1.

While working in a conference room equipped with a wireless network on a presentation document,
you notice that turning your laptop in different directions results in your wireless signal strength
changing. This change in signal strength is primarily caused by which RF signal property?
A. The RF signal's amplitude is changing due to a change in the visual line-of-sight.
B. The RF signal's wavelength is being affected by varying antenna gain.
C. The RF signal's multipath is changing the amount of RF absorbed by nearby objects.
D. The RF signal's phase is oscillating due to electromagnetic interference (EMI).
E. The RF signal's polarization is different than the receiving antenna.

2. If an 802.11 RF signal reaches a receiving antenna simultaneously by direct and indirect (reflected)
paths, what effect might the reflected signal have on the signal that took the direct line-of-sight path?
A. The direct signal will be amplified. The amplification results in a signal that is stronger at the
receiving antenna than was originally transmitted.
B. The direct signal will not be received if the indirect signal is greater than 90out-of-phase.
C. Adjacent channel interference will occur. The interference creates distortion of the signal, rendering
it corrupt and unreadable.
D. The direct signal will be attenuated if the indirect signal arrives simultaneously at the receiver, but
90out-of-phase.
E. Co-channel interference occurs. The interference causes attenuation and phase inversion of the
direct signal.

3. What features are defined by the IEEE 802.11-2007 standard for the purpose of satisfying regulatory
requirements for 5 GHz operation?
A. Controlled Access Phasing
B. Distributed Coordination Function
C. Frequency Shift Keying
D. Transmit Power Control
E. Port-based Access Control
F. Dynamic Frequency Selection

4. Which of the following are three items that are specified by or derived from the IEEE 802.11i
wireless LAN security amendment? (Choose three)
A. CCMP / AES
B. WPA2-Enterprise
C. IP Security (IPSec)
D. 802.1X/EAP framework
E. Secure Shell

5. Which of the following is an advantage of using WPA-Personal as a security solution for 802.11a
networks, rather than WEP-128?
A. WPA-Personal uses 802.1X/EAP for authentication, and WEP-128 uses preshared keys.
B. WPA-Personal is based upon IEEE 802.11 industry standards, but WEP is not.
C. WPA-Personal uses CCMP for encryption, and WEP-128 uses TKIP for encryption.
D. Each station using WPA-Personal uses a unique encryption key to encrypt data, but WEP-128
stations all use the same encryption key.
E. Only users that know the preshared key can view other stations encrypted data when WPA
Personal is in use. With WEP-128, this is not possible.

49261262.doc
6. What facts should you consider when choosing client devices to operate on your WLAN network?
A. An 802.11 OFDM system is less susceptible to high-power, narrowband interference than an 802.11
HR/DSSS system.
B. When ERP-OFDM is used by all stations, UNII band devices can communicate with ISM band
devices
C. When HR/DSSS devices are present in an ERP BSS, the use of HR/DSSS will diminish network
throughput significantly over a purely OFDM environment.
D. An ERP-OFDM system supporting only OFDM data rates can interoperate with HR/DSSS devices.

7. Which IEEE 802.11 physical layer specification (PHY) provides support for OFDM and HR/DSSS
operational compatibility?
A. HR/DSSS
B. OFDM
C. ERP
D. HT
E. CCK
F. PBCC

8. Your company hires you to troubleshoot their 802.11abgh-compliant, Wi-Fi-certified access point
and wireless client devices. Subsequent to carrying out a site survey, you identify five neighboring
802.11b access points that belongs to your company; one on channel 1, three on channel 6, and one
on channel 11. What is the most appropriate change that is recommended to best circumvent co-
channel and adjacent channel interference?
A. Configure Company's access point to use channel 1, 802.11g OFDM-only mode, and to operate in
PCF mode.
B. Configure Company's access point to use channel 3, 802.11g-standard mode, and to use the
RTS/CTS protection mechanism all the time.
C. Configure Company's access point to use 802.11a with dynamic frequency selection (DFS).
D. There is no available configuration that would avoid co-channel or adjacent-channel interference in
this situation.

9. What statements are true concerning the use of Orthogonal Frequency Division Multiplexing
(OFDM) in IEEE 802.11 WLANs?
A. Six (6) "pilot" sub-carriers are used as a reference to disregard frequency and phase shifts of the
signal during transmission.
B. UNII band OFDM channels have 20 MHz spacing between center frequencies
C. 16QAM modulation is used at the 54 Mbps data rate.
D. The OFDM PHY is divided into two sub-layers, the LLC and PLCP.
E. Forty-eight (48) sub-carriers are used as parallel symbol transmission paths.

