images

Chapter 1: Overview of Wireless Standards, Organizations, and Fundamentals

  1. C. 802.11 wireless networking is typically used to connect client stations to the network via an access point. Autonomous and lightweight access points are deployed at the access layer, not the core or distribution layer. The Physical layer is a layer of the OSI model, not a network architecture layer.
  2. E. RF communications are regulated differently in many regions and countries. The local regulatory domain authorities of individual countries or regions define the spectrum policies and transmit power rules.
  3. B. 802.11 wireless bridge links are typically used to perform distribution layer services. Core layer devices are usually much faster than 802.11 wireless devices, and bridges are not used to provide access layer services. The Network layer is a layer of the OSI model, not a network architecture layer.
  4. A. The Institute of Electrical and Electronics Engineers (IEEE) is responsible for the creation of all of the 802 standards.
  5. D. The Wi-Fi Alliance provides certification testing, and when a product passes the test, it receives a Wi-Fi Interoperability Certificate.
  6. C. A carrier signal is a modulated signal that is used to transmit binary data.
  7. B. Because of the effects of noise on the amplitude of a signal, amplitude-shift keying (ASK) has to be used cautiously.
  8. C. The IEEE 802.11-2012 standard defines communication mechanisms at only the Physical layer and MAC sublayer of the Data-Link layer of the OSI model. The Logical Link Control (LLC) sublayer of the Data-Link layer is not defined by the 802.11-2012 standard. WPA is a security certification. FSK is a modulation method.
  9. E. The IETF is responsible for creation of RFC documents. The IEEE is responsible for the 802 standards. The Wi-Fi Alliance is responsible for certification tests. The Wi-Fi Alliance used to be known as WECA but changed its name to Wi-Fi Alliance in 2002. The FCC is responsible for RF regulatory rules in the United States.
  10. D. Wi-Fi Multimedia (WMM) is a Wi-Fi Alliance certification program that enables Wi-Fi networks to prioritize traffic generated by different applications. 802.11-2012 is the IEEE standard, and WEP (Wired Equivalent Privacy) is defined as part of the IEEE 802.11-2012 standard. 802.11i was the IEEE amendment that defined robust security network (RSN) and is also part of the 802.11-2012 standard. PSK is not a standard; it is an encoding technique.
  11. A, B and C. The three keying methods that can be used to encode data are amplitude-shift keying (ASK), frequency-shift keying (FSK), and phase-shift keying (PSK).
  12. B and E. The IEEE 802.11-2012 standard defines communication mechanisms at only the Physical layer and MAC sublayer of the Data-Link layer of the OSI model.
  13. C. Height and power are two terms that describe the amplitude of a wave. Frequency is how often a wave repeats itself. Wavelength is the actual length of the wave, typically measured from peak to peak. Phase refers to the starting point of a wave in relation to another wave.
  14. B. Wi-Fi Direct is designed to provide easy setup for communications directly between wireless devices. Wi-Fi Personal does not exist. 802.11n will likely provide connectivity, but setup could be easy or difficult depending on the environment. CWG-RF is designed for Wi-Fi and cellular radios in a converged handset. Wi-Fi Protected Setup is designed to simplify security setup.
  15. A, C and E. Voice Enterprise offers enhanced support for voice applications in enterprise Wi-Fi networks. Voice Enterprise equipment must also support seamless roaming between APs, WPA2-Enterprise security, optimization of power through the WMM-Power Save mechanism, and traffic management through WMM-Admission Control.
  16. A, B, C, D and E. All of these are typically regulated by the local or regional RF regulatory authority.
  17. B and E. The Wi-Fi Alliance maintains certification programs to ensure vendor interoperability. Voice Personal is a certification program that defines enhanced support for voice applications in residential and small-business Wi-Fi networks. WMM-PS is a certification program that defines methods to conserve battery power for devices using Wi-Fi radios by managing the time the client device spends in sleep mode.
  18. D. A wave is divided into 360 degrees.
  19. B and C. The main advantages of an unlicensed frequency are that permission to transmit on the frequency is free and that anyone can use the unlicensed frequency. Although there are no additional financial costs, you still must abide by transmission regulations and other restrictions. The fact that anyone can use the frequency band is also a disadvantage because of overcrowding.
  20. C. The OSI model is sometimes referred to as the seven-layer model.

Chapter 2: Radio Frequency Fundamentals

  1. B and C. Multipath may result in attenuation, amplification, signal loss, or data corruption. If two signals arrive together in phase, the result is an increase in signal strength called upfade. The delay spread may also be too significant and cause data bits to be corrupted, resulting in excessive layer 2 retransmissions.
  2. D. The wavelength is the linear distance between the repeating crests (peaks) or repeating troughs (valleys) of a single cycle of a wave pattern.
  3. B and C. RF amplifiers introduce active gain with the help of an outside power source. Passive gain is typically created by antennas that focus the energy of a signal without the use of an outside power source.
  4. A. The standard measurement of the number of times a signal cycles per second is hertz (Hz). One Hz is equal to one cycle in 1 second.
  5. D. Often confused with refraction, the diffraction propagation is the bending of the wave front around an obstacle. Diffraction is caused by some sort of partial blockage of the RF signal, such as a small hill or a building that sits between a transmitting radio and a receiver.
  6. F. Nulling, or cancellation, can occur when multiple RF signals arrive at the receiver at the same time and are 180 degrees out of phase with the primary wave.
  7. B and C. When the multiple RF signals arrive at the receiver at the same time and are in phase or partially out of phase with the primary wave, the result is an increase in signal strength (amplitude). However, the final received signal, whether affected by upfade or downfade, will never be stronger than the original transmitted signal because of free space path loss.
  8. B. 802.11 wireless LANs operate in the 5 GHz and 2.4 GHz frequency range. However, 2.4 GHz is equal to 2.4 billion cycles per second. The frequency of 2.4 million cycles per second is 2.4 MHz.
  9. A. An oscilloscope is a time domain tool that can be used to measure how a signal's amplitude changes over time. A frequency domain tool called a spectrum analyzer is a more commonplace tool most often used during site surveys.
  10. A, C and D. This is a tough question to answer because many of the same mediums can cause several different propagation behaviors. Metal will always bring about reflection. Water is a major source of absorption; however, large bodies of water can also cause reflection. Flat surfaces such as asphalt roads, ceilings, and walls will also result in reflection behavior.
  11. A, B, C and D. Multipath is a propagation phenomenon that results in two or more paths of a signal arriving at a receiving antenna at the same time or within nanoseconds of each other. Because of the natural broadening of the waves, the propagation behaviors of reflection, scattering, diffraction, and refraction can all result in multiple paths of the same signal. The propagation behavior of reflection is usually considered to be the main cause of high-multipath environments.
  12. B. Scattering, or scatter, is defined as an RF signal reflecting in multiple directions when encountering an uneven surface.
  13. A, B and C. High multipath environments can have a destructive impact on legacy 802.11a/b/g radio transmissions. Multipath has a constructive effect with 802.11n and 802.11ac transmissions that utilize MIMO antenna diversity and maximum ratio combining (MRC) signal processing techniques. Multipath does not affect the security mechanisms defined by 802.11i.
  14. A, B, C and D. Air stratification is a leading cause of refraction of an RF signal. Changes in air temperature, changes in air pressure, and water vapor are all causes of refraction. Smog can cause a density change in the air pressure as well as increased moisture.
  15. A and D. Because of the natural broadening of the wave front, electromagnetic signals lose amplitude as they travel away from the transmitter. The rate of free space path loss is logarithmic and not linear. Attenuation of RF signals as they pass through different mediums does occur but is not a function of FSPL.
  16. D. The time difference due to a reflected signal taking a longer path is known as the delay spread. The delay spread can cause intersymbol interference, which results in data corruption and layer 2 retransmissions.
  17. C. A spectrum analyzer is a frequency domain tool that can be used to measure amplitude in a finite frequency spectrum. An oscilloscope is a time domain tool.
  18. A and C. Brick walls are very dense and will significantly attenuate a 2.4 GHz and 5 GHz signal. Older structures that are constructed with wood-lath plaster walls often have wire mesh in the walls, which was used to help hold the plaster to the walls. Wire mesh is notorious for disrupting and preventing RF signals from passing through walls. Wire mesh is also used on stucco exteriors. Drywall will attenuate a signal but not to the extent of water, cinder blocks, or other dense mediums. Air temperature has no significance during an indoor site survey.
  19. A. There is an inverse relationship between frequency and wavelength. A simplified explanation is that the higher the frequency of an RF signal, the shorter the wavelength will be of that signal. The longer the wavelength of an RF signal, the lower the frequency of that signal.
  20. A. Refraction is the bending of an RF signal when it encounters a medium.

Chapter 3: Radio Frequency Components, Measurements, and Mathematics

  1. C. The transmitter generates the AC signal and modifies it by using a modulation technique to encode the data into the signal.
  2. E. An isotropic radiator is also known as a point source.
  3. A, B, C, E and F. When radio communications are deployed, a link budget is the sum of all gains and losses from the transmitting radio, through the RF medium, to the receiver radio. Link budget calculations include original transmit gain and passive antenna gain. All losses must be accounted for, including free space path loss. Frequency and distance are needed to calculate free space path loss. The height of an antenna has no significance when calculating a link budget; however, the height could affect the Fresnel and blockage to it.
  4. A and D. IR is the abbreviation for intentional radiator. The components making up the IR include the transmitter, all cables and connectors, and any other equipment (grounding, lightning arrestors, amplifiers, attenuators, and so forth) between the transmitter and the antenna. The power of the IR is measured at the connecter that provides the input to the antenna.
  5. A. Equivalent isotropically radiated power, also known as EIRP, is a measure of the strongest signal that is radiated from an antenna.
  6. A, B and D. Watts, milliwatts, and dBms are all absolute power measurements. One watt is equal to 1 ampere (amp) of current flowing at 1 volt. A milliwatt is 1/1,000 of 1 watt. dBm is decibels relative to 1 milliwatt.
  7. B, C, D and E. The unit of measurement known as a bel is a relative expression and a measurement of change in power. A decibel (dB) is equal to one-tenth of a bel. Antenna gain measurements of dBi and dBd are relative measurements. dBi is defined as decibels referenced to an isotropic radiator. dBd is defined as decibels referenced to a dipole.
  8. C. To convert any dBd value to dBi, simply add 2.14 to the dBd value.
  9. A. To convert to mW, first calculate how many 10s and 3s are needed to add up to 23, which is 0 + 10 + 10 + 3. To calculate the mW, you must multiply 1 × 10 × 10 × 2, which calculates to 200 mW. The file ReviewQuestion9.ppt, available for download from www.sybex.com/go/cwna4e, shows the process in detail.
  10. C. To reach 100 mW, you can use 10s and 2s and multiplication and division. Multiplying by two 10s will accomplish this. This means that on the dBm side, you must add two 10s, which equals 20 dBm. Then subtract the 3 dB of cable loss for a dBm of 17. Because you subtracted 3 from the dBm side, you must divide the 100 mW by 2, giving you a value of 50 mW. Now add in the 16 dBi by adding a 10 and two 3 s to the dBm column, giving a total dBm of 33. Because you added a 10 and two 3s, you must multiply the mW column by 10 and two 2s, giving a total of 2,000 mW, or 2 W. Since the cable and connector loss is 3 dB and the antenna gain is 16 dBi, you can add the two together for a cumulative gain of 13 dB; then apply that gain to the 100 mW transmit signal to calculate an EIRP of 2,000 mW, or 2 W. The file ReviewQuestion10.ppt, available for download from www.sybex.com/go/cwna4e, shows the process in detail.
  11. A. If the original transmit power is 400 mW and cabling induces a 9 dB loss, the power at the opposite end of the cable will be 50 mW. The first 3 dB of cable loss halved the absolute power to 200 mW. The second 3 dB of cable loss halved the absolute power to 100 mW. The final 3 dB of cable loss halved the power to 50 mW. The antenna with 19 dBi of gain passively amplified the 50 mW signal to 4,000 mW. The first 10 dBi of antenna boosts the signal to 500 mW. The next 9 dBi of antenna gain doubles the signal three times to a total of 4 watts. Since the cable loss is 9 dB and the antenna gain is 19 dBi, you could add the two together for a cumulative gain of 10 dB and then apply that gain to the 400 mW transmit signal to calculate an EIRP of 4,000 mW, or 4 W.
  12. B and D. RSSI thresholds are a key factor for clients when they initiate the roaming handoff. RSSI thresholds are also used by vendors to implement dynamic rate switching, which is a process used by 802.11 radios to shift between data rates.
  13. A. The received signal strength indicator (RSSI) is a metric used by 802.11 radio cards to measure signal strength (amplitude). Some vendors use a proprietary scale to also correlate to signal quality. Most vendors erroneously define signal quality as the signal-to-noise ratio (SNR). The signal-to-noise ratio is the difference in decibels between the received signal and the background noise (noise floor).
  14. B. dBi is defined as “decibel gain referenced to an isotropic radiator” or “change in power relative to an antenna.” dBi is the most common measurement of antenna gain.
  15. A and F. The four rules of the 10s and 3s are as follows: For every 3 dB of gain (relative), double the absolute power (mW). For every 3 dB of loss (relative), halve the absolute power (mW). For every 10 dB of gain (relative), multiply the absolute power (mW) by a factor of 10. For every 10 dB of loss (relative), divide the absolute power (mW) by a factor of 10.
  16. B. If the original transmit power is 100 mW and cabling induces a 3 dB loss, the power at the opposite end of the cable will be 50 mW. The 3 dB of cable loss halved the absolute power to 50 mW. An antenna with 10 dBi of gain would boost the signal to 500 mW. We also know that 3 dB of loss halves the absolute power. Therefore, an antenna with 7 dBi of gain would amplify the signal to half that of a 10 dBi antenna. The antenna with 7 dBi of gain passively amplified the 50 mW signal to 250 mW.
  17. D. A distance of as little as 100 meters will cause FSPL of 80 dB, far greater than any other component. RF components such as connectors, lightning arrestors, and cabling all introduce insertion loss. However, FSPL will always be the reason for the greatest amount of loss.
  18. B. The 6 dB rule states that increasing the amplitude by 6 decibels will double the usable distance of an RF signal. The 6 dB rule is very useful for understanding antenna gain because every 6 dBi of extra antenna gain will double the usable distance of an RF signal.
  19. D. In a high-multipath or noisy environment, a common best practice is to add a 5 dB fade margin when designing for coverage based on a vendor's recommended received signal strength or the noise floor, whichever is louder.
  20. D. WLAN vendors execute RSSI metrics in a proprietary manner. The actual range of the RSSI value is from 0 to a maximum value (less than or equal to 255) that each vendor can choose on its own (known as RSSI_Max). Therefore, RSSI metrics should not be used to compare different WLAN vendor radios because there is no standard for the range of values or a consistent scale.

