• Home
  • Articles
  • [Q25-Q48] PASS CWAP-404 exam with CWNP Real Exam Questions - 100% Valid!

[Q25-Q48] PASS CWAP-404 exam with CWNP Real Exam Questions - 100% Valid!

Share

PASS CWAP-404 exam with CWNP Real Exam Questions - 100% Valid!

Actual CWAP-404 Exam Recently Updated Questions with Free Demo


CWNP CWAP-404 Exam Certification Details:

Exam RegistrationPEARSON VUE
Sample QuestionsCWNP CWAP-404 Sample Questions
Number of Questions60
Exam CodeCWAP-404 CWAP


CWNP CWAP-404 Exam Topics:

SectionObjectives

Protocol Analysis - 15%

Capture 802.11 frames using the appropriate methods- Select capture devices
  • Laptop protocol analyzers
  • APs, controllers, and other management solutions
  • Specialty devices (hand-held analyzers and custom-built devices)

- Install monitor mode drivers
- Select capture location(s)
- Capture sufficient data for analysis
- Capture all channels or capture on a single channel as needed
- Capture roaming events

Understand and apply the common capture configuration parameters available in protocol analysis tools- Save to disk
- Packet slicing
- Event triggers
- Buffer options
- Channels and channel widths
- Capture filters
- Channel scanning and dwell time
Analyze 802.11 frame captures to discover problems and find solutions- Use appropriate display filters to view relevant frames and packets
- Use colorization to highlight important frames and packets
- Configure and display columns for analysis purposes
- View frame and packet decodes while understanding the information shown and applying it to the analysis process
- Use multiple adapters and channel aggregation to view captures from multiple channels
- Implement protocol analyzer decryption procedures
- View and use a capture’s statistical information for analysis
- Use expert mode for analysis
- View and understand peer maps as they relate to communications analysis
Utilize additional tools that capture 802.11 frames for analysis and troubleshooting- WLAN scanners and discovery tools
- Protocol capture visualization and analysis tools
- Centralized monitoring, alerting, and forensic tools
Ensure appropriate troubleshooting methods are used with all analysis types- Define the problem
- Determine the scale of the problem
- Identify probable causes
- Capture and analyze the data
- Observe the problem
- Choose appropriate remediation steps
- Document the problem and resolution

Spectrum Analysis - 10%

Capture RF spectrum data and understand the common views available in spectrum analyzers- Install, configure, and use spectrum analysis software and hardware
- Capture RF spectrum data using handheld, laptop-based, and infrastructure spectrum capture solutions
- Understand and use spectrum analyzer views
  • Real-time FFT
  • Waterfall, swept spectrogram, density, and historic views
  • Utilization and duty cycle
  • Detected devices
  • WLAN integration views
Analyze spectrum captures to identify relevant RF information and issues- RF noise floor in an environment
- Signal-to-Noise Ratio (SNR) for a given signal
- Sources of RF interference and their locations
- RF channel utilization
- Non-Wi-Fi transmitters and their impact on WLAN communications
- Overlapping and non-overlapping adjacent channel interference
- Poor performing or faulty radios
Analyze spectrum captures to identify various device signatures- Identify various 802.11 PHYs
  • DSSS
  • OFDM
  • OFDMA
  • Channel widths
  • Primary channel

- Identify non-802.11 devices based on RF behaviors and signatures

  • Frequency hopping devices
  • IoT devices
  • Microwave ovens
  • Video devices
  • RF Jammers
  • Cordless phones
Use centralized spectrum analysis solutions- AP-based spectrum analysis
- Sensor-based spectrum analysis