10. How far apart are the center frequencies of the OFDM channels specified for use in the UNII-2
band (5.25 5.35 GHz)?
A. 10 MHz
B. 15 MHz
C. 20 MHz
D. 22 MHz
E. 30 MHz

49261262.doc
11. Devices compliant with the IEEE 802.11-2007 standard use which radio bands? (choose 3)
A. 902 - 928 MHz ISM band
B. 2.4000 2.4835 GHz ISM band
C. 5.470 5.725 GHz UNII band
D. 5.15 5.25 GHz UNII band
E. 5.725 5.875 GHz ISM band

12. What facts should you consider when choosing client devices to operate on your WLAN network?
A. An 802.11 OFDM system is less susceptible to high-power, narrowband interference than an 802.11
HR/DSSS system.
B. When ERP-OFDM is used by all stations, UNII band devices can communicate with ISM band
devices
C. When HR/DSSS devices are present in an ERP BSS, the use of HR/DSSS will diminish network
throughput significantly over a purely OFDM environment.
D. An ERP-OFDM system supporting only OFDM data rates can interoperate with HR/DSSS devices.

13. When choosing a spread spectrum technology for your wireless LAN network, what are two facts
should you consider? (Choose two)
A. An 802.11b Direct Sequence Spread Spectrum (DSSS) signal offers higher data rates and is less
susceptible to narrowband interference than an 802.11 Frequency Hopping Spread Spectrum system.
B. While 802.11g devices can use either DSSS or OFDM technology, 802.11a devices only support
OFDM. Therefore 802.11g devices always use OFDM to communicate with 802.11a devices.
C. When 802.11b devices are present in an 802.11g BSS, the use of DSSS will diminish network
throughput significantly over a purely OFDM environment.
D. An 802.11g system supporting only the data rates required by the 802.11g amendment can
interoperate with 802.11b devices.
E. 802.11g systems use OFDM technology to obtain speeds equal to 802.11a systems and to
communicate with 802.11b devices.

14. What factors affect the amount of wireless bandwidth available to each station? (Choose 2)
A. Number of actively transmitting stations associated to the access point
B. Beacon interval value configured in the access point
C. Co-located access points on non-overlapping channels
D. Distance from the access point to the most distant station
E. The layer 3 protocol used by each station to transmit data over the wireless link

15. Given: Co-located ERP-OFDM access points can experience throughput degradation due to frame
corruption and retransmissions when operating on non-overlapping channels. What could cause this
condition to occur? (Choose 3)
A. The access points are too close to one another.
B. Reflective objects in the area are causing significant multipath.
C. A client station is using active scanning to probe for access points on multiple channels.
D. The output power on each access point is too high.
E. A client station pre-authenticates to multiple access points in theareA.
F. The antenna gain on each access point is too high.

49261262.doc
16. In an 802.11 OFDM Basic Service Set (BSS), what prevents each station from using the full
network bandwidth (54 Mbps) when multiple stations are actively transmitting and receiving within the
BSS? (choose 2)
A. The queuing buffer memory size of the access point
B. WLAN devices have a default fragmentation threshold value of 2346 bytes
C. Use of a distributed coordination function containing abackoff algorithm
D. WLAN devices operate in a half duplex medium
E. WLANs use the CSMA/CD protocol

17. What statements about the Service Set Identifier (SSID) are true? (Choose 2)
A. The SSID is a mandatory security identifier used only in RSN sessions.
B. The SSID is a logical network name for the devices in a WLAN system.
C. The SSID is an alphanumeric value used for identifying a device's manufacturer.
D. The SSID is an arbitrary number assigned to each AP by each wireless client for roaming
purposes only.
E. The SSID is an alphanumeric information field having a value of 0 32 octets.

18. The IEEE 802.11-2007 standard specifies which features for strong security? (Choose 2)
A. SSID Hiding
B. EAP-TTLS
C. 802.1X/EAP
D. CCMP Cipher Suite
E. IPSec VPN Support
F. MAC Filters

19. Given: John configures ten IEEE 802.11 dual-band ERP / OFDM laptops in a conference room for
Ad Hoc wireless networking. One laptop is connected to the Ethernet network, and its Ethernet and
WLAN interfaces are bridged. All ten laptops are now able to obtain an IP address from the
organization's DHCP server, resolve DNS queries, and reach web servers on the Internet. Is this
WLAN an Independent Basic Service Set (IBSS) or an Infrastructure Basic Service Set (BSS)?
A. BSS because each wireless station has full access to wired network infrastructure services
B. BSS because the laptop with bridged interfaces is acting as an access point
C. IBSS because all laptops are configured for Ad Hoc mode connectivity
D. IBSS because the laptop with bridged interfaces does not transmit all of the Beacons