Chapter 4: Radio Frequency Signal and Antenna Concepts

  1. A, C and F. The Azimuth chart is the top-down view of an antenna's radiation pattern, also known as the H-plane, or horizontal. The size view is known as the Elevation chart, vertical view, or E-plane.
  2. A. The azimuth is the top-down view of an antenna's radiation pattern, also known as the H-plane.
  3. C. The beamwidth is the distance in degrees between the −3 dB (half-power) point on one side of the main signal and the −3 dB point on the other side of the main signal, measured along the horizontal axis. These are sometimes known as half-power points.
  4. D and E. A parabolic dish and a grid are highly directional. The rest of the antennas are semidirectional, and the sector antenna is a special type of semidirectional antenna.
  5. A, C and D. Semidirectional antennas provide too wide of a beamwidth to support long-distance communications but will work for short distances. They are also useful for providing unidirectional coverage from the access point to clients in an indoor environment. They can also minimize reflections and thus the negative effects of multipath.
  6. B. Any more than 40 percent encroachment into the Fresnel zone is likely to make a link unreliable. The clearer the Fresnel zone, the better, and ideally it should not be blocked at all.
  7. C and D. The distance and frequency determine the size of the Fresnel zone; these are the only variables in the Fresnel zone formula.
  8. B. The distance when the curvature of the earth should be considered is 7 miles.
  9. A and C. Installing a shorter cable of the same grade will result in less loss and thus more amplitude being transmitted out the antenna. A higher-grade cable rated for less dB loss will have the same result.
  10. C and D. A transceiver using antenna diversity can transmit from only one antenna at a time. If it transmitted from both antennas, the two signals would interfere with each other. A transceiver can also interpret only one signal at a time, so it samples the signals received by both antennas and chooses the better signal to be received.
  11. A and D. Point-to-point bridge links require a minimum Fresnel zone clearance of 60 percent. Semidirectional antennas such as patch antennas or Yagi antennas are used for short-to-medium-distance bridge links. Highly directional antennas are used for long-distance bridge links. Compensating for earth bulge is not a factor until 7 miles.
  12. C. Voltage standing wave ratio (VSWR) is the difference between these voltages and is represented as a ratio, such as, for example, 1.5:1.
  13. A, C, D and E. The reflected voltage caused by an impedance mismatch can result in a decrease in power or amplitude (loss) of the signal that is supposed to be transmitted. If the transmitter is not protected from excessive reflected power or large voltage peaks, it can overheat and fail. Understand that VSWR may cause decreased signal strength, erratic signal strength, or even transmitter failure.
  14. A, B, D and F. Frequency and distance are needed to determine the Fresnel zone. Visual line of sight is not needed as long as you have RF line of sight. You may not be able to see the antenna because of fog, but the fog will not prevent RF line of sight. Earth bulge will need to be considered. The beamwidth is not needed to determine the height, although it is useful when aiming the antenna.
  15. A and D. Cables must be selected that support the frequency you are using. Attenuation actually increases with frequency.
  16. A, B, C and D. These are all possible capabilities of RF amplifiers.
  17. A, B and D. Adding an attenuator is an intentional act to add loss to the signal. Since cable adds loss, increasing the length will add more loss, whereas shortening the length will reduce the loss. Better-quality cables produce less signal loss.
  18. C. Lightning arrestors will not stand up to a direct lightning strike, only transient currents caused by nearby lightning strikes.
  19. A and D. The first Fresnel zone is in phase with the point source. The second Fresnel zone begins at the point where the signals transition from being in phase to being out of phase. Because the second Fresnel zone begins where the first Fresnel zone ends, the radius of the second Fresnel zone is larger than the radius of the first Fresnel zone.
  20. D. Side lobes are areas of coverage (other than the coverage provided by the main signal) that have a stronger signal than would be expected when compared with the areas around them. Side lobes are best seen on an azimuth chart. Side bands and frequency harmonics have nothing to do with antenna coverage.

Chapter 5: IEEE 802.11 Standards

  1. A and D. Support for both Extended Rate Physical DSSS (ERP-DSSS/CCK) and Extended Rate Physical Orthogonal Frequency Division Multiplexing (ERP-OFDM) are required in an ERP WLAN, also known as an 802.11g WLAN. Support for ERP-PBCC and DSSS-OFDM PHYs are optional in an ERP WLAN.
  2. E. ERP (802.11g) radios mandate the support for both ERP-DSSS/CCK and ERP-OFDM spread spectrum technologies. ERP-DSSS/CCK supports data rates of 1, 2, 5.5, and 11 Mbps and is backward compatible with HR-DSSS (802.11b) and DSSS (802.11 legacy).
  3. B, D and E. The original 802.11 standard defines three Physical layer specifications. An 802.11 legacy network could use FHSS, DSSS, or infrared. 802.11b defined the use of HR-DSSS, 802.11a defined the use of OFDM, and 802.11g defined ERP.
  4. C. The 802.11 Task Groups (TGs) has set forth the pursuit of standardizing mesh networking using the IEEE 802.11 MAC/PHY layers. The 802.11s amendment defines the use of mesh points, which are 802.11 QoS stations that support mesh services. A mesh point (MP) is capable of using a mandatory mesh routing protocol called Hybrid Wireless Mesh Protocol (HWMP) that uses a default path selection metric. Vendors may also use proprietary mesh routing protocols and metrics.
  5. D and F. The required encryption method defined by an RSN wireless network (802.11i) is Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which uses the Advanced Encryption Standard (AES) algorithm. An optional choice of encryption is the Temporal Key Integrity Protocol (TKIP). The 802.11i amendment also requires the use of an 802.1X/EAP authentication solution or the use of preshared keys.
  6. D. 802.11a radio cards operate in the 5 GHz Unlicensed National Information Infrastructure (U-NII) 1–3 frequency bands using Orthogonal Frequency Division Multiplexing (OFDM).
  7. D. The IEEE 802.11-2012 standard requires data rates of 6, 12, and 24 Mbps for both OFDM and ERP-OFDM radios. Data rates of 6, 9, 12, 18, 24, 36, 48, and 54 Mbps are typically supported. 54 Mbps is the maximum defined rate.
  8. B. Fast basic service set transition (FT), also known as fast secure roaming, defines fast handoffs when roaming occurs between cells in a WLAN using the strong security defined in a robust security network (RSN). Applications such as VoIP that necessitate timely delivery of packets require the roaming handoff to occur in 150ms or less.
  9. B, C and E. The 802.11ac amendment debuted and defined the use of 256-QAM modulation, eight spatial streams, multi-user MIMO, 80 MHz channels, and 160 MHz channels. 802.11 MIMO technology and 40 MHz channels debuted with the ratification of the 802.11n amendment.
  10. D. Both 802.11a and 802.11g use OFDM technology, but because they operate at different frequencies, they cannot communicate with each other. 802.11a equipment operates in the 5 GHz U-NII bands, whereas 802.11g equipment operates in the 2.4 GHz ISM band.
  11. A and E. The 802.11-2012 standard defines mechanisms for dynamic frequency selection (DFS) and transmit power control (TPC) that may be used to satisfy regulatory requirements for operation in the 5 GHz band. This technology was originally defined in the 802.11h amendment, which is now part of the 802.11-2012 standard.
  12. C and D. The 802.11ac and 802.11ad amendments are often referred to as the “gigabit Wi-Fi” amendments because they define data rates of greater than 1 Gbps. The 802.11ac and 802.11ad Very High Throughput (VHT) task groups define transmission rates of up to 7 Gbps in an 802.11 environment.
  13. A, D and E. ERP (802.11g) requires the use of ERP-OFDM and ERP-DSSS/CCK in the 2.4 GHz ISM band and is backward compatible with 802.11b HR-DSSS and DSSS equipment. 802.11b uses HR-DSSS in the 2.4 GHz ISM band and is backward compatible with only legacy DSSS equipment and not legacy FHSS equipment. The 802.11h amendment defines use of TPC and DFS in the 5 GHz U-NII bands and is an enhancement of the 802.11a amendment. OFDM technology is used with all 802.11a- and 802.11h-compliant radios.
  14. D. The 802.11-2012 standard using OFDM or ERP-OFDM radios requires data rates of 6, 12, and 24 Mbps. Data rates of 6, 9, 12, 18, 24, 36, 48, and 54 Mbps are typically supported. 54 Mbps is the maximum defined rate.
  15. B, D and E. The original 802.11 standard defined the use of WEP for encryption. The original 802.11 standard also defined two methods of authentication: Open System authentication and Shared Key authentication.
  16. A. The 802.11u draft amendment defines integration of IEEE 802.11 access networks with external networks in a generic and standardized manner. 802.11u is often referred to as Wireless Interworking with External Networks (WIEN).
  17. A and C. The 802.11e amendment (now part of the 802.11-2012 standard) defined two enhanced medium access methods to support quality of service (QoS) requirements. Enhanced Distributed Channel Access (EDCA) is an extension to DCF. Hybrid Coordination Function Controlled Channel Access (HCCA) is an extension to PCF. In the real world, only EDCA is implemented.
  18. A and C. The 802.11h amendment effectively introduced two major enhancements: more frequency space in the U-NII-2 extended band and radar avoidance and detection technologies. All aspects of the 802.11h ratified amendment can now be found in Clause 10.8 and Clause 10.9 of the 802.11-2012 standard.
  19. A. The 802.11b amendment defined systems that can transmit at data rates of 5.5 Mbps and 11 Mbps using High-Rate DSSS (HR-DSSS). 802.11b devices are also compatible with 802.11 DSSS devices and can transmit at data rates of 1 and 2 Mbps.
  20. B and D. The IEEE specifically defines 802.11 technologies at the Physical layer and the MAC sublayer of the Data-Link layer. By design, anything that occurs at the upper layers of the OSI model is insignificant to 802.11 communications.