PHY Layers and Technologies - 10%

Understand and describe the functions of the PHY layer and the PHY protocol data units (PPDUs)- DSSS (Direct Sequence Spread Spectrum)
- HR/DSSS (High Rate/Direct Sequence Spread Spectrum)
- OFDM (Orthogonal Frequency Division Multiplexing)
- ERP (Extended Rate PHY)
- HT (High Throughput)
- VHT (Very High Throughput)
- HE (High Efficiency)
  • HE SU PPDU
  • HE MU PPDU
  • HE ER SU PPDU
  • HE TB PPDU
  • HE NULL data packets
Apply the understanding of PHY technologies, including PHY headers, preambles, training fields, frame aggregation, and data rates, to captured data
Identify and use PHY information provided within pseudo-headers in protocol analyzers- Pseudo-Header formats
  • Radiotap
  • Per Packet Information (PPI)

- Key pseudo-header content

  • Guard intervals
  • Resource units allocation
  • PPDU formats
  • Signal strength
  • Noise
  • Data rate and MCS index
  • Length information
  • Channel center frequency or received channel
  • Channel properties
Recognize the limits of protocol analyzers to capture PHY information including NULL data packets and PHY headers
Use appropriate capture devices based on proper understanding of PHY types- Supported PHYs
- Supported spatial streams

MAC Sublayer and Functions - 25%

Understand frame encapsulation and frame aggregation- Frame aggregation (A-MSDU and A-MPDU)
Identify and use MAC information in captured data for analysis- Management, Control, and Data frames
- MAC frame formats and contents
  • Frame Control field
  • To DS and From DS fields
  • Address fields
  • Frame Check Sequence (FCS) field

- 802.11 Management frame formats

  • Information Elements
  • Authentication
  • Association and Reassociation
  • Beacon
  • Prove Request and Probe Response

- Data and QoS Data frame formats
- 802.11 Control frame formats

  • Acknowledgement (ACK)
  • Request to Send/Clear to Send (RTS/CTS)
  • Block Acknowledgement and related frames
  • Trigger frames
  • VHT/HE NDP announcements
  • Multiuser RTS
Validate BSS configuration through protocol analysis- Country code
- Minimum basic rate
- Supported rates and coding schemes
- Beacon interval
- WMM settings
- RSN settings
- HT/VHT/HE operations
- Channel width
- Primary channel
- Hidden or non-broadcast SSIDs
Identify and analyze CRC error frames and retransmitted frames

WLAN Medium Access - 10%

Understand 802.11 contention algorithms in-depth and know how they impact WLANs- Distributed Coordination Function (DCF)
  • Carrier Sense (CS) and Energy Detect (ED)
  • Network Allocation Vector (NAV)
  • Contention Windows (CW) and random backoff
  • Interframe spacing

- Enhanced Distributed Channel Access (EDCA)

  • EDCA Function (EDCAF)
  • Access Categories and Queues
  • Arbitration Interframe Space Number (AIFSN)

- Wi-Fi Multimedia (WMM)

  • WMM parameters
  • WMM-Power Save
  • WMM-Admission Control
Analyze QoS configuration and operations- Verify QoS parameters in capture files
- Ensure QoS is implemented end-to-end

802.11 Frame Exchanges - 30%


 

NEW QUESTION # 25
Where would you look in a packet trace file to identify the configured Minimum Basic Rate (MBR) of a BSS?

  • A. In the MBR Action frame
  • B. Supported Rates & Extended Supported Rates elements in a Beacon frame
  • C. In the Minimum Basic Rate Element in a Beacon frame
  • D. In the MBR Information Element in an Association Response frame

Answer: B

Explanation:
Explanation
The configured Minimum Basic Rate (MBR) of a BSS can be identified by looking at the Supported Rates and Extended Supported Rates elements in a Beacon frame. A Beacon frame is a type of management frame that is transmitted by an AP to advertise its presence and capabilities to potential clients. A Beacon frame contains various information elements (IEs) that provide details about the BSS configuration and operation. The Supported Rates andExtended Supported Rates IEs list the data rates that are supported by the AP for data transmission. The MBR is the lowest data rate among these supported rates that is required for all clients to join and communicate with the BSS. The MBR is usually marked with a flag bit in these IEs to indicate its mandatory status. The other options are not correct, as they do not exist or do not indicate the MBR of a BSS. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 5: 802.11 MAC Sublayer, page 123-124


NEW QUESTION # 26
After examining a Beacon frame decode you see the SSID Element has a length of 0. What do you conclude about this frame?