20. The Wi-Fi Multimedia (WMM) certification, created by the Wi-Fi Alliance, is based on
the___________ medium access method with support for ___________.
A. HEMM, Block Acknowledgement
B. EDCA, Transmission Opportunities
C. HCCA, Unscheduled APSD
D. DCF, Fast/Secure Roaming
E. PCF, Registered Polling

49261262.doc
21. What carrier sense mechanisms are deployed by the IEEE 802.11-2007 standard that aid in
collision avoidance? (Choose 2)
A. Passive
B. Pseudo-random
C. Virtual
D. Active
E. Physical
F. Data Link
G. Interframe

22. In an 802.11 OFDM Basic Service Set (BSS), what prevents each station from using the full
network bandwidth (54 Mbps) when multiple stations are actively transmitting and receiving within the
BSS? (Choose 2)
A. The queuing buffer memory size of the access point
B. WLAN devices have a default fragmentation threshold value of 2346 bytes
C. Use of a distributed coordination function containing abackoff algorithm
D. WLAN devices operate in a half duplex medium
E. WLANs use the CSMA/CD protocol

23. What statements about the 802.11 standard's QoS facility enhancements are true? (Choose 2)
A. Frames with the highest priority access category tend to have the lowest backoff values and
therefore they
are more likely to get a TXOP.
B. As long as the Voice queue has data frames awaiting transmission, no data will be transmitted
from the Best Effort queue.
C. New QoS control frame types are introduced for backwards compatibility with non-QoS capable
stations.
D. Eight (8) user priorities map to eight (8) transmit queues

24. What parameters make WMM-PS more efficient than legacy 802.11 Power Save mode?(Choose 2)
A. WMM-PS identifies incoming VoIP data and delivers it immediately
B. Use of Data frames as trigger frames instead of Control frames
C. Queued frames are delivered at scheduled intervals
D. WMM-PS client devices switch in and out of APSD mode every Beacon
E. Applications control capacity and latency requirements

25. What 802.11 WLAN type implements power management where stations send trigger frames to the
AP after they awake from dozing?
A. Integrated Service Set (ISS)
B. Independent Basic Service Set (IBSS)
C. Ad Hoc PSP Mode Set (APMS)
D. Extended Service Set (ESS)
E. Dynamic PowerSave Set (DPSS)

49261262.doc
26. Given: Unicast data frames are queued at the access point for a dozing station that is operating in
IEEE 802.11 legacy (non-QoS) Power Save mode. What actions are part of the process for the station
to receive the queued frames? (Choose 3)
A. The AP transmits information in Beacons that note which stations have queued frames.
B. The AP retransmits the first queued data frame at a regular interval until the station receives it and
sends an acknowledgement.
C. Stations request their queued frames from the access point using a PS-Poll frame.
D. Stations awaken at a predetermined interval.
E. The AP transmits a multicast ATIM to all stations with queued unicast data to wake them up.
F. Stations send a PS-Poll frame to the AP with the DTIM bit set to 1.

27. Which of the following are two statements that best describe 802.11-1999 (R2003) network
operation with regard to association and re-association processes? (Choose two)
A. When actively scanning for a network to join, clients transmit Probe Request frames, which contain
most of the same information found in beacons.
B. Access points can ignore stations using a null (blank) SSID field in their Probe Request frames, but
must respond with a Probe Response frame if a station has a specific SSID matching their own.
C. In order to provide seamless roaming, some vendors allow a station to associate with a new access
point while still associated with the old one as long as both access points are from the same vendor.
D. When a station is in the cell range of multiple access points, it will associate with an access point
that uses active scanning before associating with an access point that uses passive scanning.
E. A station cannot attempt to associate with an access point until that access point authenticates the
station.

28. When is an ERP-OFDM access point required by the IEEE 802.11 standard to respond to Probe
Request frames from nearby High Throughput (HT) stations? (Choose 2)
A. When the Probe Request frames contain the correct SSID value
B. When the access point is configured for Open System authentication
C. When the Probe Request frames contain a blank SSID value
D. When the Probe Request frames contain all basic data rates specified by the access point
E. When the access point supports only HR/DSSS data rates

29. Given: The 802.11-2007 standard often refers to Association and Reassociation frames as a set by
saying, "(Re)Association." What is one difference between these two frame types?
A. Association frames cannot be used in fast BSS transition.
B. The Reassociation frame contains an additional field called the Current AP Address.
C. In aQoS BSS, Association frames carry QoS information while Reassociation frames do not.
D. Only the Association frame is used in a heterogeneous (mixed vendor) network.