Chapter 6: Wireless Networks and Spread Spectrum Technologies

  1. A, B and D. The ISM bands are 902 MHz – 928 MHz, 2.4 GHz – 2.5 GHz, and 5.725 GHz – 5.875 GHz. 5.725 GHz – 5.85 GHz is the U-NII-3 band.
  2. A, B and C. The four current U-NII bands are 5.15 GHz – 5.25 GHz, 5.25 GHz – 5.35 GHz, 5.47 GHz – 5.725 GHz, and 5.725 GHz – 5.85 GHz.
  3. A, B, C and D. The 802.11-2012 standard allows for the use of legacy FHSS radios (802.11), legacy DSSS radios (802.11), HR-DSSS radios (802.11b), and ERP radios (802.11g).
  4. A, B and D. The 802.11-2012 standard specifies that 802.11n HT radios can transmit in the 2.4 GHz ISM band and all four of the current 5 GHz U-NII bands.
  5. A. The U-NII-1 band is between 5.15 GHz and 5.25 GHz, 5,150 MHz to 5,250 MHz. To calculate the frequency in MHz from the channel, multiply the channel by 5 (200) and then add 5,000 for a center frequency of 5,200 MHz, or 5.2 GHz.
  6. D. To calculate the channel, first take the frequency in MHz (5,300 MHz). Subtract 5,000 from the number (300) and then divide the number by 5, resulting in channel 60. The U-NII-2 band is between 5.25 GHz and 5.35 GHz.
  7. B. HR-DSSS was introduced under the 802.11b amendment, which states that channels need a minimum of 25 MHz of separation between the center frequencies to be considered nonoverlapping.
  8. C. The time that the transmitter waits before hopping to the next frequency is known as the dwell time. The hop time is not a required time but rather a measurement of how long the hop takes.
  9. B. The 802.11a amendment, which originally defined the use of OFDM, required only 20 MHz of separation between the center frequencies for channels to be considered non-overlapping. All 25 channels in the 5 GHz U-NII bands use OFDM and have 20 MHz of separation. Therefore, all 5 GHz OFDM channels are considered nonoverlapping by the IEEE. However, it should be noted that adjacent 5 GHz channels do have some sideband carrier frequency overlap.
  10. C and D. In order for two ERP or HR-DSSS channels to be considered nonoverlapping, they require 25 MHz of separation between the center frequencies. Therefore, any two channels must have at least a five-channel separation. The simplest way to determine what other channels are valid is to add 5 or subtract 5 from the channel you want to use. If you added 5, then the number you calculated or any channel above that number is valid. If you subtracted 5, then the number you calculated or any channel below that number is valid. Deployments of three or more access points in the 2.4 GHz ISM band normally use channels 1, 6, and 11, which are all considered nonoverlapping.
  11. B. Extended Rate Physical Packet Binary Convolutional Code (ERP-PBCC) is the optional modulation technique that specifies data rates of 22 and 33 Mbps.
  12. B. The cause of the problem is delay spread resulting in intersymbol interference (ISI), which causes data corruption.
  13. D. The 802.11-2012 standard states that “the OFDM PHY shall operate in the 5 GHz band, as allocated by a regulatory body in its operational region.” A total of twenty-five 20 MHz wide channels are available in the U-NII bands.
  14. D. Because of the lower subcarrier data rates, delay spread is a smaller percentage of the symbol period, which means that ISI is less likely to occur. In other words, OFDM technology is more resistant to the negative effects of multipath than DSSS and FHSS spread spectrum technologies.
  15. C. A medium access method known as Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) helps to ensure that only one radio can be transmitting on the medium at any given time. Because of the half-duplex nature of the medium and the overhead generated by CSMA/CA, the actual aggregate throughput is typically 50 percent or less of the data rate when using legacy 802.11a/b/g radios. The aggregate throughput of 802.11n/ac radios is about 65 percent.
  16. C and F. The FCC has proposed two new U-NII bands. A new 120 MHz wide band called U-NII-2B occupies the frequency space of 5.35 GHz – 5.47 GHz with six potential 20 MHz channels. Another new 75 MHz wide band called U-NII-4 occupies the 5.85 GHz – 5.925 GHz frequency space with the potential of four more 20 MHz channels.
  17. C. In 2009, the Federal Aviation Authority (FAA) reported interference to Terminal Doppler Weather Radar (TDWR) systems. As a result, the FCC suspended certification of 802.11 devices in the U-NII-2 and U-NII-2E bands that require DFS. Eventually certification was re-established, however, the rules changed and 802.11 radios are currently were not allowed to transmit in the 5.60 − 5.65 GHz frequency space where TDWR operates. Channels 120 -128 were not available for a number of years. As of April 2014, the TDWR frequency space is once again available for 802.11 transmissions in the United States.
  18. A and B. OFDM uses BPSK and QPSK modulation for the lower ODFM data rates. The higher OFDM data rates use 16-QAM, 64-QAM, and 256-QAM modulation. QAM modulation is a hybrid of phase and amplitude modulation.
  19. B. When a data bit is converted to a series of bits, these bits that represent the data are known as chips.
  20. C. A 20 MHz OFDM channel uses 52 subcarriers, but only 48 of them are used to transport data. The other 4 subcarriers are used as pilot carriers.

Chapter 7: Wireless LAN Topologies

  1. D and E. The service set identifier (SSID) is a 32-character, case-sensitive, logical name used to identify a wireless network. An extended service set identifier (ESSID) is the logical network name used in an extended service set. ESSID is often synonymous with SSID.
  2. C and E. The 802.11 standard defines four service sets, or topologies. A basic service set (BSS) is defined as one AP and associated clients. An extended service set (ESS) is defined as one or more basic service sets connected by a distribution system medium. An independent basic service set (IBSS) does not use an AP and consists solely of client stations (STAs).
  3. E. By design, the 802.11 standard does not specify a medium to be used in the distribution system. The distribution system medium (DSM) may be an 802.3 Ethernet backbone, an 802.5 token ring network, a wireless medium, or any other medium.
  4. D. A wireless personal area network (WPAN) is a short-distance wireless topology. Bluetooth and ZigBee are technologies that are often used in WPANs.
  5. A. The most common implementation of an extended service set (ESS) has access points with partially overlapping coverage cells. The purpose behind an ESS with partially overlapping coverage cells is seamless roaming.
  6. A, C and D. The size and shape of a basic service area can depend on many variables, including AP transmit power, antenna gain, and physical surroundings.
  7. C. The normal default setting of an access point is root mode, which allows the AP to transfer data back and forth between the DS and the 802.11 wireless medium. The default root configuration of an AP allows it to operate inside a basic service set (BSS).
  8. B, E and F. The 802.11 standard defines an independent basic service set (IBSS) as a service set using client peer-to-peer communications without the use of an AP. Other names for an IBSS include ad hoc and peer-to-peer.
  9. A and D. Clients that are configured in Infrastructure mode may communicate via the AP with other wireless client stations within a BSS. Clients may also communicate through the AP with other networking devices that exist on the distribution system medium, such as a server or a wired desktop.
  10. B, C and D. The four topologies, or service sets, defined by the 802.11-2012 standard are basic service set (BSS), extended service set (ESS), independent basic service set (IBSS), and mesh basic service set (MBSS). DSSS and FHSS are spread spectrum technologies.
  11. A. A wireless metropolitan area network (WMAN) provides coverage to a metropolitan area such as a city and the surrounding suburbs.
  12. D. The basic service set identifier (BSSID) is a 48-bit (6-octet) MAC address. MAC addresses exist at the MAC sublayer of the Data-Link layer of the OSI model.
  13. B, C and E. The BSSID is the layer 2 identifier of either a BSS or an IBSS service set. The 48-bit (6-octet) MAC address of an access point's radio is the basic service set identifier (BSSID) within a BSS. An ESS topology utilizes multiple access points, thus the existence of multiple BSSIDs. In an IBSS network, the first station that powers up randomly generates a virtual BSSID in the MAC address format. FHSS and HR-DSSS are spread spectrum technologies.
  14. D. The 802.11s-2011 amendment, which is now part of the 802.11-2012 standard, defined a new service set for an 802.11 mesh topology. When access points support mesh functions, they may be deployed where wired network access is not possible. The mesh functions are used to provide wireless distribution of network traffic, and the set of APs that provide mesh distribution form a mesh basic service set (MBSS).
  15. B. In half-duplex communications, both devices are capable of transmitting and receiving; however, only one device can transmit at a time. Walkie-talkies, or two-way radios, are examples of half-duplex devices. IEEE 802.11 wireless networks use half-duplex communications.
  16. A, B, C, D and E. The default standard mode for an access point is root mode. Other operational modes include bridge, workgroup bridge, mesh, scanner, and repeater modes.
  17. A and C. An extended service set (ESS) is two or more basic service sets connected by a distribution system. An ESS is a collection of multiple access points and their associated client stations, all united by a single distribution system medium.
  18. A. A wireless distribution system (WDS) can connect access points together using a wireless backhaul while allowing clients to also associate to the radios in the access points.
  19. B and C. The distribution system consists of two main components. The distribution system medium (DSM) is a logical physical medium used to connect access points. Distribution system services (DSS) consist of services built inside an access point, usually in the form of software.
  20. B. The 802.11 standard is considered a wireless local area network (WLAN) standard. 802.11 hardware can, however, be utilized in other wireless topologies.

Chapter 8: 802.11 Medium Access

  1. B and D. DCF is an abbreviation for Distributed Coordination Function. CSMA/CA is an 802.11 media access control method that is part of DCF. CSMA/CD is used by 802.3, not 802.11. There is no such thing as Data Control Function.
  2. E. 802.11 technology does not use collision detection. If an ACK frame is not received by the original transmitting radio, the unicast frame is not acknowledged and will have to be retransmitted. This process does not specifically determine whether a collision occurs. Failure to receive an ACK frame from the receiver means that either a unicast frame was not received by the destination station or the ACK frame was not received, but it cannot positively determine the cause. It may be due to collision or to other reasons such as high noise level. All of the other options are used to help prevent collisions.
  3. D. ACK frames and CTS-to-self frames follow a SIFS. LIFS do not exist.
  4. A, B and D. The NAV timer maintains a prediction of future traffic on the medium based on duration value information seen in a previous frame transmission. Virtual carrier sense uses the NAV to determine medium availability. Physical carrier sense checks the RF medium for carrier availability. Clear channel assessment is another name for physical carrier sense. Channel sense window does not exist.
  5. C. The first step is to select a random backoff value. After the value is selected, it is multiplied by the slot time. The random backoff timer then begins counting down the number of slot times. When the number reaches 0, the station can begin transmitting.
  6. B and D. PCF requires an access point. Ad hoc mode and an independent basic service set (IBSS) are the same and do not use an access point. A basic service set (BSS) is a WLAN topology, where 802.11 client stations communicate through an access point. Infrastructure mode is the default client station mode that allows clients to communicate via an access point. Basic service area (BSA) is the area of coverage of a basic service set.
  7. B and D. The Duration/ID field is used to set the network allocation vector (NAV), which is a part of the virtual carrier sense process. The contention window and random backoff time are part of the backoff process that is performed after the carrier sense process.
  8. D. The goal of airtime fairness is to allocate equal time, as opposed to equal opportunity. Access fairness and opportunistic media access do not exist. CSMA/CA is the normal media access control mode for Wi-Fi devices.
  9. A, B, D and E. DCF defines four checks and balances of CSMA/CA and DCF to ensure that only one 802.11 radio is transmitting on the half-duplex medium. Virtual carrier sense (NAV), physical carrier sense (CCA), interframe spacing, and the random backoff timer all work together. CCMP is the encryption protocol that was introduced with 802.11i.
  10. C. Currently, WMM is based on EDCA mechanisms defined by the 802.11e amendment, which is now part of the 802.11-2012 standard. The WMM certification provides for traffic prioritization via four access categories. EDCA is a subfunction of Hybrid Coordination Function (HCF). The other subfunction of HCF is HCCA.
  11. E. HCF defines the ability for an 802.11 radio to send multiple frames when transmitting on the RF medium. When an HCF-compliant radio contends for the medium, it receives an allotted amount of time to send frames called a transmit opportunity (TXOP). During this TXOP, an 802.11 radio may send multiple frames in what is called a frame burst.
  12. A, B, D and E. WMM Audio priority does not exist. The WMM certification provides for traffic prioritization via the four access categories of Voice, Video, Best Effort, and Background.
  13. B, C and E. DCF and PCF were defined in the original 802.11 standard. The 802.11e quality of service amendment added a new coordination function to 802.11 medium contention, known as Hybrid Coordination Function (HCF). The 802.11e amendment and HCF have since been incorporated into the 802.11-2012 standard. HCF combines capabilities from both DCF and PCF and adds enhancements to them to create two channel access methods, HCF Controller Channel Access (HCCA) and Enhanced Distributed Channel Access (EDCA).
  14. B. The EDCA medium access method provides for the prioritization of traffic via the use of 802.1D priority tags. 802.1D tags provide a mechanism for implementing quality of service (QoS) at the MAC level. Different classes of service are available, represented in a 3-bit user priority field in an IEEE 802.1Q header added to an Ethernet frame. 802.1D priority tags from the Ethernet side are used to direct traffic to different access-category queues.
  15. A and E. The first purpose is to determine whether a frame transmission is inbound for a station to receive. If the medium is busy, the radio will attempt to synchronize with the transmission. The second purpose is to determine whether the medium is busy before transmitting. This is known as the clear channel assessment (CCA). The CCA involves listening for 802.11 RF transmissions at the Physical layer. The medium must be clear before a station can transmit.
  16. A, B, C and D. An 802.11 radio uses a random backoff algorithm to contend for the medium during a window of time known as the contention window. The contention window is essentially a final countdown timer and is also known as the random backoff timer. The NAV timer and the clear channel assessment (CCA) are also used in the medium contention process to determine the availability of the medium.
  17. C. When the listening radio hears a frame transmission from another station, it looks at the header of the frame and determines whether the Duration/ID field contains a Duration value or an ID value. If the field contains a Duration value, the listening station will set its NAV timer to this value.
  18. B. Enhanced Distributed Channel Access provides differentiated access for stations by using four access categories The EDCA medium access method provides for the prioritization of traffic via the four access categories that are aligned to eight 802.1D priority tags.
  19. A. ACKS are used for delivery verification of unicast 802.11 frames. Broadcast and multicast frames do not require an acknowledgment. Anycast frames do not exist.
  20. E. A Block ACK improves channel efficiency by aggregating several acknowledgments into one single acknowledgment frame. There are two types of Block ACK mechanisms: immediate and delayed. The immediate Block ACK is designed for use with low-latency traffic, whereas the delayed Block ACK is more suitable for latency-tolerant traffic.