  • A. This is a common attack on WISP backend SQL databases
  • B. The beacon is from a BSS configured to hide the SSID
  • C. The frame is corrupted
  • D. SSID elements always have a length of 0

Answer: B

Explanation:
Explanation
If the SSID element has a length of 0 in a Beacon frame decode, it means that the beacon is from a BSS configured to hide the SSID. The SSID element is a part of the Beacon frame that contains the name or identifier of the BSS. The SSID element has two fields: length and value. The length field indicates how many bytes are used for the value field, which contains the actual SSID string. If the length field is 0, it means that there is no value field or SSID string in the element. This is a common technique used by some APs to hide their SSID from passive scanning clients or potential attackers. However, this technique does not provide much security, as there are other ways to discover or reveal the hidden SSID, such as active scanning or capturing probe response or association frames. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 5: 802.11 MAC Sublayer, page 122-123


NEW QUESTION # 27
How is the length of an AIFS calculated?

  • A. DIFS + SIFS + AIFSN
  • B. SIFS + AIFS * Time Unit
  • C. SIFS * Slot Time + AIFSN
  • D. AIFSN * Slot Time + SIFS

Answer: D

Explanation:
Explanation
The length of an AIFS (Arbitration Interframe Space) is calculated by multiplying the AIFSN (Arbitration Interframe Space Number) by the Slot Time and adding the SIFS (Short Interframe Space). An AIFS is a variable interframe space introduced by 802.11e to help prioritize medium access for different Access Categories (ACs). An AC is a logical queue that corresponds to a QoS (Quality of Service) level for different types of traffic. Each AC has a different AIFSN value, which determines how long it has to wait before attempting to access the medium. A lower AIFSN value means a higher priority and a shorter waiting time.
The Slot Time is a fixed value that depends on the PHY type and channel width. The SIFS is the shortest interframe space that is used for high-priority transmissions, such as ACKs or CTSs. The formula for calculating the AIFS length is: AIFS = AIFSN * Slot Time + SIFS. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 7: QoS Analysis, page 194-195


NEW QUESTION # 28
When would you expect to see a Reassociation Request frame'

  • A. Only when a STA roams back to an AP it has previously been associated with
  • B. Every time a STA roams
  • C. Every time a STA associates to an AP to which it has previously been associated
  • D. Only when a STA is using FT roaming

Answer: B

Explanation:
Explanation
A Reassociation Request frame is sent every time a STA roams from one AP to another within the same ESS.
A Reassociation Request frame is similar to an Association Request frame, but it also contains the BSSID of the current AP that the STA is leaving. This allows the new AP to coordinate with the old AP and transfer the STA's context information, such as security keys, QoS parameters, and buffered frames. This way, the STA can maintain its connectivity and session continuity during roaming . References: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 195;CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 196.


NEW QUESTION # 29
Where would you look in a packet trace file to identify the configured Minimum Basic Rate (MBR) of a BSS?

  • A. In the MBR Action frame
  • B. Supported Rates & Extended Supported Rates elements in a Beacon frame
  • C. In the Minimum Basic Rate Element in a Beacon frame
  • D. In the MBR Information Element in an Association Response frame

Answer: B

Explanation:
Explanation
The configured Minimum Basic Rate (MBR) of a BSS can be identified by looking at the Supported Rates and Extended Supported Rates elements in a Beacon frame. A Beacon frame is a type of management frame that is transmitted by an AP to advertise its presence and capabilities to potential clients. A Beacon frame contains various information elements (IEs) that provide details about the BSS configuration and operation. The Supported Rates andExtended Supported Rates IEs list the data rates that are supported by the AP for data transmission. The MBR is the lowest data rate among these supported rates that is required for all clients to join and communicate with the BSS. The MBR is usually marked with a flag bit in these IEs to indicate its mandatory status. The other options are not correct, as they do not exist or do not indicate the MBR of a BSS. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 5: 802.11 MAC Sublayer, page 123-124


NEW QUESTION # 30
What should the To DS and From DS flags be to set to in an Association Response frame?