30. What steps are part of the 802.11 reassociation process? (Choose 2)
A. A client station transmits a Reassociation Request frame to its current access point.
B. The current access point informs the Ethernet switch of the reassociation.
C. The current access point invokes reassociation with the client station.
D. The new access point transmits a Reassociation Response frame to a client station with a status
value.
E. The new access point's Reassociation Service informs the Distribution System that the association
is moving.
F. The client station transmits a deauthentication frame to the current access point.

49261262.doc
31. In an Infrastructure Basic Service Set (BSS), what best describes the Passive Scanning process?
A. Access points broadcast Beacons on all channels on each radio within the regulatory domain.
Nearby stations record information found in the Beacons for use in the association process.
B. Stations broadcast Probe Request frames on all channels within the governmental regulatory
domain. Nearby access points respond with Probe Response frames. Stations record information
found in the Probe Response frames for use in the association process.
C. Stations broadcast Probe Request frames on the single channel for which they are programmed.
Nearby access points respond on that channel with Probe Response frames. Stations record
information found in the Probe Response frames for use in the association process.
D. Stations broadcast Beacons on a single channel. Nearby stations record information found in the
Beacons for use in the association process.

32. Given: Unicast data frames are queued at the access point for a dozing station that is operating in
IEEE 802.11 legacy (non-QoS) Power Save mode. What actions are part of the process for the station
to receive the queued frames? (Choose 3)
A. The AP transmits information in Beacons that note which stations have queued frames.
B. The AP retransmits the first queued data frame at a regular interval until the station receives it and
sends an acknowledgement.
C. Stations request their queued frames from the access point using a PS-Poll frame.
D. Stations awaken at a predetermined interval.
E. The AP transmits a multicast ATIM to all stations with queued unicast data to wake them up.
F. Stations send a PS-Poll frame to the AP with the DTIM bit set to 1.

33. Given: ABC Company has a 2-story building and one WLAN controller with six lightweight APs.
The WLAN controller currently provides coverage to 75% of both floors and an adequate amount of
capacity for all client devices. The network manager has decided that ABC Company needs 100%
coverage, and the existing WLAN controller will not support any additional APs. The Engineering team
is moving upstairs and the Sales team is moving downstairs to keep everyone organized and efficient.
There will be an occasional need for members of the Engineering team to work downstairs and for the
Sales team to work upstairs, and each team is increasing in size by 10% over the next month.
What is the most cost effective upgrade solution that will yield:
1) Continued support of fast/secure roaming between APs
2) Added network capacity to accommodate the 10% growth
3) 100% coverage on both floors of the facility
A. Buy a second WLAN controller with additional lightweight APs. Use one WLAN controller for
upstairs and the other for downstairs. Put each WLAN controller on its own subnet.
B. Add autonomous APs where needed to complete coverage. Configure the autonomous APs for
preauthentication support and the same SSID used by the WLAN controller. Autonomous APs should
be on the same subnet with the WLAN controller.
C. Turn up the power to all lightweight APs and move the APs to suitable locations to provide 100%
coverage. Leave the WLAN controller configured for a single subnet.
D. Replace the existing WLAN controller with a larger WLAN controller and add additional APs.
Configure two WLAN profiles in the WLAN controller, but continue to use a single subnet.

49261262.doc
34. Given: XYZ Company has decided to install an 802.11 WLAN system that will support 250 wireless
users, but they are concerned about network security. They have decided to implement three
mandatory security mechanisms:
1) Role-Based Access Control,
2) 802.1X/PEAP, and
3) Bandwidth Management.
What two devices, when implemented together, will give XYZ Company the features that will allow
them to meet their security goals? (Choose 2)
A. RADIUS Authentication Server
B. Wireless Intrusion Prevention System
C. Wireless LAN Controller
D. Wireless Mesh Router System
E. Distributed Spectrum Analyzer
F. Ethernet Router with Integrated Firewall

35. What are some common components of 802.11 WLAN client utilities? (Choose 3)
A. Site Survey Utility
B. AP Signal Strength Meter
C. Spectrum Analyzer Utility
D. Role Based Access Control Configuration
E. Power Management Mode State Monitor
F. WLAN Profile Configuration Tool
G. Real-time Throughput Monitor

36. Given: ABC Company is opening a new branch office that needs an 802.11 WLAN to support a
mission-critical application. The IT manager has considered implementing a remote office WLAN
controller with lightweight access points instead of several autonomous access points. He has asked
you about the primary differences between the two solutions.
What statements define characteristics of WLAN controllers? (Choose 2)
A. Lightweight access points must be plugged directly into the WLAN controller, but autonomous
access points can be plugged into Ethernet switches of any kind.
B. The Lightweight Access Point Protocol (LWAPP) allows lightweight access points from one vendor
to be used with WLAN controllers from another vendor. C. Lightweight access points download their
firmware and configuration from the WLAN controller upon initialization, thus reducing management
overhead.
D. All lightweight access points support 802.3-2005, Clause 33PoE, and some lightweight access
points support the 802.3at PoE Plus standard.
E. If a WLAN controller isused, all attached lightweight access points must use the same WLAN
profiles.

