control access to the wireless
network.

Use shared secret authentication with WPA or WPA2 when you can't use 802.1x.

References

4.8.3 Configuring a RADIUS Solution

4.8.4 RADIUS and TACACS+ Facts

5.9.3 Switch Security Facts
8.4.3 Wireless Networking Facts

8.6.3 Wireless Authentication and Access Methods

8.6.4 Wireless Authentication and Access Methods Facts
q_wl_auth_access_radius_04_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b… 11/13
10/23/24, 5:08 PM Individual Response

Question 9. Correct

You've just finished installing a wireless access point for a client.

What should you do to prevent unauthorized users from using the access point (AP)
configuration utility?

Isolate the AP from the client's wired network.

Change the channel used by the AP's radio signal.

Implement MAC address filtering.

Change the administrative password on the AP.

Explanation

You should change the administrative password used by the AP. Many AP manufacturers use a
default administrative username and password that are well known. If you don't change these
parameters, anyone connecting to the AP can easily guess the password required to access
the AP's configuration.

A wired and wireless network are already isolated from each other.

Changing the channel will not prevent unauthorized users from finding the channel and
prevent them from accessing the available Wi-Fi.

MAC address filtering allows you to block traffic coming from certain known machines or
devices. However, in this scenario, you are attempting to block unauthorized incoming traffic.

References

8.6.4 Wireless Authentication and Access Methods Facts

q_wl_auth_access_security_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b… 12/13
10/23/24, 5:08 PM Individual Response

Question 10. Incorrect

You need to configure a wireless network using WPA2-Enterprise.

Which of the following components should be part of your design? (Select two.)

WEP encryption

TKIP encryption

AES encryption

Pre-shared keys

Open authentication

802.1x

Explanation

To configure WPA2-Enterprise, you need a RADIUS server to support 802.1x authentication.

WPA2 uses AES for encryption.

WPA2-PSK, also called WPA2-Personal, uses pre-shared keys for authentication. WPA uses TKIP
for encryption.

Using open authentication, any wireless device can authenticate with the access point, but the
device can communicate only if its Wired Equivalent Privacy (WEP) keys match the access
point's WEP keys. In this scenario, you are using WPA (not WEP) for authentication.

References

8.6.4 Wireless Authentication and Access Methods Facts

q_wl_auth_access_wpa2_secp8.question.fex

Copyright © The Computing Technology Industry Association, Inc. All rights reserved.

https://labsimapp.testout.com/v6_0_645/exam-engine.html/8970603d-247e-4636-bf48-a0803d2b3e81/exam-session/40389704/7a30c2d0-3ccd-44b… 13/13