  • A. To DS = 0, From DS = 1
  • B. To DS = 1, From DS = 1
  • C. To DS - 1, From DS = 0
  • D. To DS - 0, From DS = 0

Answer: D

Explanation:
Explanation
The To DS and From DS flags should be set to 0 in an Association Response frame. An Association Response frame is a type of management frame that is transmitted by an AP to accept or reject an association request from a STA. The To DS (To Distribution System) and From DS (From Distribution System) flags are two bits in the Frame Control field of the MAC header that indicate whether a frame is destined for or originated from the DS (Distribution System), which is a system that connects multiple BSSs together. The To DS and From DS flags can have four possible combinations: 00, 01, 10, or 11. For an Association Response frame, which is sent from an AP to a STA within a BSS, both flags should be set to 0. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 5: 802.11 MAC Sublayer, page 121-122


NEW QUESTION # 31
Which common feature of a Spectrum Analyzer would be the best to help you locate a non-802.11 interference source?

  • A. Device finder
  • B. Max hold
  • C. Location filter
  • D. Min hold

Answer: A

Explanation:
Explanation
The device finder is a common feature of a spectrum analyzer that helps locate a non-802.11 interference source. The device finder uses a directional antenna to measure the signal strength of a specific frequency or signal source. By pointing the antenna in different directions, the device finder can indicate the direction and distance of the interference source. The device finder can also filter out other signals that are not related to the interference source. The other options are not correct, as they do not help locate a non-802.11 interference source. Max hold and min hold are features that show the maximum and minimum RF power levels over time,respectively. Location filter is a feature that filters out signals that are not from a specific location or area. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 3: Spectrum Analysis, page 77-78


NEW QUESTION # 32
When performing protocol analysis, you capture an 802.1 lac data frame on channel 52, transmitted at MCS 8.
At what data rate was the PHY Preamble transmitted?

  • A. 78 Mbps
  • B. 86.7 Mbps
  • C. 6 Mbps
  • D. 54 Mbps

Answer: C

Explanation:
Explanation
The data rate at which the PHY preamble was transmitted is 6 Mbps. The PHY preamble is a part of the PPDU that is transmitted before the PHY header and the PSDU. The PHY preamble consists of a series of training fields that help the receiver to detect and synchronize with the signal. The PHY preamble is always transmitted at a fixed data rate that depends on the type of PPDU (e.g., OFDM, HT, VHT, HE). For an 802.1 lac data frame on channel 52, which uses VHT PPDUs, the data rate for the PHY preamble is 6 Mbps. This data rate does not depend on MCS (Modulation and Coding Scheme), which only affects the data rate for the PSDU. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 4: 802.11 Physical Layer, page 99-100


NEW QUESTION # 33
You're the WLAN administrator for a large retailer based at the HQ in New York. The London-based office has been complaining about WLAN disconnections around lunch time each day. You suspect this might be interference from the staff microwave, how might you test your theory from the New York office?

  • A. Access the microwave remotely and run a diagnostic check
  • B. Place one of the London APs into spectrum analyzer mode and monitor the situation over lunch time
  • C. Ask a local member of staff to take some pictures of the microwave, including some close-ups of the door seal so that you can assess it
  • D. Ask a local member of staff to change the frequency of the microwave and see if the disconnections stop

Answer: B

Explanation:
Explanation
The best way to test the theory of microwave interference from the New York office is to use a remote spectrum analyzer. By placing one of the London APs into spectrum analyzer mode, you can capture and analyze the RF spectrum in the London office over lunch time. You can then look for any signs of microwave interference, such as high duty cycle, high amplitude, or frequency hopping on the 2.4 GHz band. This method does not require any physical access tothe microwave or any changes to its frequency. References: [Wireless Analysis Professional Study Guide], Chapter 3: Spectrum Analysis, page 64


NEW QUESTION # 34
The PHY layer provides framing by adding a header to create what type of data unit?