37. What features are supported by 802.11 WLAN controllers? (Choose 4)

A. Multiple simultaneous WLAN profiles
B. Role based access control
C. Layer 3 switching
D. Guest access functions
E. Heat maps overlaying floor plans

49261262.doc
38.Given: Co-located ERP-OFDM access points can experience throughput degradation due to frame
corruption and retransmissions when operating on non-overlapping channels. What could cause this
condition to occur? (Choose 3)
A. The access points are too close to one another.
B. Reflective objects in the area are causing significant multipath.
C. A client station is using active scanning to probe for access points on multiple channels.
D. The output power on each access point is too high.
E. A client station pre-authenticates to multiple access points in theareA.
F. The antenna gain on each access point is too high.

39.

Speculate about what is happening in the RF spectrum, as illustrated in the exhibit, and what problem
it is likely to cause for a Wi-Fi network.
A. A Bluetooth 2.0+EDR system that supports AFH is in discovery mode and is avoiding interfering
with Wi-Fi systems on channel 1. All Wi-Fi systems on channels 6 and 11 in the immediate area will
have decreased throughput due to RF interference.
B. A 2.4 GHz interference source is active, significantly raising the noise floor across the entire 2.4
GHz band. This will cause high retransmissions and low throughput.
C. WIPS sensors are performing rogue mitigation.VoWiFi systems will experience increased latency on
channels where mitigation is in use.
D. A RFID system is actively reading RFID tags. This will not cause a problem for the Wi-Fi network,
but will cause a significant number of false positives for a WIPS.

40. Given: You have been hired as a consultant to troubleshoot a performance problem with an 802.11
ERP network. You begin troubleshooting by finding a WLAN client device that is experiencing
throughput problems and viewing its 802.11 frame exchanges in an 802.11 protocol analyzer. The
retransmission rate is 40% instead of the company's baseline of 3%.
How should you proceed in further troubleshooting this problem? (Choose 2)
A. Use a protocol analyzer to look for MAC layerDoS attacks such as EAPoL-Start floods.
B. Use a spectrum analyzer to look for a noise floor value significantly higher than -95dBm.
C. Use a laptop-based site survey planning and analysis tool to optimize AP placement.
D. Use a protocol analyzer to look for increased reassociations due to a low roaming threshold.
E. Use a spectrum analyzer to look for a 2.4 GHz RF source with a high duty cycle value.
F. Use a Wi-Fi endpoint security system to monitor retransmissions on the client device in real time.

49261262.doc
41. What are some problems that may arise in 802.11 WLANs as a result of a hidden node? (Choose
3)
A. Increase in duration values on the RF medium
B. High retransmissions from a station
C. Increased probing by the hidden node
D. Low throughput within the BSS
E. Excessive use of null data frames
F. Collisions on the RF medium
G. Slow reassociation times

42. What problems exist for a multiple channel architecture (MCA) WLAN when its APs are all
operating at full power (typically 100mW)? (Choose 2)
A. Mismatched transmission amplitudes between VoWiFi handsets and APs can cause poor quality
calls.
B. WLAN client stations can experience the hidden node problem when located near each other within
the same cell.
C. The mismatched power between WLAN client stations and APs violates many regulatory domain
requirements.
D. WLAN system capacity can be reduced due to co-channel interference.
E. APs operating in the higher channels of the 2.4 GHz band can interfere with APs operating in the
lower channels of the 5 GHz bands.

43. What are possible causes of the "hidden node" problem with 802.11 WLANs? (Choose 3)
A. Data frames too large for the physical environment
B. Client stations broadcasting with too much power
C. Access points broadcasting with too little power
D. Client stations too close in proximity to each other
E. Interfering obstacles between client stations
F. Large 802.11 cells with physically distributed stations
G. 802.11 radios with distributed antenna systems

44. If an 802.11 RF signal reaches a receiving antenna simultaneously by direct and indirect (reflected)
paths, what effect might the reflected signal have on the signal that took the direct line-of-sight path?
A. The direct signal will be amplified. The amplification results in a signal that is stronger at the
Receiving antenna than was originally transmitted.
B. The direct signal will not be received if the indirect signal is greater than 90out-of-phase.
C. Adjacent channel interference will occur. The interference creates distortion of the signal, rendering
it corrupt and unreadable.
D. The direct signal will be attenuated if the indirect signal arrives simultaneously at the receiver, but
90out-of-phase.
E. Co-channel interference occurs. The interference causes attenuation and phase inversion of the
direct signal.