Chapter 9: 802.11 MAC Architecture

  1. D. Both frames are used to join a BSS. Reassociation frames are used during the roaming process. The reassociation frame contains an additional field called Current AP Address. This address is the BSSID of the original AP that the client is leaving.
  2. D. An IP packet consists of layer 3–7 information. The MAC Service Data Unit (MSDU) contains data from the LLC sublayer and/or any number of layers above the Data-Link layer. The MSDU is the payload found inside the body of 802.11 data frames.
  3. B and D. RTS/CTS and CTS-to-Self provide 802.11g protection mechanisms, sometimes referred to as mixed-mode support. NAV back-off and RTS-to-Self do not exist. WEP encryption provides data security.
  4. A, C and D. An ERP AP signals for the use of the protection mechanism in the ERP information element in the beacon frame. If a non-ERP STA associates to an ERP AP, the ERP AP will enable the NonERP_Present bit in its own beacons, enabling protection mechanisms in its BSS. In other words, an HR-DSSS (802.11b) client association will trigger protection. If an ERP AP hears a beacon with only an 802.11b or 802.11 supported rate set from another AP or an IBSS STA, it will enable the NonERP_Present bit in its own beacons, enabling protection mechanisms in its BSS.
  5. A, B, C and D. The probe response contains the same information as the beacon frame, with the exception of the traffic indication map.
  6. B and D. Beacons cannot be disabled. Clients use the time-stamp information from the beacon to synchronize with the other stations on the wireless network. Only APs send beacons in a BSS; client stations send beacons in an IBSS. Beacons can contain proprietary information.
  7. B. If a station finds its AID in the TIM, there is unicast data on the AP that the station needs to stay awake for and request to have downloaded. This request is performed by a PS-Poll frame.
  8. D. When the RTS frame is sent, the value of the Duration/ID field is equal to the time necessary for the CTS, DATA, and ACK frames to be transmitted.
  9. B. When the client station transmits a frame with the Power Management field set to 1, it is enabling Power Save mode. The DTIM does not enable Power Save mode; it only notifies clients to stay awake in preparation for a multicast or broadcast.
  10. A and B. The receiving station may have received the data, but the returning ACK frame may have become corrupted and the original unicast frame will have to be retransmitted. If the unicast frame becomes corrupted for any reason, the receiving station will not send an ACK.
  11. B. The PS-Poll frame is used by the station to request cached data. The ATIM is used to notify stations in an IBSS of cached data. The Power Management bit is used by the station to notify the AP that the station is going into Power Save mode. The DTIM is used to indicate to client stations how often to wake up to receive buffered broadcast and multicast frames. The traffic indication map (TIM) is a field in the beacon frame used by the AP to indicate that there are buffered unicast frames for clients in Power Save mode.
  12. A and E. All 802.11 APs are required to respond to directed probe request frames that contain the correct SSID value. The AP must also respond to null probe request frames that contain a blank SSID value. Some vendors offer the capability to respond to null probe requests with a null probe response.
  13. A and D. There are two types of scanning: passive, which occurs when a station listens to the beacons to discover an AP, and active, which occurs when a station sends probe requests looking for APs. Stations send probe requests only if they are performing an active scan. After a station is associated, it is common for the station to continue to learn about nearby APs. All client stations maintain a “known AP” list that is constantly updated by active scanning.
  14. B, D and E. Although there are similarities, the addressing used by 802.11 MAC frames is much more complex than Ethernet frames. 802.3 frames have only a source address (SA) and destination address (DA) in the layer 2 header. The four MAC addresses used by an 802.11 frame can be used as five different types of addresses: receiver address (RA), transmitter address (TA), basic service set identifier (BSSID), destination address (DA), and source address (SA).
  15. B. When the client first attempts to connect to an AP, it will first send a probe request and listen for a probe response. After it receives a probe response, it will attempt to authenticate to the AP and then associate to the network.
  16. B. The delivery traffic indication message (DTIM) is used to ensure that all stations using power management are awake when multicast or broadcast traffic is sent. The DTIM interval is important for any application that uses multicasting. For example, many VoWiFi vendors support push-to-talk capabilities that send VoIP traffic to a multicast address. A misconfigured DTIM interval would cause performance issues during a push-to-talk multicast.
  17. A and C. An ERP (802.11g) AP is backward compatible with HR-DSSS and supports the data rates of 1, 2, 5.5, and 11 Mbps as well as the ERP-OFDM data rates of 6, 9, 12, 18, 24, 36, 48, and 54 Mbps. If a WLAN admin disabled the 1, 2, 5.5, and 11 Mbps data rates, backward compatibility will effectively be disabled and the HR-DSSS clients will not be able to connect. The 802.11-2012 standard defines the use of basic rates, which are required rates. If a client station does not support any of the basic rates used by an AP, the client station will be denied association to the BSS. If a WLAN admin configured the ERP-OFDM data rates of 6 and 9 Mbps as basic rates, the HR-DSSS clients would be denied association because they do not support those rates.
  18. A and C. The amplitude of the received signals from the APs is usually the main variable when clients make a roaming decision. Client roaming mechanisms are often based on RSSI values, including received signal levels and signal-to-noise ratio (SNR). Distance and WMM access categories have nothing to do with the client's decision to roam to a new AP.
  19. A, C, D and E. Applications now control the power-save management behavior by setting doze periods and sending trigger frames. Clients using time-sensitive applications will send triggers to the AP frequently, while clients using more latency-tolerant applications will have a longer doze period. The trigger and delivery method eliminates the need for PS-Poll frames. The client can request to download buffered traffic and does not have to wait for a beacon frame. All the downlink application traffic is sent in a faster frame burst during the AP's TXOP.
  20. B. The IEEE 802.11-2007 standard defines an enhanced power-management method called automatic power save delivery (APSD). The two APSD methods that are defined are scheduled automatic power save delivery (S-APSD) and unscheduled automatic power save delivery (U-APSD). The Wi-Fi Alliance's WMM Power Save (WMM-PS) certification is based on U-APSD.

Chapter 10: WLAN Architecture

  1. A. In recent years there has been a handheld client population explosion of mobile devices such as smartphones and tablets. Most users now expect Wi-Fi connectivity with numerous handheld mobile devices as well as their laptops. Almost all mobile devices use a single chip form factor that is embedded on the device's motherboard.
  2. B. All bridge links can have only one root bridge. A PtP link will have only one root bridge, and a PtMP link will also have only one root bridge.
  3. G. The 802.11 standard does not mandate what type of form factor must be used by an 802.11 radio. Although PCMCIA and Mini PCI client adapters are the most common, 802.11 radios exist in many other formats, such as CompactFlash cards, Secure Digital cards, USB dongles, ExpressCards, and other proprietary formats.
  4. B. Controller-based access points normally forward user traffic to a centralized WLAN controller via an encapsulated IP tunnel. Autonomous and cooperative access points normally use local data forwarding. Controller-based APs are also capable of local data forwarding. Although the whole point of a cooperative and distributed WLAN model is to avoid centrally forwarding user traffic to the core, the access points may also have IP-tunneling capabilities.
  5. A, B, D and E. WLAN controllers support the VRRP redundancy protocol. HSRP is a proprietary redundancy protocol. WLAN controllers have a captive portal option and support user management via role-based access control. WLAN controllers may also have an integrated IDS server.
  6. A, D and E. An IP-encapsulated tunnel is needed for 802.11 frames to be able to traverse between a lightweight AP and a WLAN controller over a wired medium. Each 802.11 frame is encapsulated entirely within the body of an IP packet. Many WLAN vendors use Generic Routing Encapsulation (GRE), a commonly used network tunneling protocol. WLAN vendors that do not use GRE use other proprietary protocols for the IP tunneling. Although CAPWAP is used as a management protocol, it can also be used for IP encapsulation of traffic.
  7. D. One major disadvantage of using the traditional autonomous access point is that there is no central point of management. Any autonomous WLAN architecture with 25 or more access points is going to require some sort of network management system (NMS). Although a WLAN controller can be used to manage the WLAN in a centralized WLAN architecture, if multiple controllers are deployed, an NMS may be needed to manage multiple controllers. Although the control plane and management plane have moved back to the APs in a distributed WLAN architecture, the management plane remains centralized. Configuration and monitoring of all access points in the distributed model is still handled by an NMS.
  8. F. WLAN controllers support layer 3 roaming capabilities, bandwidth policies, and stateful packet inspection. Dynamic RF and AP management are also supported on a controller.
  9. D. Telecommunication networks are often defined as three logical planes of operation. The control plane consists of control or signaling information and is often defined as network intelligence or protocols.
  10. B. A wireless workgroup bridge (WGB) is a wireless device that provides wireless connectivity for wired infrastructure devices that do not have radio cards.
  11. A and E. In the centralized WLAN architecture, autonomous APs have been replaced with controller-based access points. All the intelligence resides on the centralized device known as a WLAN controller.
  12. B and D. The control plane mechanisms are enabled in the system with inter-AP communication via cooperative protocols in a distributed WLAN architecture. In a distributed architecture, each individual access point is responsible for local forwarding of user traffic; therefore, the data plane resides in the APs. The management plane resides in an NMS that is used to manage and monitor the distributed WLAN.
  13. B. In a point-to-point bridge link, one bridge must be the root bridge and the other must be a nonroot bridge. Although they are on separate subnets, this factor does not come into account during the association process. Typically, the IP address of the bridges is purely for management purposes and has no impact on the traffic being passed.
  14. D. Because of performance issues, repeater mode is not a recommended mode for wireless bridging. If at all possible, a better bridge deployment practice is to use two separate bridge links as opposed to repeating the link of a root bridge to a nonroot bridge.
  15. A and C. All three WLAN infrastructure designs support the use of VLANs and 802.1Q tagging. However, the centralized WLAN architecture usually encapsulates user VLANs between the controller-based AP and the WLAN controllers; therefore, only a single VLAN is normally required at the edge. An 802.1Q trunk is, however, usually required between the WLAN controller and a core switch. Both the autonomous and distributed WLAN architectures do not use a controller. Noncontroller architectures require support for 802.1Q tagging if multiple VLANs are to be supported at the edge of the network. The access point is connected to an 802.1Q trunk port on an edge switch that supports VLAN tagging.
  16. E. The majority of WLAN controller vendors implement what is known as a split MAC architecture. With this type of WLAN architecture, some of the MAC services are handled by the WLAN controller and some are handled by the controller-based access point.
  17. B. In a centralized WLAN architecture, traffic is tunneled from controller-based access points deployed at the access layer to a WLAN controller that is typically deployed at the core of the network. Standard network design suggests redundancy at the core, and redundant WLAN controllers should be deployed so there is no single point of network failure. If all user traffic is being tunneled to a WLAN controller and it fails without a redundant solution, effectively the WLAN is down.
  18. A, B and C. Most WLAN APs have the capability of supporting multiple virtual BSSIDs. Within each AP's coverage area, multiple virtual WLANs can exist. Each virtual WLAN has a logical name (SSID) and a unique virtual layer 2 identifier (BSSID), and each WLAN is mapped to a unique virtual local area network (VLAN) that is mapped to a subnet (layer 3). Multiple layer 2 and 3 domains can exist within one layer 1 domain.
  19. A, C, D and E. WLAN controllers introduced the concept of virtual WLANs, which are often called WLAN profiles. Different groups of 802.11 clients exist in a virtual WLAN. The WLAN profile is a set of configuration parameters that are configured on the WLAN controller. The profile parameters can include the WLAN logical name (SSID), WLAN security settings, VLAN assignment, and QoS parameters. Do not confuse the WLAN profile with an AP group profile. Multiple WLAN profiles can be supported by a single AP; however, an AP can alone belong to one AP group. An AP group profile defines the configuration settings for a single AP or group of access points. Settings such as channel, transmit power, and supported data rates are examples of settings configured in an AP group profile.
  20. A, C and E. VoWiFi phones are 802.11 client stations that communicate through most WLAN architecture. The PBX is needed to make connections among the internal telephones of a private company and also connect them to the public switched telephone network (PSTN) via trunk lines. WMM quality-of-service capabilities must be supported by both the VoWiFi phone and WLAN infrastructure. Currently most VoWiFi solutions use the Session Initiation Protocol (SIP) as the signaling protocol for voice communications over an IP network, but others protocols can be used instead.