  • A. MPDU
  • B. PSDU
  • C. PPDU
  • D. MSDU

Answer: C

Explanation:
Explanation
The PHY layer provides framing by adding a header to create a PPDU. A PPDU (PHY Protocol Data Unit) is the data unit that is transmitted or received over the wireless medium by the PHY layer. A PPDU consists of a PSDU (PHY Service Data Unit) and a PHY header, which contains information such as modulation, coding, and data rate. The PHY layer adds the PHY header to the PSDU to create a PPDU for transmission, or removes the PHY header from the PPDU to extract the PSDU for reception. The other options are not correct, as they are not created by adding a header at the PHY layer. An MPDU (MAC Protocol Data Unit) is created by adding a MAC header and FCS to an MSDU (MAC Service Data Unit) at the MAC layer. An MSDU is the data unit that is passed from the LLC sublayer to the MAC sublayer or vice versa. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 4: 802.11 Physical Layer, page 97-98


NEW QUESTION # 35
An RTS frame should be acknowledged by which frame?

  • A. CTS
  • B. Ack
  • C. Block Ack
  • D. RTS-Ack

Answer: A

Explanation:
Explanation
An RTS (Request to Send) frame should be acknowledged by a CTS (Clear to Send) frame. An RTS and CTS frame are types of control frames that are used to implement a virtual carrier sense mechanism called RTS/CTS. RTS/CTS is a technique that helps to avoid collisions and hidden node problems in wireless transmissions. When a STA (station) wants to send a data frame, it first sends an RTS frame to the intended receiver, indicating the duration of the transmission. The receiver then responds with a CTS frame, also indicating the duration of the transmission. The other STAs in the vicinity hear either the RTS or the CTS frame and update their NAV (Network Allocation Vector) timers accordingly, deferring their access to the medium until the transmission is over. The sender then sends the data frame, followed by an ACK (Acknowledgement) frame from the receiver. The other options are not correct, as they are not used to acknowledge an RTS frame. An ACK frame is used to acknowledge a data frame, not an RTS frame. An RTS-Ack frame does not exist, as there is no such type of control frame in 802.11. A Block Ack (BA) frame is used to acknowledge multiple data frames in a single frame, not an RTS frame. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 6: 802.11 Frame Exchanges, page 166-167


NEW QUESTION # 36
Given: The Frame Check Sequence (FCS) is a 32 CRC used for error detection.
The CRC is calculated over what?

  • A. PHY Header, MAC Header and Frame Body
  • B. Mac Header and Frame Body only
  • C. PHY Header and Mac Header only
  • D. Frame Body only

Answer: B

Explanation:
Explanation
The CRC is calculated over the MAC Header and Frame Body only. The CRC (Cyclic Redundancy Check) is a 32-bit value that is used for error detection in wireless transmissions. The CRC is calculated over the MAC Header and Frame Body of a PSDU, which are the parts of the data unit that contain information such as source and destination addresses, frame type, frame control, sequence number, payload, etc. The CRC is appended to the end of the PSDU as a FCS (Frame Check Sequence) field. The CRC is not calculated over the PHY Header or PHY Preamble, which are parts of the PPDU that contain information such as modulation, coding, data rate, etc. The PHY Header and PHY Preamble are added or removed by the PHY layer during the conversion between PSDU and PPDU. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 4: 802.11 Physical Layer, page 97-98


NEW QUESTION # 37
Protocol analyzers may present field values in either binary, decimal or hexadecimal. What preceeds a hexadecimal value to indicate it is hexadecimal?