49261262.doc
45. Given: Before performing a site survey for a hospital, the network manager notifies you that there is
a connection-oriented, real-time medical application used across the hospital's wired network. This
application will also be used on the WLAN once it is installed. Because the application is real-time, it is
sensitive to service disruptions and latency. For this reason, it is particularly important to locate
sources of RF interference, blockage, and dead spots.
What can put the application at risk of time-outs? (Choose 2)
A. High patient density in a given area
B. Long hallways
C. Elevator shafts
D. Metal mesh glass
E. Intercom system

46. Given: A company has several stations connected to a single radio access point, and all stations
are actively transmitting and receiving in the BSS. What factors affect the amount of wireless
bandwidth available to each station? (Choose 2)
A. Number of actively transmitting stations associated to the access point
B. Beacon interval value configured in the access point
C. Co-located access points on non-overlapping channels
D. Distance from the access point to the most distant station
E. The layer 3 protocol used by each station to transmit data over the wireless link

47. In an 802.11 ERP-OFDM system, what channel pairs are considered non-overlapping? (Choose 2)
A. Channels 4 and 10
B. Channels 1 and 4
C. Channels 3 and 7
D. Channels 1 and 10
E. Channels 8 and 11
F. Channels 5 and 8

48. What are some valid reasons for a wireless network administrator to disable 1 and 2 Mbps data
rates on a WLAN controller? (Choose 2)
A. To increase throughput in each BSS
B. To reduce the number of hidden nodes
C. To force users to use 5 GHz frequencies
D. To induce load balancing of stations in the ESS
E. These data rates are not allowed on VoWiFi WLANs
F. To force the BSS to support short preambles

49. Given: As your station moves away from the access point to which it is associated, it changes its
data rate from 54 Mbps to 48 Mbps and then to 36 Mbps. What IEEE 802.11 term is used to describe
this functionality?
A. Dynamic Rate Switching
B. Multi-rate Control
C. Proximity Rate Handling
D. Rate Set Selectivity

49261262.doc
50. Which of the following are two statements that best describe 802.11-1999 (R2003) network
operation with regard to association and re-association processes? (Choose two)
A. When actively scanning for a network to join, clients transmit Probe Request frames, which contain
most of the same information found in beacons.
B. Access points can ignore stations using a null (blank) SSID field in their Probe Request frames, but
must respond with a Probe Response frame if a station has a specific SSID matching their own.
C. In order to provide seamless roaming, some vendors allow a station to associate with a new access
point while still associated with the old one as long as both access points are from the same vendor.
D. When a station is in the cell range of multiple access points, it will associate with an access point
that uses active scanning before associating with an access point that uses passive scanning.
E. A station cannot attempt to associate with an access point until that access point authenticates the
station.

51.

Given the Wi-Fi certification shown in the exhibit, what statement is FALSE about this access point?
A. This access point supports ERP protection mechanisms such as RTS/CTS and CTS-to-Self.
B. This access point supports WEP, TKIP, and CCMP cipher suites.
C. This access point supports Wi-Fi Multimedia Extensions.
D. This access point supports the ERP and OFDM physical layer specifications.
E. This access point supports PEAP authentication with both Microsoft and Cisco RADIUS servers.

52. What three cipher suites are specified by the IEEE 802.11-2007 standard? (Choose 3)
A. CCMP
B. WPA2
C. IPSec
D. 802.1X
E. SSH2
F. WEP
G. TKIP

53. The IEEE 802.11-2007 standard specifies mandatory support of the ___________ cipher suite for
Robust Security Network Associations, and optional use of the ___________ cipher suite, designed for
use with pre-RSNA hardware.
A. CCMP, TKIP
B. 802.1X/EAP, WEP
C. TLS, SSL
D. CCKM, WPA
E. PMK, GMK
49261262.doc
54. What is an advantage of using WPA2-Personal instead of WEP-128 as a security solution for
802.11 networks?
A. WPA2-Personal uses 802.1X/EAP for authentication, and WEP-128 usespreshared keys.
B. WPA2-Personal is based on IEEE 802.11 industry standards, but WEP is not.
C. WPA2-Personal uses CCMP for encryption, and WEP-128 uses TKIP for encryption.
D. Each station using WPA2-Personal uses a unique encryption key to encrypt data, but WEP-128
stations all use the same encryption key.
E. Only users that know thepreshared key can view other stations' encrypted data when WPA2-
Personal is in use. With WEP-128, this is not possible.

