A system administrator needs to install a new wireless network for authenticated guest access

0006
Multiple organizations operating in the same vertical want to provide seamless wireless access for their employees
as they visit the other organizations.

Which of the following should be implemented if all the organizations use the native 802.1X client on their mobile devices?

RADIUS Federation
OpenlD Connect
Shibboleth
OAuth
SAML

0325
The security administrator has noticed cars parking just outside of the building fence line.

Which of the following security measures can the administrator use to help protect the company's WiFi network against war driving? (Select TWO)

Implement a warning banner
Adjust power level controls
Create a honeynet
Add false SSIDs
Change antenna placement
Reduce beacon rate

0636
A security analyst is specifying requirements for a wireless network. The analyst must explain the security features Key rotationprovided by various architecture choices.

Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?

Key rotation
Certificate pinning
Secure hashing
Mutual authentication

0025
A company is currently using the following configuration:
- IAS server with certificate-based EAP-PEAP and MSCHAP
- Unencrypted authentication via PAP
A security administrator needs to configure a new wireless setup with the following configurations:
- PAP authentication method
- PEAP and EAP provide two-factor authentication

Which of the following forms of authentication are being used? (Select two.)

PEAP-MSCHAP
(EAP-)PEAP
MSCHAP
EAP
PAP
PEAP

0998
A systems administrator wants to implement a secure wireless network requiring wireless clients to pre-register with the company and install a PKI client certificate prior to being able to connect to the wireless network.

Which of the following should the systems administrator configure?

EAP-TLS
EAP-FAST
EAP-TTLS
EAP with PEAP

0501
A security analyst is hardening a WiFi infrastructure.
The primary requirements are the following:
- The infrastructure must allow staff to authenticate using the most secure method.
- The infrastructure must allow guests to use an "open" WiFi network that logs valid
email addresses before granting access to the Internet.

Given these requirements, which of the following statements BEST represents what the analyst should recommend and configure?

Configure a captive portal for guest and WPA2 Enterprise for staff
Configure a captive portal for guests and WPS for staff.
Configure a captive portal for staff and WPA for guests.
Configure a captive portal for staff and WEP for guests.

0965
A systems administrator wants to configure an enterprise wireless solution that supports authentication over
HTTPS and wireless encryption using AES. Which of the following should the administrator configure to support
these requirements? (Select TWO).

WPA2
RADIUS federation
802.1X
WPS
Captive portal

0656
A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator.

Which of the following protocols should be configured on the RADIUS server? (Choose two.)

NTLM
PEAP
SAML
PAP
MSCHAP

0589
A security administrator is performing a risk assessment on a legacy WAP with a WEP-enabled wireless infrastructure.

Which of the following should be implemented to harden the infrastructure without upgrading the
WAP?

Implement WEP and RC4
Implement WPS and an eight-digit pin
Implement WPA2 Enterprise
Implement WPA and TKIP

0868
Which of the following attacks is used to capture the WPA2 handshake?

Evil twin
Replay
IV
Disassociation

0128
A security engineer is configuring a wireless network that must support mutual authentication of the wireless
client and the authentication server before users provide credentials. The wireless network must also support
authentication with usernames and passwords. Which of the following authentication protocols MUST the security
engineer select?

EAP-TLS
PEAP
EAP
EAP-FAST

0823
A systems engineer is configuring a wireless network. The network must not require installation of third-party software. Mutual authentication of the client and the server must be used. The company has an internal PKI.

Which of the following configurations should the engineer choose?

PEAP
EAP-FAST
EAP-MD5
EAP-TTLS
EAP-TLS

0545
An instructor is teaching a hands-on wireless security class and needs to configure a test access point to show students an attack on a weak protocol.

Which of the following configurations should the instructor implement?

0086
A system administrator wants to provide for and enforce wireless access accountability during events where
external speakers are invited to make presentations to a mixed audience of employees and non-employees.

Which Shared accountsof the following should the administrator implement?

Sponsored guest
Least privilege
Pre-shared passwords
Shared accounts

0961
A coffee company has hired an IT consultant to set up a WiFi network that will provide Internet access to customers who visit the company's chain of cafés. The coffee company has provided no requirements other than that customers should be granted access after registering via a web form and accepting the terms of service.

Which of the following is the MINIMUM acceptable configuration to meet this single requirement?

Open WiFi
Captive portal
WPS
WPA with PSK

1020
A company is deploying a wireless network. It is a requirement that client devices must use X.509 certificates to mutually authenticate before connecting to the wireless network.

Which of the following protocols would be required to accomplish this?