  • A. 0x
  • B. 16x
  • C. HEX
  • D. %

Answer: A

Explanation:
Explanation
A hexadecimal value is a value that uses base 16 notation, which means it can have digits from 0 to 9 and letters from A to F. A hexadecimal value is usually preceded by 0x to indicate that it is hexadecimal and not decimal or binary. For example, 0x0A is hexadecimal for 10 in decimal or 00001010 in binary. The other options are not valid prefixes for hexadecimal values.References:
CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 35
CWAP-404 Objectives, Section 2.2: Analyze field values


NEW QUESTION # 38
In what scenario is Open Authentication without encryption not allowed based on the 802.11 standard?

  • A. When operating a BSS in a government facility
  • B. When operating a BS5 in the CBRS band
  • C. When operating a BSS in the 6 GHz band
  • D. When operating a BSS in FIPS mode

Answer: C

Explanation:
Explanation
Open Authentication without encryption is not allowed when operating a BSS in the 6 GHz band, according to the 802.11 standard. Open Authentication is a type of authentication method that does not require any credentials or security information from a STA (station) to join a BSS (Basic Service Set). Open Authentication can be used with or without encryption, depending on the configuration of the BSS and the STA. Encryption is a technique that scrambles the data frames using an algorithm and a key to prevent unauthorized access or eavesdropping. However, in the 6 GHz band, which is a newly available frequency band for WLANs, OpenAuthentication without encryption is prohibited by the 802.11 standard, as it poses security and interference risks for other users and services in the band. The 6 GHz band requires all WLANs to use WPA3-Personal or WPA3-Enterprise encryption methods, which are more secure and robust than previous encryption methods such as WPA2 or WEP. The other options are not correct, as they do not describe scenarios where Open Authentication without encryption is not allowed by the 802.11 standard. When operating a BSS in the CBRS band, which is another newly available frequency band for WLANs, Open Authentication without encryption is allowed, but not recommended, as it also poses security and interference risks for other users and services in the band. When operating a BSS in FIPS mode, which is a mode that complies with the Federal Information Processing Standards for cryptographic security, Open Authentication without encryption is allowed, but not compliant, as it does not meet the FIPS requirements for encryption algorithms and keys. When operating a BSS in a government facility, Open Authentication without encryption is allowed, but not advisable, as it may violate the government policies or regulations for wireless security. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 8: Security Analysis, page 220-221


NEW QUESTION # 39
In a Spectrum Analyzer the Swept Spectrogram plot displays what information?

  • A. Reductions in frame transmissions
  • B. Wi-Fi Device information
  • C. The RF time domain
  • D. RF power present at a particular frequency over the course of time

Answer: D

Explanation:
Explanation
The Swept Spectrogram plot is a spectrum analysis plot that shows the RF power present at a particular frequency over the course of time. It can help identify trends and patterns in the RF spectrum over a longer period of time. It can also show how the RF environment changes over time and how different sources of RF signals affect each other. The other options are not correct, as they describe different types of plots or information that are not related to the Swept Spectrogram plot. References: [Wireless Analysis Professional Study Guide], Chapter 3: Spectrum Analysis, page 72-73


NEW QUESTION # 40
In which element of a Beacon frame would you look to identity the current HT protection mode in which an AP is operating?

  • A. HT Protection Element
  • B. ERP Information Element
  • C. HT Operations Element
  • D. HT Capabilities Element

Answer: C

Explanation:
Explanation
The HT protection mode in which an AP is operating can be identified by looking at the HT Operations element in a Beacon frame. The HT Operations element is a part of the Beacon frame that contains information about the High Throughput (HT) capabilities and operation of an 802.11n BSS. The HT Operations element has a field called HT Protection, which indicates how the BSS protects its HT transmissions from interference or collisions with non-HT devices or BSSs. The HT Protection field can have four values: No Protection, Nonmember Protection, 20 MHz Protection, or Non-HT Mixed Mode. The other options are not correct, as they do not contain information about the HT protection mode. The HT Protection element does not exist, the ERP Information element is used for Extended Rate PHY (ERP) protection mode for 802.11g devices, and the HT Capabilities element is used for indicating the supported HT features of an individual device. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 5: 802.11 MAC Sublayer, page 125-126


NEW QUESTION # 41
What is the function of the PHY layer?