55. Your company has many client devices, some that support WEP, some that support WPA, and
some that support WPA2. The client devices that support only WEP can be firmware upgraded to
support the TKIP wireless security protocol. As the wireless administrator at Your company, it is your
responsibility to provide the strongest industry standard layer-2 security possible while applying a
reliable solution for all devices. Which are two security measures that you should apply to meet Your
company's requirements? (Choose two)
A. 802.1X/EAP authentication
B. TKIP/RC4 encryption
C. Shared Key authentication
D. CCMP/AES encryption
E. WEP-128 encryption with a passphrase
F. Transport Layer Security (TLS)

56. What device feature is user configurable for RSN-capable 802.11 WLAN client devices?
A. WMM Priority Tagging
B. SNMP Community Strings
C. CCMP Configuration Parameters
D. RADIUS Server IP Address
E. EAP Authentication Type

57. Given: You are the network administrator for ABC Company. Your manager has recently attended
a wireless security seminar. The seminar speaker insisted that a wireless network could be hidden
from potential intruders if you disabled the broadcasting of the SSID in Beacons and configured the
access points not to respond to Probe Request frames that have a null SSID field. Your manager asks
your opinion about these security practices. How would you respond? (Choose 2)
A. Any 802.11 protocol analyzer can see the SSID in clear text in frames other than Beacons and
Probe Response frames. This negates any benefit of trying to hide the SSID by configuring Beacons
and Probe Response frames.
B. These security practices prevent manufacturers' client utilities from seeing the SSID. This means
that the SSID cannot be obtained, except through social engineering, guessing, or use of WIPS.
C. Broadcasting the SSID in Beacons and allowing access points to respond to Probe Request frames
with null SSID fields allows authorized users to easily find and connect to the WLAN, provided they
have the correct security credentials.
D. Any tenants in the same building using a wireless intrusion protection system (WIPS) will be able to
obtain the SSID by exploiting probe delay timers. This poses a security risk.
E. An additional security practice is equally crucial to hiding the wireless network's
SSID:deauthentication frames. The access point and client stations must both be configured to remove
the SSID from Deauthentication frames.

49261262.doc
58. The 802.1X framework provides _________ using EAP for _________ and very often Providing
_________.
A. Dynamic encryption keys, authorization to network resources, authentication of client stations
B. Authorization of access points, authentication of client stations, rotating encryption keys
C. Access to network resources, authentication of network users, dynamic data encryption
D. Port-based access control, mutual authentication between client stations and access points,
management frame protection
E. Authentication of network users, flexible data encryption, authorization of network resources
F. Identity services, client remediation, guest access services

59. The use of which four Extensible Authentication Protocol (EAP) types is included in the
WPA/WPA2-Enterprise certification programs from the Wi-Fi Alliance? (Choose four)
A. EAP-TTLS
B. PEAPv0 / EAP-MSCHAPv2
C. EAP-TLS
D. EAP-FAST
E. EAP-MD5
F. LEAP
G. PEAPv1 / EAP-GTC

60. Given: Your WLAN administrator is having difficulty providing employees of each department
access only to network resources to which they are specifically authorized. What WLAN controller
feature would allow the network administrator to accomplish this task?
A. ACL
B. VRRP
C. RBAC
D. IPSec
E. WIPS
F. WPA2

61. Given: ABC Company performs top-secret government contract work and has recently purchased
an 802.11 Wireless Intrusion Prevention System (WIPS) to enforce their "NO WIRELESS" network
security policy. What attack will not be recognized by the WIPS?
A. Deauthentication
B. MAC Spoofing
C. Protocol Jamming
D. Eavesdropping
E. RF Jamming

62. Given: Joe runs a coffee shop, and as a value added service for his customers he has
implemented a Wi-Fi hotspot. Joe has read news articles about how hackers lurk at hotspots trying to
take advantage of unsuspecting users. Joe wants to avoid this problem at his coffee shop. What is the
most efficient step that Joe can take to prevent hackers from attacking his customers' wireless
computers at his coffee shop?
A. Give out a CD to each customer with free firewall software
B. Configure Role Based Access Control (RBAC) features in the WLAN controller
C. Authorize Network Admission Control (NAC) functionality in the WLAN controller
D. Enable station-to-station traffic blocking in the WLAN controller
E. Implement an SSL VPN in the WLAN controller that starts after HTTPS login