Chapter 11: WLAN Deployment and Vertical Markets

  1. A, B, C and D. The goal of fixed mobile convergence is to enable the user to have a single device with a single phone number and to enable the user to roam between different networks, taking advantage of the least expensive and best performing network that is available.
  2. C and D. Municipal and transportation networks are both specific types of public hotspots. Law enforcement and first-responder networks are hotspot-type networks, but they are not intended for public use.
  3. C. Because of the potential for interference and the importance of preventing it, hospitals often have a person responsible for keeping track of frequencies used within the organization. Some municipalities are starting to do this as well—not just for law enforcement, but for all of their wireless needs, because they often use wireless technologies for SCADA networks, traffic cameras, traffic lights, two-way radios, point-to-point bridging, hotspots, and more.
  4. D. Since cruise ships are often not near land where cellular or WiMAX uplink is available, it is necessary to use a satellite uplink to connect the ship to the Internet.
  5. B and D. Fixed mobile convergence allows roaming between Wi-Fi networks and cellular phone networks, choosing the available network that is least expensive.
  6. D. When designing a warehouse network, the networking devices are often barcode scanners that do not capture much data, so high capacity and throughput are not typically needed. Because the data-transfer requirements are so low, these networks are typically designed to provide coverage for large areas. Security is always a concern; however, it is not usually a design criterion.
  7. A, C and D. Corporations typically install a WLAN to provide easy mobility and/or access to areas that are difficult or extremely expensive to connect via wired networks. Although providing connectivity to the Internet is a service that the corporate wireless network offers, it is not the driving reason for installing the wireless network.
  8. A, C and D. The phone company, cable providers, and WISPs are all examples of companies that provide last-mile services to users and businesses.
  9. B. The main purpose of SOHO networks is to provide a gateway to the Internet.
  10. A, B and D. Mobile office networking solutions are temporary solutions that include all of the options listed except for the remote sales office, which would more likely be classified as a SOHO installation.
  11. A and D. Warehousing and manufacturing environments typically have a need for mobility, but their data transfers are typically very small. Therefore, their networks are often designed for high coverage rather than high capacity.
  12. D. Hotspot providers are not likely to provide data encryption. It is more difficult to deploy, and there is no benefit or business reason for them to provide it.
  13. A, B and C. Manufacturing plants are typically fixed environments and are better served by installing permanent access points.
  14. C and D. Point-to-multipoint, hub and spoke, and star all describe the same communication technology, which connects multiple devices by using a central device. Point-to-point communications connects two devices. Mesh networks do not have a defined central device.
  15. C. Most of the 802.11 implementations used FHSS, with industrial (warehousing and manufacturing) companies being some of the biggest implementers. Their requirement of mobility with low data-transfer speeds was ideal for using the technology.
  16. C. To make wireless access easy for the subscriber, hotspot vendors typically deploy authentication methods that are easy to use but that do not provide data encryption. Therefore, to ensure security back to your corporate network, the use of an IPsec VPN is necessary.
  17. A, C and D. VoWiFi is a common use of 802.11 technology in a medical environment, providing immediate access to personnel no matter where they are in the hospital. Real-time location service (RTLS) solutions using 802.11 RFID tags for inventory control are also commonplace. WLAN medical carts are used to monitor patient information and vital signs.
  18. A and C. The installation of multiple point-to-point bridges is either to provide higher throughput or to prevent a single point of failure. Care must be taken in arranging channel and antenna installations to prevent self-inflicted interference.
  19. A, B and C. Healthcare providers often have many other devices that use RF communications, and therefore, RF interference is a concern. Fast access along with secure and accurate access is critical in healthcare environments. Faster access can be performed without faster speed. The mobility of the technology will satisfy the faster access that is typically needed.
  20. D. Public hotspots are most concerned about ensuring that only valid users are allowed access to the hotspot. This is performed using authentication; however, this only secures the network from nonauthorized users.

Chapter 12: WLAN Troubleshooting and Design

  1. A, C and D. Unidirectional MIMO patch antennas can be mounted in the ceiling to provide sectorized coverage in a high-density WLAN. Load balancing clients between multiple APs will help with capacity. Lowering the AP transmit power effectively reduces the cell size and minimizes co-channel interference. Band steering can be useful if used to balance the clients between both the 2.4 and 5 GHz radios. Steering all the clients only to 5 GHz is not necessarily ideal in a high-density environment. Layer 3 roaming is not part of high client capacity design.
  2. E. In an MCA architecture, if all the access points are mistakenly configured on the same channel, unnecessary medium contention overhead is the result. If an AP is transmitting, all nearby access points and clients on the same channel will defer transmissions. The result is that throughput is adversely affected. Nearby APs and clients have to wait much longer to transmit because they have to take their turn. The unnecessary medium contention overhead that occurs because all the APs are on the same channel is called co-channel interference (CCI). In reality, the 802.11 radios are operating exactly as defined by the CSMA/CA mechanisms, and this behavior should really be called co-channel cooperation.
  3. A, D and E. The original transmission amplitude will have an impact on the range of an RF cell. Antennas amplify signal strength and can increase range. Walls and other obstacles will attenuate an RF signal and affect range. CSMA/CA and encryption do not affect range but do affect throughput.
  4. B, C and D. The hidden node problem arises when client stations cannot hear the RF transmissions of another client station. Increasing the transmission power of client stations will increase the transmission range of each station, resulting in increased likelihood of all the stations hearing each other. Increasing client power is not a recommended fix because best practice dictates that client stations use the same transmit power used by all other radios in the BSS, including the AP. Moving the hidden node station within transmission range of the other stations also results in stations hearing each other. Removing an obstacle that prevents stations from hearing each other also fixes the problem. The best fix to the hidden node problem is to add another access point in the area that the hidden node resides.
  5. B, D and E. If any portion of a unicast frame is corrupted, the cyclic redundancy check (CRC) will fail and the receiving 802.11 radio will not return an ACK frame to the transmitting 802.11 radio. If an ACK frame is not received by the original transmitting radio, the unicast frame is not acknowledged and will have to be retransmitted. RF interference, low SNR, hidden nodes, mismatched power settings, near/far problems, and adjacent channel interference may all cause layer 2 retransmissions. Co-channel interference does not cause retries but does add unnecessary medium contention overhead.
  6. A, B and D. The hidden node problem arises when client stations cannot hear the RF transmissions of another client station. Distributed antenna systems with multiple antenna elements are notorious for causing the hidden node problem. When coverage cells are too large as a result of the access point's radio transmitting at too much power, client stations at opposite ends of an RF coverage cell often cannot hear each other. Obstructions such as a newly constructed wall can also result in stations not hearing each other.
  7. B, D and E. Excessive layer 2 retransmissions adversely affect the WLAN in two ways. First, layer 2 retransmissions increase MAC overhead and therefore decrease throughput. Second, if application data has to be retransmitted at layer 2, the timely delivery of application traffic becomes delayed or inconsistent. Applications such as VoIP depend on the timely and consistent delivery of the IP packet. Excessive layer 2 retransmissions usually result in increased latency and jitter problems for time-sensitive applications such as voice and video.
  8. E. An often overlooked cause of layer 2 retransmissions is mismatched transmit power settings between an access point and a client radio. Communications can break down if a client station's transmit power level is less than the transmit power level of the access point. As a client moves to the outer edges of the coverage cell, the client can “hear” the AP; however, the AP cannot “hear” the client. If the client station's frames are corrupted near the AP but not near the client, the most likely cause is mismatched power settings.
  9. D. If an end user complains of a degradation of throughput, one possible cause is a hidden node. A protocol analyzer is a useful tool in determining hidden node issues. If the protocol analyzer indicates a higher retransmission rate for the MAC address of one station when compared to the other client stations, chances are a hidden node has been found. Some protocol analyzers even have hidden node alarms based on retransmission thresholds.
  10. B. Overlapping coverage cells with overlapping frequencies cause adjacent channel interference, which causes a severe degradation in latency, jitter, and throughput. If overlapping coverage cells also have frequency overlap, frames will become corrupt, retransmissions will increase, and performance will suffer significantly.
  11. B. As client station radios move away from an access point, they will shift down to lower bandwidth capabilities by using a process known as dynamic rate switching (DRS). The objective of DRS is upshifting and downshifting for rate optimization and improved performance. Although dynamic rate switching is the proper name for this process, all these terms refer to the method of speed fallback that a wireless LAN client uses as distance increases from the access point.
  12. E. Highly directional antennas are susceptible to what is known as antenna wind loading, which is antenna movement or shifting caused by wind. Grid antennas may be needed to alleviate the problem. Rain and fog can attenuate an RF signal; therefore, a system operating margin (also known as fade margin) of 20 dB is necessary. A change in air temperature is also known as air stratification, which causes refraction. K-factor calculations may also be necessary to compensate for refraction.
  13. E. Higher frequency signals have a smaller wavelength property and will attenuate faster than a lower frequency signal with a larger wavelength. Higher frequency signals therefore will have shorter range. In any RF environment, free space path loss (FSPL) attenuates the signal as a function of distance. Loss in signal strength affects range. Brick walls exist in an indoor physical environment, while trees exist in an outdoor physical environment. Both will attenuate an RF signal, thereby affecting range.
  14. D. A mobile client receives an IP address also known as a home address on the original subnet. The mobile client must register its home address with a device called a home agent (HA). The original access point on the client's home network serves as the home agent. The home agent is a single point of contact for a client when it roams across layer 3 boundaries. Any traffic that is sent to the client's home address is intercepted by the home agent access point and sent through a Mobile IP tunnel to the foreign agent AP on the new subnet. The client is therefore able to retain its original IP address when roaming across layer 3 boundaries.
  15. A and B. Although overlap cell coverage is a fallacy, cell overlap is often used to refer to the duplicate cell coverage heard from a client perspective. Roaming problems will occur if there is not enough overlap in cell coverage. Too little overlap will effectively create a roaming dead zone, and connectivity may even temporarily be lost. If two RF cells have too much overlap, a station may stay associated with its original AP and not connect to a second access point even though the station is directly underneath the second access point.
  16. A, B and C. A mistake often made when deploying access points is to have the APs transmitting at full power. Effectively, this extends the range of the access point but causes many problems that have been discussed throughout this chapter. Oversized coverage usually will not meet your capacity needs. Oversized coverage cells can cause hidden node problems. Access points at full power may not be able to hear the transmissions of client stations with lower transmit power. Access points at full power will most likely also increase the odds of co-channel interference due to bleed-over transmissions. If the access point's coverage and range is a concern, the best method of extending range is to increase the AP's antenna gain instead of increasing transmit power.
  17. A and C. Medium contention, also known as CSMA/CA, requires that all radios access the medium in a pseudorandom fashion. Radios transmitting at slower data rates will occupy the medium much longer, while faster radios have to wait. Data rates of 1 and 2 Mbps can create very large coverage cells, which may prevent a hidden node station at one edge of the cell from being heard by other client stations at the opposite side of the coverage cell.
  18. A. Multipath can cause intersymbol interference (ISI), which causes data corruption. Because of the difference in time between the primary signal and the reflected signals, known as the delay spread, the receiver can have problems demodulating the RF signal's information. The delay spread time differential results in corrupted data and therefore layer 2 retransmissions.
  19. A. HR-DSSS (802.11b) and ERP (802.11g) channels require 25 MHz of separation between the center frequencies to be considered nonoverlapping. The three channels of 1, 6, and 11 meet these requirements in the United States. In other countries, three-channel plans such as 2, 7, and 12; 3, 8, and 13; and 4, 9, and 14 would work as well. Traditionally, 1, 6, and 11 are chosen almost universally.
  20. A, D and E. Several factors should be considered when planning a 5 GHz channel reuse pattern. One factor is what channels are available legally in your country or region. Another factor to consider is what channels the client population supports. Wi-Fi radios must be certified to transmit in the dynamic frequency selection (DFS) channels to avoid interference with radar. A high likelihood exists that the client population may not be certified for dynamic frequency selection (DFS) channels in the UNII-2 and UNII-2e bands. Additionally, many 5 GHz access points might also not be certified to transmit in the DFS channels.