  • A. Convert PPDUs to MSDUs for transmissions and MSDUs to PPDUs for receptions
  • B. Convert MSDUs to PPDUs for transmissions and PPDUs to MSDUs for receptions
  • C. Convert PSDUs to PPDUs for transmissions and PPDUs to PSDUs for receptions
  • D. Convert PPDUs to PSDUs for transmissions and PSDUs to PPDUs for receptions

Answer: C

Explanation:
Explanation
The function of the PHY layer is to convert PSDUs to PPDUs for transmissions and PPDUs to PSDUs for receptions. A PSDU (PHY Service Data Unit) is the data unit that is passed from the MAC layer to the PHY layer for transmission, or from the PHY layer to the MAC layer for reception. A PPDU (PHY Protocol Data Unit) is the data unit that is transmitted or received over the wireless medium by the PHY layer. A PPDU consists of a PSDU and a PHY header, which contains information such as modulation, coding, and data rate.
The PHY layer adds or removes the PHY header to or from the PSDU during the conversion process. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 4: 802.11 Physical Layer, page 97-98


NEW QUESTION # 42
Using a portable analyzer you perform a packet capture next to a client STA and you can see that the STA is associated to a BSS. You observe the STA sending packets to the AP and the AP sending packets to the STA.
Less than 2% of all packets are retransmissions. You move to capture packets by the AP and, while the retry rate is still less than 2%, you now only see unidirectional traffic from the AP to the client. How do you explain this behavior?

  • A. The portable analyzer has a lower receive sensitivity than the AP and while it can't capture the packets from the client STA, the AP can receive them OK
  • B. The portable analyzer is too close to the AP causing CCI, blinding the AP to the clients packets
  • C. The STA is transmitting data using more spatial streams than the potable analyzer can support
  • D. There is a transmit power mismatch between the client and the AP and while the client can hear the APs traffic, the AP cannot hear the client

Answer: A

Explanation:
Explanation
Receive sensitivity is the minimum signal level that a receiver can detect and decode. Different devices may have different receive sensitivity levels depending on their hardware specifications and antenna configurations.
In this scenario, the portable analyzer has a lower receive sensitivity than the AP, meaning that it requires a stronger signal to capture the packets from the client STA. The AP, on the other hand, has a higher receive sensitivity and can receive the packets from the client STA even if they have a weaker signal. This explains why the portable analyzer can only see unidirectional traffic from the AP to the client when capturing near the AP5 References:
CWAP-403 Study Guide, Chapter 4: PHY Layer Analysis, page 121
CWAP-403 Objectives, Section 4.3: Analyze PHY layer metrics


NEW QUESTION # 43
Given a protocol analyzer can decrypt WPA2-PSK data packets providing the PSK and SSID are configured in the analyzer software. When performing packet capture (in a non-FT environment) which frames are required in order for PSK frame decryption to be possible?

  • A. Authentication
  • B. 4-Way Handshake
  • C. Reassociation
  • D. Probe Response

Answer: B

Explanation:
Explanation
The 4-way handshake is the process that establishes the pairwise transient key (PTK) between the client and the AP in WPA2-PSK. The PTK is derived from the PSK, the SSID, and some random numbers exchanged in the handshake frames. The PTK is used to encrypt and decrypt the data frames between the client and the AP. Therefore, in order to decrypt WPA2-PSK data packets, a protocol analyzer needs to capture the 4-way handshake frames and have the PSK and SSID configured in the analyzer software12 References:
CWAP-404 Study Guide, Chapter 3: 802.11 MAC Layer Frame Formats and Technologies, page 87 CWAP-404 Objectives, Section 3.5: Analyze security exchanges


NEW QUESTION # 44
Which one of the statements regarding the Frame Control field in an 802.11 MAC header is true?