EAP-MD5
EAP-TTLS
EAP-TOTP
EAP-TLS
LEAP

0364
A wireless network has the following design requirements:
- Authentication must not be dependent on enterprise directory service
- It must allow background reconnection for mobile users
- It must not depend on user certificates

Which of the following should be used in the design to meet the requirements? (Choose two.)

 (The term “background reconnection” does not exist in any WiFi documentation; PEAP does
support “fast reconnect” while roaming - it is a bit unclear what CompTIA means here)

Open Systems Authentication
PEAP
PSK
EAP-TLS
Captive portals

0317
An attack that is using interference as its main attack to impede network traffic is which of the following?

Utilizing a previously unknown security flaw against the target
Introducing too much data to a target’s memory allocation
Inundating a target system with SYN requests
Using a similar wireless configuration of a nearby network

0617
A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.
Please click on the below items on the network diagram and configure them accordingly:
- WAP
- DHCP Server
- AAA Server
- Wireless Controller
- LDAP Server
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

[Anmerkung: Zur Zeit liegen leider nur Screenshots für den Access Point vor!]

0067
An administrator is replacing a wireless router. The configuration of the old wireless router was not documented
before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment
that was manufactured prior to the release of the 802.11i standard. Which of the following configuration options
should the administrator select for the new wireless router?

WPA+TKIP
WPA+CCMP
WPA2+CCMP
WPA2+TKIP

0546
A security analyst is hardening a large-scale wireless network. The primary requirements are the following:
- Must use authentication through EAP-TLS certificates
- Must use an AAA server
- Must use the most secure encryption protocol

Given these requirements, which of the following should the analyst implement and recommend? (Select TWO.)

WPA2-PSK
TKIP
CCMP
802.1X
LDAP
802.3

0265
The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized
users are accessing the wireless network. The administer has determined that attackers are still able to detect the
presence of the wireless network despite the fact the SSID has been disabled.

Upgrade the encryption to WPA or WPA2Which of the following would further obscure the presence of the wireless network?

Disable responses to a broadcast probe request
Upgrade the encryption to WPA or WPA2
Reroute wireless users to a honeypot
Create a non-zero length SSID for the wireless router

0079
An analyst wants to implement a more secure wireless authentication for office access points.

Which of the following technologies allows for encrypted authentication of wireless clients over TLS?

0195
A user of the wireless network is unable to gain access to the network. The symptoms are:
- Unable to connect to both internal and Internet resources
- The wireless icon shows connectivity but has no network access
The wireless network is WPA2 Enterprise and users must be a member of the wireless security group to authenticate.

Which of the following is the MOST likely cause of the connectivity issues?

The wireless signal is not strong enough
A remote DDoS attack against the RADIUS server is taking place
The DHCP scope is full
The user's laptop only supports WPA and WEP
The dynamic encryption key did not update while the user was offline

When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured
when connecting to WPA2-PSK?

0175
A technician is configuring a wireless guest network. After applying the most recent changes the technician finds
the new devices can no longer find the wireless network by name, but existing devices are still able to use the
wireless network.

Which of the following security measures did the technician MOST likely implement to cause this Scenario?

Deactivation of SSID broadcast
Beacon interval was decreased
Activation of 802.1X with RADIUS
Reduction of WAP signal output power
Implementation of MAC filtering

0420
A security engineer is configuring a wireless network with EAP-TLS. Which of the following activities is a requirement for this configuration?

Setting up a TACACS+ server
Configuring federation between authentication servers
Enabling TOTP
Deploying certificates to endpoint devices

0083
A system administrator wants to provide balance between the security of a wireless network and usability. The
administrator is concerned with wireless encryption compatibility of older devices used by some employees.
Which of the following would provide strong security and backward compatibility when accessing the wireless
network?

WPA2 using a RADIUS back-end for 802.1X authentication
WPA using a pre-shared key
Open wireless network and SSL VPN
WEP with a 40-bit key

0653
A company wants to implement a wireless network with the following requirements:
- All wireless users will have a unique credential.
- User certificates will not be required for authentication.
- The company's AAA infrastructure must be utilized.
- Local hosts should not store authentication tokens.

Which of the following should be used in the design to meet the requirements?

0806
An organization wants to set up a wireless network in the most secure way. Budget is not a major consideration, and the organization is willing to accept some complexity when clients are connecting. It is also willing to deny Enable WPA2-PSK for older clients and WPA2-Enterprise for all other clients.wireless connectivity for clients who cannot be connected in the most secure manner.

Which of the following would be the MOST secure setup that conforms to the organization's requirements?