Chapter 13: 802.11 Network Security Architecture

  1. B. As required by an 802.1X security solution, the supplicant is a WLAN client requesting authentication and access to network resources. Each supplicant has unique authentication credentials that are verified by the authentication server.
  2. B and D. The 802.11-2012 standard defines CCMP/AES encryption as the default encryption method, and TKIP/RC4 is the optional encryption method. This was originally defined by the 802.11i amendment, which is now part of the 802.11-2012 standard. The Wi-Fi Alliance created the WPA2 security certification, which mirrors the robust security defined by the IEEE. WPA2 supports both CCMP/AES and TKIP/RC4 dynamic encryption-key management.
  3. E. 128-bit WEP encryption uses a secret 104-bit static key that is provided by the user (26 hex characters) and combined with a 24-bit initialization vector (IV) for an effective key strength of 128 bits.
  4. A, C and E. The supplicant, authenticator, and authentication server work together to provide the framework for an 802.1X/EAP solution. The supplicant requests access to network resources. The authentication server authenticates the identity of the supplicant, and the authenticator allows or denies access to network resources via virtual ports.
  5. C. The original 802.11 standard ratified in 1997 defined the use of a 64-bit or 128-bit static encryption solution called Wired Equivalent Privacy (WEP). Dynamic WEP was never defined under any wireless security standard. The use of 802.1X/EAP, TKIP/RC4, and CCMP/AES are all defined under the current 802.11-2012 standard.
  6. A, D and E. Access points may be mounted in lockable enclosure units to provide theft protection. All access points should be configured from the wired side and never wirelessly. Encrypted management interfaces such as HTTPS and SSH should be used instead of HTTP or Telnet. An 802.1X/EAP solution guarantees that only authorized users will receive an IP address. Attackers can get an IP address prior to setting up an IPsec VPN tunnel and potentially attack the access points.
  7. A and C. Virtual LANs are used to segment wireless users at layer 3. The most common wireless segmentation strategy often used in 802.11 enterprise WLANs is segmentation using VLANS combined with role-based access control (RBAC) mechanisms. CCMP/AES, TKIP/RC4, and WEP are encryption solutions.
  8. A and C. The Wi-Fi Protected Access (WPA) certification was a snapshot of the not-yet-released 802.11i amendment, supporting only the TKIP/RC4 dynamic encryption-key generation. 802.1X/EAP authentication was required in the enterprise, and passphrase authentication was required in a SOHO or home environment. LEAP is Cisco proprietary and is not specifically defined by WPA. Neither dynamic WEP nor CCMP/AES was defined for encryption. CCMP/AES dynamic encryption is mandatory under the WPA2 certification.
  9. B, D and E. Role-based access control (RBAC) is an approach to restricting system access to authorized users. The three main components of an RBAC approach are users, roles, and permissions.
  10. A, D and E. The purpose of 802.1X/EAP is authentication of user credentials and authorization to network resources. Although the 802.1X/EAP framework does not require encryption, it highly suggests the use of encryption. A by-product of 802.1X/EAP is the generation and distribution of dynamic encryption keys.
  11. A, B, D and E. All forms of WEP encryption use the Rivest Cipher 4 (RC4) algorithm. TKIP is WEP that has been enhanced and also uses the RC4 cipher. PPTP uses 128-bit Microsoft Point-to-Point Encryption (MPPE), which uses the RC4 algorithm. CCMP uses the AES cipher.
  12. B and D. Shared Key authentication is a legacy authentication method that does not provide seeding material to generate dynamic encryption keys. Static WEP uses static keys. A robust security network association requires a four-frame EAP exchange known as the 4-Way Handshake that is used to generate dynamic TKIP or CCMP keys. The handshake may occur either after an 802.1X/EAP exchange or as a result of PSK authentication.
  13. A and D. An 802.1X/EAP solution requires that both the supplicant and the authentication server support the same type of EAP. The authenticator must be configured for 802.1X/EAP authentication but does not care which EAP type passes through. The authenticator and the supplicant must support the same type of encryption.
  14. C. WLAN controllers use lightweight access points, which are dumb terminals with radio cards and antennas. The WLAN controller is the authenticator. When an 802.1X/EAP solution is deployed in a wireless controller environment, the virtual controlled and uncontrolled ports exist on the WLAN controller.
  15. A, C and D. TKIP starts with a 128-bit temporal key that is combined with a 48-bit initialization vector (IV) and source and destination MAC addresses in a process known as per-packet key mixing. TKIP uses an additional data integrity check known as the message integrity check (MIC).
  16. A. The root bridge would be the authenticator, and the nonroot bridge would be the supplicant if 802.1X/EAP security is used in a WLAN bridged network.
  17. D. The AES algorithm encrypts data in fixed data blocks with choices in encryption-key strength of 128, 192, or 256 bits. CCMP/AES uses a 128-bit encryption-key size and encrypts in 128-bit fixed-length blocks.
  18. A and D. The WPA2 certification requires the use of an 802.1X/EAP authentication method in the enterprise and the use of a preshared key or a passphrase in a SOHO environment. The WPA2 certification also requires the use of stronger dynamic encryption-key generation methods. CCMP/AES encryption is the mandatory encryption method, and TKIP/RC4 is the optional encryption method.
  19. E. The 802.11-2012 standard defines what is known as a robust security network (RSN) and robust security network associations (RSNAs). CCMP/AES encryption is the mandated encryption method, and TKIP/RC4 is an optional encryption method.
  20. C. The supplicant, authenticator, and authentication server work together to provide the framework for 802.1X port-based access control, and an authentication protocol is needed to assist in the authentication process. The Extensible Authentication Protocol (EAP) is used to provide user authentication.

Chapter 14: Wireless Attacks, Intrusion Monitoring, and Policy

  1. B and C. Denial-of-service (DoS) attacks can occur at either layer 1 or layer 2 of the OSI model. Layer 1 attacks are known as RF jamming attacks. A wide variety of layer 2 DoS attacks exist that are a result of tampering with 802.11 frames, including the spoofing of deauthentication frames.
  2. C and D. Malicious eavesdropping is achieved with the unauthorized use of protocol analyzers to capture wireless communications. Any unencrypted 802.11 frame transmission can be reassembled at the upper layers of the OSI model.
  3. D. A protocol analyzer is a passive device that captures 802.11 traffic and can be used for malicious eavesdropping. A WIDS cannot detect a passive device. Strong encryption is the solution to prevent a malicious eavesdropping attack.
  4. C and D. The only way to prevent a wireless hijacking, man-in-the-middle, and/or Wi-Fi phishing attack is to use a mutual authentication solution. 802.1X/EAP authentication solutions require that mutual authentication credentials be exchanged before a user can be authorized.
  5. A and C. The radios inside the WIPS sensors monitor the 2.4 GHz ISM band and the 5 GHz U-NII bands. Older legacy wireless networking equipment exists that transmits in the 900 MHz ISM band, and these devices will not be detected. The radios inside the WIPS sensors also use only DSSS and OFDM technologies. Wireless networking equipment exists that uses frequency hopping spread spectrum (FHSS) transmissions in the 2.4 GHz ISM band and will go undetected. The only tool that can detect either a 900 MHz or frequency hopping rogue access point is a spectrum analyzer.
  6. A and B. The general wireless security policy establishes why a wireless security policy is needed for an organization. Even if a company has no plans for deploying a wireless network, there should be at a minimum a policy detailing how to deal with rogue wireless devices. The functional security policy establishes how to secure the wireless network in terms of what solutions and actions are needed.
  7. A and E. After obtaining the passphrase, an attacker can also associate to the WPA/WPA2 access point and thereby access network resources. The encryption technology is not cracked, but the key can be re-created. If a hacker has the passphrase and captures the 4-Way Handshake, they can re-create the dynamic encryption keys and therefore decrypt traffic. WPA/WPA2-Personal is not considered a strong security solution for the enterprise because if the passphrase is compromised, the attacker can access network resources and decrypt traffic.
  8. A, C, D and E. Numerous types of layer 2 DoS attacks exist, including association floods, deauthentication spoofing, disassociation spoofing, authentication floods, PS-Poll floods, and virtual carrier attacks. RF jamming is a layer 1 DoS attack.
  9. A and C. Microwave ovens operate in the 2.4 GHz ISM band and are often a source of unintentional interference. 2.4 GHz cordless phones can also cause unintentional jamming. A signal generator is typically going to be used as a jamming device, which would be considered intentional jamming. 900 MHz cordless phones will not interfere with 802.11 equipment that operates in either the 2.4 GHz ISM band or the 5 GHz U-NII bands. There is no such thing as a deauthentication transmitter.
  10. A and B. The radios inside the WIPS/WIDS sensors currently use only DSSS and OFDM technologies. Wireless networking equipment exists that uses frequency hopping spread spectrum (FHSS) transmissions in the 2.4 GHz ISM and will go undetected by layer 2 WIPS/WIDS sensors. The only tool that can detect either a 900 MHz or a frequency hopping rogue AP is a spectrum analyzer. Some WIPS/WIDS vendors offer layer 1 distributed spectrum analysis system (DSAS) solutions.
  11. A and B. Client isolation is a feature that can be enabled on WLAN access points or WLAN controllers to block wireless clients from communicating with other wireless clients on the same wireless segment. The use of a personal firewall can also be used to mitigate peer-to peer attacks.
  12. C. A wireless intrusion prevention system (WIPS) is capable of mitigating attacks from rogue APs. A WIPS sensor can use layer 2 DoS attacks as a countermeasure against a rogue device. SNMP may be used to shut down ports that a rogue AP has been connected to. WIPS vendors also use unpublished methods for mitigating rogue attacks.
  13. A, B, E and F. Most WIPS solutions label 802.11 radios into four or more classifications. An infrastructure device refers to any client station or AP that is an authorized member of the company's wireless network. An unknown device is any new 802.11 radio that has been detected but not classified as a rogue. A known device refers to any client station or AP that is detected by the WIPS and has been identified as an interfering device but is not considered a threat. A rogue device refers to any client station or AP that is considered an interfering device and a potential threat.
  14. A and E. Every company should have a policy forbidding installation of wireless devices by employees. Every company should also have a policy on how to respond to all wireless attacks, including the discovery of a rogue AP. If a WIPS discovers a rogue AP, temporarily implementing layer 2 rogue containment abilities is advisable until the rogue device can be physically located. After the device is found, immediately unplug it from the data port but not from the electrical outlet. It would be advisable to leave the rogue AP on so that the administrator can do some forensics and look at the association tables and log files to possibly determine who installed it.
  15. A, C, D, F and G. Currently, there is no such thing as a Happy AP attack or an 802.11 sky monkey attack. Wireless users are especially vulnerable to attacks at public-use hotspots because there is no security. Because no encryption is used, the wireless users are vulnerable to malicious eavesdropping. Because no mutual authentication solution is in place, they are vulnerable to hijacking, man-in-the-middle, and phishing attacks. The hotspot AP might also be allowing peer-to-peer communications, making the users vulnerable to peer-to-peer attacks. Every company should have a remote access wireless security policy to protect their end users when they leave company grounds.
  16. A and C. Public-access hotspots have absolutely no security in place, and it is imperative that a remote access WLAN policy be strictly enforced. This policy should include the required use of an IPsec or SSL VPN solution to provide device authentication, user authentication, and strong encryption of all wireless data traffic. Hotspots are prime targets for malicious eavesdropping attacks. Personal firewalls should also be installed on all remote computers to prevent peer-to-peer attacks.
  17. B. MAC filters are configured to apply restrictions that will allow only traffic from specific client stations to pass through based on their unique MAC addresses. MAC addresses can be spoofed, or impersonated, and any amateur hacker can easily bypass any MAC filter by spoofing an allowed client station's address.
  18. A. The integrated WIDS is by far the most widely deployed. Overlay WIDS are usually cost prohibitive for most WLAN customers. The more robust overlay WIDS solutions are usually deployed in defense, finance, and retail vertical markets where the budget for an overlay solution may be available.
  19. A, D and E. Wired Equivalent Privacy (WEP) encryption has been cracked, and currently available tools may be able to derive the secret key within a matter of minutes. The size of the key makes no difference, and both 64-bit WEP and 128-bit WEP can be cracked. TKIP/RC4 and CCMP/AES encryption have not been cracked.
  20. D. An attack that often generates a lot of press is wireless hijacking, also known as the evil twin attack. The attacker hijacks wireless clients at layer 2 and layer 3 by using an evil twin access point and a DHCP server. The hacker may take the attack several steps further and initiate a man-in-the-middle attack and/or a Wi-Fi phishing attack.

Chapter 15: Radio Frequency Site Survey Fundamentals

  1. C and D. It is a highly recommended practice to conduct the site survey by using equipment from the same vendor who will supply the equipment that will later be deployed on site. Mixing vendors during the survey is not recommended. Mixing a standalone AP solution with a controller-based AP solution is also not recommended in most cases. Security is not implemented during the survey.
  2. B. Although all the options are issues that may need addressing when deploying a WLAN in a hospitality environment, aesthetics is usually a top priority. The majority of customer service businesses prefer that all wireless hardware remain completely out of sight. Note that most enclosure units are lockable and help prevent theft of expensive Wi-Fi hardware. However, theft prevention is not unique to the hospitality business.
  3. A, B and C. Although security in itself is not part of the WLAN site survey, network management should be interviewed about security expectations. The surveying company will make comprehensive wireless security recommendations. An addendum to the security recommendations might be corporate wireless policy recommendations. Authentication and encryption solutions are not usually implemented during the physical survey.
  4. C. Segmentation, authentication, authorization, and encryption should all be considered during the site survey interview. In Chapter 13, “802.11 Network Security Architecture,” you learned about the necessary components of wireless security. Segmenting three types of users into separate VLANs with separate security solutions is the best recommendation. The data users using 802.1X/EAP and CCMP/AES will have the strongest solution available. WPA-2 provides the voice users with CCMP/AES encryption as well but avoids using an 802.1X/EAP solution that will cause latency problems. The guest user VLAN requires a minimum of a captive web portal and a strong guest firewall policy for security.
  5. A and B. Training, security, and choice of vendor are extra recommendations that may also accompany the site survey report. The site survey report should already be addressing coverage, capacity, and roaming requirements.
  6. A and C. Blueprints will be needed for the site survey interview to discuss coverage and capacity needs. A network topology map will be useful to assist in the design of integrating the wireless network into the current wired infrastructure.
  7. B and D. Latency is an important consideration whenever any time-sensitive application such as voice or video is to be deployed. A layer 3 roaming solution will be needed if layer 3 boundaries are crossed during roaming.
  8. A, D and E. The final site survey report known as the deliverable will contain spectrum analysis information identifying potential sources of interference. Coverage analysis will also define RF cell boundaries. The final report also contains recommended access point placement, configuration settings, and antenna orientation. Application throughput testing is often an optional analysis report included in the final survey report. Firewall settings and router access control lists are not included in a site survey report.
  9. A, B and E. Roaming problems may be interference related or caused by a lack of adequate coverage and/or cell overlap. In Chapter 12, “WLAN Troubleshooting,” you learned that duplicate cell coverage is needed for roaming. Roaming problems will occur if there is not enough duplicate cell coverage. Too little duplicate coverage will effectively create a roaming dead zone, and connectivity may even temporarily be lost. On the flip side, too much duplicate coverage will also cause roaming problems. For example, a client station may stay associated with its original AP and not connect to a second access point even though the station is directly underneath the second access point. This can also create a situation in which the client device is constantly switching back and forth between the two or more APs on different channels. If a client station can also hear dozens of APs on the same channel with very strong signals, a degradation in performance will occur due to medium contention overhead. 2.4 GHz portable phones may be a source of interference. Cell phones operate in a frequency space that will not interfere with the existing WLAN.
  10. D. Although option C is a possible solution, the best recommendation is to deploy hardware that operates at 5 GHz, and interference from the neighboring businesses' 2.4 GHz network will never be an issue.
  11. A. The cheapest and most efficient solution will be to replace the older edge switches with newer switches that have inline power that can provide PoE to the access points. A core switch will not be used to provide PoE because of cabling distance limitations. Deploying single-port injectors is not practical, and hiring an electrician will be extremely expensive.
  12. A, B and D. Co-channel interference is a common cause of poor performance. Inadequate capacity planning can result in too many users per access point, leading to throughput problems. Multipath interference can also be destructive in an 802.11a/b/g environment where MIMO radios have yet to be deployed.
  13. A, B, C and D. User density, data applications, and peak usage levels are all considerations when capacity planning for an 802.11a/b/g/n network. When designing a 5 GHZ WLAN, a proper channel plan must be designed. Legacy clients may not support DFS channels.
  14. E. Multiple questions are related to infrastructure integration. How will the access points be powered? How will the WLAN and/or users of the WLAN be segmented from the wired network? How will the WLAN remote access points be managed? Considerations such as role-based access control (RBAC), bandwidth throttling, and load balancing should also be discussed.
  15. A, B and C. Network management will be consulted during most of the site survey and deployment process for proper integration of the WLAN. The biomedical department will be consulted about possible RF interference issues. Hospital security will be contacted in order to obtain proper security passes and an possible escort.
  16. B, C and D. Coverage, not capacity, is the main objective when designing a wireless network in a warehouse. Seamless roaming is also mandatory because handheld devices are typically deployed. Security is a major requirement for all WLAN enterprise installations.
  17. A, C and D. Outdoor equipment must ultimately be protected from the weather elements by using either hardened APs or enclosure units rated by the National Electrical Manufacturers Association (NEMA). NEMA weatherproof enclosures are available with a wide range of options, including heating, cooling, and PoE interfaces. Parabolic dishes and patch antennas are usually used with APs for outdoor bridge links.
  18. C. Probabilistic traffic formulas use a telecommunications unit of measurement known as an Erlang. An Erlang is equal to 1 hour of telephone traffic in 1 hour of time.
  19. A, B and D. Based on information collected during the site survey, a final design diagram will be presented to the customer. Along with the implementation diagrams will be a detailed bill of materials (BOM) that itemizes every hardware and software component necessary for the final installation of the wireless network. A detailed deployment schedule should be drafted that outlines all timelines, equipment costs, and labor costs.
  20. C and E. Many hotspots are small, and care should be taken to limit the RF coverage area using a single access point at a lower power setting. Security solutions at hotspots are usually limited to a captive portal solution for user authentication against a customer database.