49261262.doc
63. Given: You are the network administrator for ABC Company. Your manager has recently attended
a wireless security seminar. The seminar speaker insisted that a wireless network could be hidden
from potential intruders if you disabled the broadcasting of the SSID in Beacons and configured the
access points not to respond to Probe Request frames that have a null SSID field. (choose 2)
Your manager asks your opinion about these security practices. How would you respond?
A. Any 802.11 protocol analyzer can see the SSID in clear text in frames other than Beacons and
Probe Response frames. This negates any benefit of trying to hide the SSID by configuring Beacons
and Probe Response frames.
B. These security practices prevent manufacturers' client utilities from seeing the SSID. This means
that the SSID cannot be obtained, except through social engineering, guessing, or use of WIPS.
C. Broadcasting the SSID in Beacons and allowing access points to respond to Probe Request frames
with null SSID fields allows authorized users to easily find and connect to the WLAN, provided they
have the correct security credentials.
D. Any tenants in the same building using a wireless intrusion protection system (WIPS) will be able to
obtain the SSID by exploiting probe delay timers. This poses a security risk.
E. An additional security practice is equally crucial to hiding the wireless network's
SSID:deauthentication frames. The access point and client stations must both be configured to remove
the SSID from Deauthentication frames.

64.

Identify the type and purpose of the application shown in the exhibit.
A. Laptop-based Site Survey Utility - Creating a list of necessary APs and plotting their locations on a
floor plan
B. Wireless Network Management System - Managing multiple autonomous APs through the SNMP
protocol
C. 802.11 Protocol Analyzer - Capturing and decoding 802.11 frames for the purpose of
troubleshooting and optimization
D. Laptop-based Spectrum Analyzer - Monitoring the RF spectrum for interference sources and
improper system operation
E. WLAN Discovery Tool - Locating and identifying secured and unsecured WLAN access points
F. Wireless Intrusion Protection System - Monitoring 802.11 frame exchanges for performance and
security analysis and reporting
49261262.doc
65. Given: The network administrator at XYZ Company recently attended a training class on wireless
security and realized that he still needs to update the corporate security policy to address WLAN
technology. The network administrator is trying to remember some of the items that should be
addressed in the security policy update, and has asked you to help.
What topics would you suggest for the security policy update? (choose 4)
A. Physical security of WLAN infrastructure devices
B. Wireless intrusion monitoring and response procedures
C. WLAN protocol analysis baseline documentation
D. Strong password requirements for users and infrastructure equipment
E. Training of the IT staff on WLAN operational security

66. Given: Network users at a large machinery manufacturer have been asking the network
administrator to implement an indoor WLAN. The network administrator and the network manager have
called a meeting of several senior management personnel to discuss WLAN implementation before
taking any site survey or implementation steps. The first order of discussion in the meeting is corporate
policy concerning implementation and use of WLAN technology.
What specific topics are appropriate in this policy meeting? (choose 3)
A. Security risks and audits
B. Government regulations
C. User productivity impact
D. Antenna types that should be used
E. Permits and zoning requirements
F. Vendor hardware recommendations

49261262.doc
Answers:
1. Answer: E 49. Answer: A
2. Answer: D 50. Answer: A,E
3. Answer: D,F 51. Answer C
4. Answer: A,B,D 52. Answer: A,F,G
5. Answer: D 53. Answer: A
6. Answer: C 54. Answer: D
7. Answer: C 55. Answer: A,B
8. Answer: C 56. Answer: E
9. Answer: B,E 57. Answer: A,C
10. Answer: C 58. Answer: C
11. Answer: B,C,D 59. Answer: A,B,C,G
12. Answer: C 60. Answer: C
13. Answer: C,D 61. Answer: D
14. Answer: A,D 62. Answer: D
15. Answer: A,D,F 63. Answer: A,C
16. Answer: C,D 64. Answer: E
17. Answer: B,E 65. Answer: A,B,D,E
18. Answer: C,D 66. Answer: A,B,C
19. Answer: C
20. Answer: B
21. Answer: C,E
22. Answer: C,D
23. Answer: A,B
24. Answer: B,E
25. Answer: D
26. Answer: A,C,D
27. Answer: A,E
28. Answer: A,C
29. Answer: B
30. Answer: D,E
31. Answer: A
32. Answer: A,C,D
33. Answer: D
34. Answer: A,C
35. Answer: A,B,F
36. Answer: C,D
37. Answer: A,B,D,E
38. Answer: A,D,F
39. Answer: B
40. Answer: B,E
41. Answer: B,D,F
42. Answer: A,D
43. Answer: E,F,G
44. Answer: D
45. Answer: C,D
46. Answer: A,D
47. Answer: A,D
48. Answer: A,B

49261262.doc