CWNP Updated CWSP-208 Exam Questions and Answers by killian

When compliance reporting and forensic analysis are required and the WLAN vendor’s centralized management system does not provide it, deploying a dedicated overlay WIPS is the most effective solution. Overlay WIPS uses dedicated sensors independent of the WLAN’s operational radios, offering detailed threat detection, compliance logging, and reporting capabilities that often surpass native WLAN features.

In integrated WIPS systems, radios are shared between client servicing and security scanning. To maintain quality of service for latency-sensitive applications such as VoWiFi (Voice over Wi-Fi), scanning operations may be temporarily suspended or deprioritized, potentially reducing security monitoring during those periods.

The correct sequence of the 4-Way Handshake frames in WPA/WPA2 is:

Message 1: Authenticator sends ANonce to the supplicant → (3)

Message 2: Supplicant sends SNonce and a MIC to the authenticator → (4)

Message 3: Authenticator sends GTK and confirms keys with MIC → (1)

Message 4: Supplicant confirms installation of PTK/GTK → (2)

This process ensures mutual key confirmation and integrity before data traffic begins.

An 802.11a/g-based WIPS cannot detect rogue activity that occurs in 802.11n/ac-specific modes, including Greenfield (HT-only) operation and use of 40 MHz channels, which are not part of the 802.11a/g specification. Greenfield mode disables legacy support, so a WIPS limited to 802.11a/g radios won’t even “see” these frames. This leaves a significant blind spot for detecting certain types of rogue devices or attacks using newer PHYs.