Use WPA2-PSK with a 24-character complex password and change the password monthly.
Enable WPA2-PSK for older clients and WPA2-Enterprise for all other clients.
Enable WPA2-PSK, disable all other modes, and implement MAC filtering along with port security.
Use WPA2-Enterprise with RADIUS and disable pre-shared keys.

0363
A security administrator wants to configure a company's wireless network in a way that will prevent wireless clients from broadcasting the company's SSID.

Which of the following should be configured on the company's
access points?

Enable ESSID broadcast
Disable WPS
Disable MAC authentication
Enable protected management frames
Disable SSID broadcast
Enable wireless encryption

0054
A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an
encrypted wireless network.

Which of the following should be implemented in the administrator does not want to provide the wireless password or the certificate to the employees?

0913
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI.

Which of the following should the administrator configure?

802.1X
PSK
WPS
A captive portal

0461
A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate
mobile devices prior to providing the user with a captive portal Iogin.

Which of the following should the systems administrator configure?

L2TP with MAC filtering
EAP-TTLS
RADIUS federation
WPA2-CCMP with PSK

0671
A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are reporting they are unable to access company resources when connected to the company SSID.

Which of the following should the security administrator use to assess connectivity?

Sniffer
Wireless scanner
Routing tables
Honeypot

0885
A local coffee shop runs a small WiFi hotspot for its customers that utilizes WPA2-PSK. The coffee shop would like WEPto stay current with security trends and wants to implement WPA3 to make its WiFi even more secure.

Which of the following technologies should the coffee shop use in place of PSK?

WEP
SAE (Simultaneous Authentication of Equals, a WPA3 feature)
WPS
EAP

0048
A user suspects someone has been accessing a home network without permission by spoofing the MAC address of
an authorized system. While attempting to determine if an authorized user is logged into the home network, the
user reviews the wireless router, which shows the following table for systems that are currently on the home
network.

Host        IP                  Mac              Mac Filter

DadPC   192.168.1.10 00:1d:blabla  On

MomPC  192.168.1.10 21:13:blabla  Off

JuniorPC 192.168.1.10 42:a7:blabla  On

Unknown 192.168.1.10 10:b3:blabla  Off

Which of the following should be the NEXT step to determine if there is an unauthorized user on the network?

Conduct a ping sweep of each of the authorized systems and see if an echo response is received.
Deny the “unknown” host because the hostname is not known and MAC filtering is not applied to this host.
Apply MAC filtering and see if the router drops any of the systems.
Physically check each of the authorized systems to determine if they are logged onto the network.

0224
A security guard has informed the Chief Information Security Officer that a person with a tablet has been walking
around the building. The guard also noticed strange white markings in different areas of the parking lot.
The person is attempting which of the following types of attacks?

Packet sniffing
Jamming
Warchalking
Near field communication

0151
A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company.

Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network?

Wi-Fi Protected Setup
Enterprise
Captive portal
Pre-shared key

0620
A company needs to implement a system that only lets a visitor use the company's network infrastructure if the visitor accepts the AUP.

Which of the following should the company use?

WiFi-protected setup
Password authentication protocol
Captive portal
RADIUS

0712
A systems administrator needs to integrate multiple IoT and small embedded devices into the company's wireless
network securely. Which of the following should the administrator implement to ensure low-power and legacy
devices can connect to the wireless network?

0994
A company wants to configure its wireless network to require username and password authentication.

Which of the following should the systems administrator implement?

1025
A Chief Executive Officer (CEO) is staying at a hotel during a business trip. The hotels wireless network does not show a lock symbol.

Which of the following precautions should the CEO take? (Choose two.)

Change the connection type to WPA2
Use a VPN
Create a tunnel connection with EAP-TTLS
Change TKIP to CCMP
Tether to a mobile phone

0821
A systems engineer is setting up a RADIUS server to support a wireless network that uses certificate authentication.

Which of the following protocols must be supported by both the RADIUS server and the WAPs?

0280
After correctly configuring a new wireless enabled thermostat to control the temperature of the company's
meeting room, Joe, a network administrator, determines that the thermostat is not connecting to the internet-
based control system. Joe verifies that the thermostat received the expected network parameters and it is
associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network
are functioning properly. The network administrator verified that the thermostat works when tested at his
residence.

Which of the following is the MOST likely reason the thermostat is not connecting to the internet?

The company implements a captive portal
The thermostat is using the incorrect encryption algorithm
The WPA2 shared key likely is incorrect
The company's DHCP server scope is full

0214
Which of the following attack types is being carried out where a target is being sent unsolicited messages via
Bluetooth?

Bluejacking
War chalking
Bluesnarfing
Rogue tethering