Chapter 16: Site Survey Systems and Devices

  1. A, B, C and E. First a forecast model is created with the predictive software and then the site survey engineer conducts a manual site survey to validate the projections. Modeling forecasts that can be validated include channel reuse patterns, coverage cell boundaries, access point placement, access point power settings, number of access points, and data rates. Testing of throughput and roaming will then validate that the design will support the requirements of the environment.
  2. A and C. Lightning can cause damage to Wi-Fi bridging equipment and the network infrastructure equipment that resides behind the 802.11 bridges. Strong winds can cause instability between long-distance bridge links and a loss of RF line of sight. Potential weather conditions should be noted during the outdoor site survey. Proper protection against lightning, such as lightning arrestors and/or copper-fiber transceivers, must be recommended for deployment. In high-wind areas, consider the use of grid antennas. Dew point, cloud cover, and thunder have no effect on an 802.11 outdoor deployment and therefore need not be considered during a site survey.
  3. C and E. Manual site surveys are usually conducted for coverage analysis using a signal strength measurement tool. Predictive analysis tools can create a model of RF coverage cells.
  4. A, B and E. Any type of RF interference could cause a denial of service to the WLAN. A spectrum analysis survey should be performed to determine if any of the hospital's medical equipment will cause interference in the 2.4 GHz ISM band or the 5 GHz U-NII bands. Dead zones or loss of coverage can also disrupt WLAN communications. Many hospitals use metal mesh safety glass in many areas. The metal mesh will cause scattering and potentially create lost coverage on the opposite side of the glass. Elevator shafts are made of metal and often are dead zones if not properly covered with an RF signal.
  5. E. During an active manual survey, the radio card is associated to the access point and has upper layer connectivity, allowing for low-level frame transmissions while RF measurements are also taken. The main purpose of the active site survey is to look at the percentage of layer 2 retransmissions.
  6. A, C and D. A measuring wheel can be used to measure the distance from the wiring closet to the proposed access point location. A ladder or forklift might be needed when temporarily mounting an access point. Battery packs are used to power the access point. GPS devices are used outdoors and do not properly work indoors. Microwave ovens are sources of interference.
  7. A, B, C and D. Outdoor site surveys are usually wireless bridge surveys; however, outdoor access points and mesh routers can also be deployed. Outdoor site surveys are conducted using either outdoor access points or mesh routers, which are the devices typically used to provide access for client stations in an outdoor environment. These outdoor Wi-Fi surveys will use most of the same tools as an indoor site survey but may also use a global positioning system (GPS) device to record latitude and longitude coordinates.
  8. B and D. Cordless phones that operate in the same space as the 5GHz U-NII bands may cause interference. Radar is also a potential source of interference at 5 GHz. Microwave ovens and 802.11b/g WLANs transmit in the 2.4 GHz ISM band. FM radios use narrowband transmissions in a lower-frequency licensed band.
  9. A and C. During a passive manual survey, the radio card is collecting RF measurements, including received signal strength (dBm), noise level (dBm), and signal-to-noise ratio (dB). The SNR is a measurement of the difference in decibels (dB) between the received signal and the background noise. Received signal strength is an absolute measured in dBm. Antenna manufacturers predetermine gain using either dBi or dBd values.
  10. C. An outdoor bridge network would not require blueprints since the wireless connection is a bridge link and is not inside the building.
  11. A, B, C and D. Outdoor bridging site surveys require many calculations that are not necessary during an indoor survey. Calculations for a link budget, FSPL, Fresnel zone clearance, and fade margin are all necessary for any bridge link.
  12. B, C, D and E. Spectrum analysis for an 802.11b/g/n site survey should scan the 2.4 GHz ISM band. Bluetooth radios, plasma cutters, 2.4 GHz video cameras, and legacy 802.11 FHSS access points are all potential interfering devices.
  13. A, C, D and E. Every indoor wireless site survey should use at least one access point and multiple antennas. A client radio card will be needed for coverage analysis as well as a floor plan to record measurements. A spectrum analyzer is needed that sweeps the 2.4 GHz ISM band and 5 GHz U-NII bands.
  14. D. If the survey was performed manually, the 5 GHz coverage analysis should be done first because of shorter range due to the smaller size 5 GHz wavelength. When performing a site survey for dual-radio access points, perform the initial site survey for the radios that provide the smallest coverage area, in this case the higher-frequency 5 GHz radios. The 2.4 GHz radios that provide the larger coverage area should be able to use the same access point location at a lower power setting to provide a similar coverage area as the 5 GHz radios. It may also be necessary to turn off some of the 2.4 GHz radios.
  15. A and E. The number one source of RF interference in a multitenant environment is other WLANs. The odds are that most neighboring businesses will have deployed 2.4 GHz WLANs, and special consideration should be given to deploying a 5 GHz WLAN. Because RF propagates in all directions, it is necessary to always think three-dimensionally when designing a channel reuse pattern.
  16. A, B and E. Temporary access point mounting gear is a necessity. A digital camera and colored electrical tape may also be used to record the locations of AP placement. Grid antennas are used outdoors for long-distance bridge links. An access point enclosure unit is used for permanent mounting.
  17. B and D. Generically, this is known as a self-organizing wireless LAN, and technically, it is known as radio resource management (RRM). In the example, Jane was installing a controller-based system. This type of technology can also be found in cooperative WLAN products.
  18. A and D. Wherever an access point is placed during a site survey, the power and channel settings should be noted. Security settings and IP address are not necessary.
  19. B. During a passive manual survey, the radio card is collecting RF measurements, including received signal strength (dBm), noise level (dBm), signal-to-noise ratio (dB), and bandwidth data rates. The client adapter, however, is not associated to the access point during a passive survey.
  20. C. Predictive coverage analysis is accomplished using software that creates visual models of RF coverage cells, bypassing the need for actually capturing RF measurements. Projected cell coverage zones are created using modeling algorithms and attenuation values.

Chapter 17: Power over Ethernet (PoE)

  1. D. Even when 802.3af and 802.3at were amendments, PoE was defined in Clause 33. PoE is still defined in Clause 33, as defined in the updated 802.3 standard. When an amendment is incorporated into a revised standard, the clause numbering remains the same.
  2. A. Any device that does not provide a classification signature (which is optional) is automatically considered a Class 0 device, and the PSE will provide 15.4 watts of power to that device.
  3. A and C. The PoE standard defines two types of devices: powered devices (PDs) and power-sourcing equipment (PSE).
  4. D. The power supplied to the PD is at a nominal 48 volts; however, the PD must be capable of accepting up to 57 volts.
  5. A, B and C. The PD must be able to accept power over either the data pairs or the unused pairs if it is a 10BaseT or 100BaseTX device and over the 1-2, 3-6 data pairs, or the 4-5, 7-8 data pairs if it is a 1000BaseT device. The PD must also reply to the PSE with a detection signature. The PD must accept power with either polarity. Replying to the PSE with a classification signature is optional.
  6. D. Providing a classification signature is optional for the PD. If the PD does not provide a classification signature, the device is considered a Class 0 device, and the PSE will allocate the maximum power, or 15.4 watts.
  7. A, B and C. Alternative B devices, either endpoint or midspan, provide power to the unused data pairs when using 10BaseT or 100BaseTX connections. Prior to the 802.3at amendment, 1000BaseT devices were only compatible with endpoint PSE devices that supported Alternative A. With the ratification of 802.3at, 1000BaseT devices could now be powered using either Alternative A or Alternative B. 100BaseFX uses fiberoptic cable and is not compatible with PoE.
  8. D. Class 4 devices are defined in the 802.3at amendment. The maximum power that a class 4 PD requires is between 12.95 and 25.5 watts.
  9. C. At maximum power, each PoE device will be provided with 30 watts of power from the PSE. If all 24 ports have PDs connected to them, then a total of just under 720 watts (30 watts × 24 ports = 720 watts) is needed.
  10. D. The power-sourcing equipment (PSE) provides five potential levels of power: Class 0 = 15.4 watts, Class 1 = 4.0 watts, Class 2 = 7.0 watts, Class 3 = 15.4 watts, and Class 4 = 30.0 watts. Because this device requires 7.5 watts of power, the PSE would be required to provide it with 15.4 watts.
  11. D. The PSE provides power within a range of 44 volts to 57 volts, with a nominal power of 48 volts.
  12. A. The maximum distance of 100 meters is an Ethernet limitation, not a PoE limitation. At 90 meters, this is not an issue. Although not specifically mentioned in the PoE standard, Category 5e cables support 1000BaseT communications and are therefore capable of also providing PoE. The large number of PoE VoIP telephones could be requiring more power than the switch is capable of providing, thus causing the APs to randomly reboot.
  13. B. The switch will provide the Class 0 devices with 15.4 W of power each and the Class 1 devices with 4.0 W of power each. So the 10 VoIP phones will require 40 W of power, the 10 APs will require 154 W of power, and the switch will need 500 W—for a total of 694 W (40 W + 154 W + 500 W).
  14. B. The switch will provide the Class 2 devices with 7.0 W of power each and the Class 3 devices with 15.4 W of power each. So the 10 cameras will require 70 W of power, the 10 APs will require 154 W of power, and the switch will need 1,000 W—for a total of 1,224 W (70 W + 154 W + 1,000 W).
  15. B and D. Implementing PoE does not affect the distances supported by Ethernet, with is 100 meters or 328 feet.
  16. D. An 802.3at powered device (PD) will draw up to 25.5 watts of power.
  17. C. The maximum power used by a Class 0 PD is 12.95 W. The PSE provides 15.4 W to account for a worst-case scenario, in which there may be power loss due to the cables and connectors between the PSE and the PD. The maximum power used by a Class 1 PD is 3.84 W, and the maximum power used by a Class 2 PD is 6.49 W.
  18. E. The different class and range values are as follows:

    Class 0: 0 to 4 mA

    Class 1: 9 to 12 mA

    Class 2: 17 to 20 mA

    Class 3: 26 to 30 mA

    Class 4: 36 to 44 mA

  19. C. Mode A accepts power with either polarity from the power supply on wires 1, 2, 3, and 6. With mode B, the wires used are 4, 5, 7, and 8.
  20. C. Type 2 devices will perform a two-event Physical layer classification or Data-Linklayer classification, which allows a Type 2 PD to identify whether it is connected to a Type 1 or a Type 2 PSE. If mutual identification cannot be completed, then the device can only operate as a Type 1 device.