  • A. Only Control frames have a Frame Control field
  • B. The Frame Control field contains subfields, and soma in 1-bit flags
  • C. The Frame Control field is used to communicate the duration value
  • D. The Frame Control field is always set to 0

Answer: B

Explanation:
Explanation
The statement that the Frame Control field contains subfields, and some 1-bit flags is true. The Frame Control field is a 2-byte field in the MAC header that contains information about the type, subtype, and characteristics of a frame. The Frame Control field is divided into several subfields, each with a specific function and length.
Some of these subfields are 1-bit flags, which can be set to 0 or 1 to indicate a certain condition or status. For example, the To DS and From DS subfields are 1-bit flags that indicate whether a frame is destined for or originated from the DS (Distribution System). The other statements are not true, as they do not describe the Frame Control field correctly. All types of frames (management, control, and data) have a Frame Control field, not just control frames. The Frame Control field is not used to communicate the duration value, which is a separate field in the MAC header. The Frame Control field is not always set to 0, as it varies depending on the type, subtype, and characteristics of each frame. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 5: 802.11 MAC Sublayer, page 113-114


NEW QUESTION # 45
Which one of the following is not a valid acknowledgement frame?

  • A. RTS
  • B. Ack
  • C. CTS
  • D. Block Ack

Answer: A

Explanation:
Explanation
RTS is not a valid acknowledgement frame. RTS stands for Request To Send, and it is a control frame that is used to initiate an RTS/CTS exchange before sending a data frame. The purpose of an RTS/CTS exchange is to reserve the medium for a data transmission and avoid collisions with hidden nodes. An acknowledgement frame is a control frame that is used to confirm the successful reception of a data frame or a block of data frames. The valid acknowledgement frames are CTS (Clear To Send), Ack (Acknowledgement), and Block Ack (Block Acknowledgement) . References: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 186; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 187; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 189; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 190.


NEW QUESTION # 46
Which one of the following portions of information is communicated by bits in the PHY Header?

  • A. Signal strength
  • B. Data rate
  • C. SNR
  • D. Noise

Answer: B

Explanation:
Explanation
One of the information that is communicated by bits in the PHY header is data rate. Data rate is the speed at which data is transmitted or received over the wireless medium. Data rate depends on factors such as modulation, coding, channel width, spatial streams, and guard interval. Data rate is indicated by bits in different fields of the PHY header, depending on the type of PPDU (e.g., OFDM, HT, VHT, HE). The receiver uses these bits to determine how to decode and demodulate the rest of the PPDU. The other options are not correct, as they are not communicated by bits in the PHY header. SNR (Signal-to-Noise Ratio), noise, and signal strengthare measured by the receiver based on its own capabilities and environment. References: [Wireless Analysis Professional Study Guide CWAP-404], Chapter 4: 802.11 Physical Layer, page 101-105


NEW QUESTION # 47
You are analyzing a packet decode of a Probe Request and notice the SSID element has a length of zero. What do you conclude about the transmitting STA?

  • A. The STA's WLAN adaptor is disabled
  • B. The STA is discovering a list of available BSSs
  • C. The STA is operating in Ad-Hoc mode
  • D. The WLAN adaptor is configured in promiscuous mode

Answer: B

Explanation:
Explanation
The STA is discovering a list of available BSSs by sending a Probe Request with an empty SSID element.
This is also known as a broadcast Probe Request, as it does not specify any particular SSID to probe for. Any AP that receives this Probe Request will respond with a Probe Response containing its own SSID and other information about its BSS. This way, the STA can learn about all the BSSs in its vicinity and choose which one to associate with . References: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 191; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 193.


NEW QUESTION # 48
......

CWAP-404 Free Sample Questions to Practice One Year Update: https://learningtree.testkingfree.com/CWNP/CWAP-404-practice-exam-dumps.html

Related Articles

more
CWNP CWAP-404 Certification Practice Exam