Chapter 18: 802.11n

  1. B. The majority of enterprise 802.1n access points are either 2×2:2 or 3×3:3. However, most 802.11n mobile devices, such as smartphones and tablets, only have a 1×1:1 MIMO radio because the addition of more radio chains would drain the battery life of the mobile device too quickly. In the described scenario, the highest available data rate for 1×1:1 communications is 65 Mbps. Please refer to Table 18.2.
  2. A, C and D. Spatial multiplexing transmits multiple streams of unique data at the same time. If a MIMO access point sends two unique data streams to a MIMO client who receives both streams, the throughput is effectively doubled. If a MIMO access point sends three unique data streams to a MIMO client who receives all three streams, the throughput is effectively tripled. Because transmit beamforming results in constructive multipath communication, the result is a higher signal-to-noise ratio and greater received amplitude. Transmit beamforming will result in higher throughput because of the higher SNR that allows for the use of more complex modulation methods that can encode more data bits. 40 MHz HT channels effectively double the frequency bandwidth, which results in greater throughput. A-MPDU and Dual-CTS protection are MAC layer mechanisms.
  3. D. Spatial multiplexing power save (SM power save) allows a MIMO 802.11n device to power down all but one of its radios. For example, a 4×4 MIMO device with four radio chains would power down three of the four radios, thus conserving power. SM power save defines two methods of operation: static and dynamic.
  4. E. The guard interval acts as a buffer for the delay spread, and the normal guard interval is an 800-nanosecond buffer between symbol transmissions. The guard interval will compensate for the delay spread and help prevent intersymbol interference. If the guard interval is too short, intersymbol interference will still occur. HT radios also have the capability of using a shorter 400-nanosecond GI.
  5. A, B, C, D and E. HT radios use modulation and coding schemes to define data rates based on numerous factors, including modulation type, the number of spatial streams, channel size, guard interval, equal/unequal modulation, and other factors. Each modulation and coding scheme (MCS) is a variation of these multiple factors. A total of 77 modulation and coding schemes exist for both 20 MHz HT channels and 40 MHz HT channels.
  6. A, B, C and E. The 802.11n amendment introduces two new methods of frame aggregation to help reduce overhead and increase throughput. Frame aggregation is a method of combining multiple frames into a single frame transmission. The two types of frame aggregation are A-MSDU and A-MPDU. Multiple traffic ID block acknowledgment (MTBA) frames are used to acknowledge A-MPDUs. Block ACKs result in less overhead. RIFS is a 2-microsecond interframe space that can be used in an HT Greenfield network during frame bursts. The 2-microsecond interframe space is less overhead than the more commonly used SIFS. Guard intervals are used at the Physical layer.
  7. C. An 802.11n transmitter that uses beamforming will try to adjust the phase of the signals based on feedback from the receiver using sounding frames. The transmitter is considered the beamformer, and the receiver is considered the beamformee. The beamformer and the beamformee work together to educate each other about the characteristics of the MIMO channel.
  8. A. MIMO radios transmit multiple radio signals at the same time and take advantage of multipath. Each individual radio signal is transmitted by a unique radio and antenna of the MIMO system. Each independent signal is known as a spatial stream, and each stream can contain different data than the other streams transmitted by one or more of the other radios. A 3×3:2 MIMO system can transmit two unique data streams. A 3×3:2 MIMO system would use three transmitters and three receivers; however, only two unique data streams are utilized.
  9. A. Multiple MPDUs can be aggregated into one frame. The individual MPDUs within an A-MPDU must all have the same receiver address. However, individual MPDUs must all be of the same 802.11e quality-of-service access category.
  10. A, B and C. Modes 0, 1, and 2 all define protection to be used in various situations where only HT stations are allowed to associate to an HT access point. Mode 3—HT Mixed mode—defines the use of protection when both HT and non-HT radios are associated to an HT access point.
  11. B, C and D. Some of the mandatory baseline requirements of Wi-Fi CERTIFIED n include WPA/WPA2 certification, WMM certification, and support for 40 MHz channels in the 5 GHz U-NII bands. 40 MHz channels in 2.4 GHz are not required. 802.11n access points must support at least two spatial streams in both transmit and receive mode. Client stations must support one spatial stream or better.
  12. C and D. Cyclic shift diversity (CSD) is a method of transmit diversity technique specified in the 802.11n standard. Unlike STBC, a signal from a transmitter that uses CSD can be received by legacy 802.11g and 802.11a devices. Maximum ratio combining (MRC) is a method of receive diversity.
  13. A, B and D. 802.11n (HT) radios are backward compatible with older 802.11b radios (HR-DSSS), 802.11a radios (OFDM), and 802.11g radios (ERP). HT radios are not backward compatible with legacy frequency hopping radios.
  14. B. Transmit beamforming is a method that allows a MIMO transmitter using multiple antennas to adjust the phase of the outgoing transmissions in a coordinated method. If the transmitter (TX) knows about the receiver's location, the phase of the multiple signals sent by a MIMO transmitter can be adjusted. When the multiple signals arrive at the receiver, they are in phase, resulting in constructive multipath instead of the destructive multipath caused by out-of-phase signals. Beamsteering and dynamic beamforming use smart antenna technology to create directional beams.
  15. C and D. The HT Mixed format is considered mandatory, and transmissions can occur in both 20 MHz and 40 MHz channels. Support for the HT Greenfield format is optional, and the HT radios can transmit by using both 20 MHz and 40 MHz channels. Support for the non-HT legacy format is mandatory for 802.11n radios, and transmissions can occur in only 20 MHz channels. PCO is not a PPDU format.
  16. C. Deploying 40 MHz HT channels at 2.4 GHz does not scale properly in multiple channel architecture. Although 14 channels are available at 2.4 GHz, there are only 3 nonoverlapping 20 MHz channels available in the 2.4 GHz ISM band. When the smaller channels are bonded together to form 40 MHz channels in the 2.4 GHz ISM band, any two 40 MHz channels will overlap. Channel reuse patterns are not possible with 40 MHz channels in the 2.4 GHz ISM band.
  17. C. Non-HT duplicate transmissions will be sent using 802.11a data rates in the 5 GHz band or 802.11g data rates in the 2.4 GHz band. Non-HT duplicate transmissions are just sending the same data on two adjacent 20 MHz (52 subcarriers) OFDM channels at the same time. This will cause STAs operating in either the primary or secondary channel to update their NAVs and defer their transmissions. Non-HT duplicate mode improves error rate performance but is not widely implemented by WLAN vendors.
  18. B and C. Other 802.11 technologies are frequency dependent on a single RF band. For example, 802.11b/g radios can transmit in only the 2.4 GHz ISM band. 802.11a are restricted to the 5 GHz U-NII bands. 802.11n radios are not locked to a single frequency band and can transmit on both the 2.4 GHz ISM band and the 5 GHz U-NII bands.
  19. B. 802.11n also uses an 800-nanosecond guard interval; however, a shorter 400-nanosecond guard interval is optional. A shorter guard interval results in a shorter symbol time, which has the effect of increasing data rates by about 10 percent. If the optional shorter 400-nanosecond guard interval is used with an 802.11n radio, throughput should increase. However, if intersymbol interference occurs because of multipath, the result is data corruption. If data corruption occurs, layer 2 retransmissions will increase and the throughput will be adversely affected. Therefore, a 400-nanosecond guard interval should be used in only good RF environments. If throughput goes down because of a shorter GI setting, the default guard interval setting of 800 nanoseconds should be used instead.
  20. A and C. As the distance between a transmitter and receiver increases, the received signal amplitude decreases to levels closer to the noise floor. Maximum ratio combining (MRC) algorithms are used to combine multiple received signals by looking at each unique signal and optimally combining the signals in a method that is additive as opposed to destructive. MIMO systems using both switched diversity and MRC together will effectively raise the SNR level of the received signal. Because transmit beamforming results in constructive multipath communication, the result is a higher signal-to-noise ratio and greater received amplitude. Therefore, transmit beamforming will result in greater range for individual clients communicating with an access point.

Chapter 19: Very High Throughput (VHT) and 802.11ac

  1. C. 802.11ac requires that all frames are transmitted as A-MPDU. MIMO and SU-MIMO are synonymous with each other and supported in both 802.11n and 802.11ac. A-MSDU is optional with both technologies. RIFS is no longer supported and is obsolete.
  2. B. The first phase of 802.11ac supporting three spatials streams introduced transmission speeds up to 1.3 Gbps. 600 Mbps is the maximum transmission speed for the 802.11n amendment. 3.5 Gbps is the expected maximum transmission speed of the second phase of 802.11ac, which is expected to support four spatial streams. 6.933 Gbps is the maximum transmission speed for the 802.11ac amendment.
  3. A, D and E. The 802.11ac amendment supports BPSK, QPSK, 16-QAM, 64-QAM, and 256-QAM. BASK and 32-QAM do not exist.
  4. A, B, C, D and E. All of these are supported channel widths. The 160 MHz channel is actually made up of two 80 MHz channels that can be side by side or separated.
  5. C. When a 160 MHz wide channel is used, an 80 MHz, 40 MHz, and 20 MHz primary channel are defined.
  6. E. With 256-QAM, 256 distinct values can be represented, with each subcarrier is capable of representing 8 bits.
  7. B. 802.11ac defines only 10 MCSs, unlike 802.11n, which defined 77. 802.11n defined MCSs based on modulation, coding method, the number of spatial streams, channel size, and guard interval. 802.11ac defines 10 MCSs based upon modulation and code rate.
  8. D. MCS 0–7 are mandatory. MCS 8 and MCS 9 use 256-QAM, which is optional but will most likely be supported by most vendors.
  9. D. The amendment defines a maximum of eight spatial streams and only allows MU-MIMO communications with a maximum of four devices.
  10. A and B. A-MPDU is mandatory for all frames in 802.11ac. It reduces the per-frame overhead and requires only a single block ACK. Frame information is shifted from the slow PLCP header to the faster MPDU header. RIFS is no longer supported.
  11. B, D and E. The beamformer transmits an NDP announcement frame followed by an NDP frame. The beamformee processes this information and creates and transmits a feedback matrix. The AP uses the feedback matrices to calculate a steering matrix that is used to direct the transmission.
  12. C. Due to technology costs and battery consumption, many smartphones only support a single stream of data.
  13. A, C, D and E. AC_DA is not a QoS category.
  14. B, D and E. The AP will initiate a transmission from whichever access category is next in line. This is known as the primary access category, and all others are known as secondary access categories. The AP can transmit additional frames (one or more) from primary or secondary access categories, providing that the frames are shorter than the primary frame.
  15. A and F. VHT radios use modulation and coding schemes to define data rates based on modulation and code rate. This is different from HT radios that used modulation type, the number of spatial streams, channel size, guard interval, equal/unequal modulation, and other factors.
  16. B, D and E. Wi-Fi CERTIFIED ac access points require 20, 40, and 80 MHz channel widths, MCS 0-7, two spatial streams, and 800 nanosecond long guard interval.
  17. B and E. VHT radios are backward compatible with all previous 5 GHz compliant radios. This include 802.11a (OFDM) radios and 5 GHz 802.11n (HT) radios.
  18. B, D and E. A 20 MHz channel uses 64 subcarriers. A 40 MHz channel uses 128 subcarriers. An 80 MHz channel uses 256 subcarriers. A 160 MHz channel is made of two 80 MHz channels that can be either side by side or separated from each other. The number of subcarriers in a 160 MHz channel is exactly two times the number of 80 MHz subcarriers, 512 subcarriers.
  19. C. The amendment defines a maximum of four spatial streams for a client and eight for an AP.
  20. E. MU-MIMO is the most revolutionary technology. 802.11 APs will now be able to transmit to multiple client stations at the same time. 80 MHz and 160 MHz channels are an expansion of the 40 MHz bonded channel introduced in 802.11n. A-MPDU was introduced with 802.11n and made mandatory in 802.11ac. 5 GHz only is a necessity since the 2.4 GHz band cannot support the wider channels. Explicit beamforming itself was introduced with 802.11n and is a necessity for MU-MIMO to be successful but by itself is an upgrade from the earlier technology.

Chapter 20: Bring Your Own Device (BYOD)

  1. B, C and E. Firewall ports that should be permitted include DHCP server UDP port 67, DNS UDP port 53, HTTP TCP port 80, and HTTPS TCP port 443. This allows the guest user's wireless device to receive an IP address, perform DNS queries, and browse the Web. Many companies require their employees to use a secure VPN connection when they are connected to a SSID other than the company SSID. Therefore, it is recommended that IPsec IKE UDP port 500 and IPsec NAT-T UDP port 4500 also be permitted.
  2. A and E. The guest firewall policy should allow for DHCP and DNS but restrict access to private networks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Guest users are not allowed on these private networks because corporate network servers and resources usually reside on the private IP space. The guest firewall policy should simply route all guest traffic straight to an Internet gateway and away from corporate network infrastructure.
  3. A, D and E. The four main components of an MDM architecture are the mobile device, an AP and/or WLAN controller, an MDM server, and a push notification service. The mobile Wi-Fi device requires access to the corporate WLAN. The AP or WLAN controller quarantines the mobile devices inside a walled garden if the devices have not been enrolled via the MDM server. The MDM server is responsible for enrolling client devices. The push notification services such as Apple Push Notification Service (APNs) and Google Cloud Messaging (GCM) communicate with the mobile devices and the MDM servers for over-the-air management.
  4. A and C. 802.1X/EAP requires that a root CA certificate be installed on the supplicant. Installing the root certificate onto Windows laptops can be easily automated using a group policy object (GPO). An MDM uses over-the-air provisioning to onboard mobile devices and provision root CA certificates onto the mobile devices that are using 802.1X/EAP security.
  5. B. The MDM profiles used by Mac OS and iOS devices are Extensible Markup Language (XML) files.
  6. B, D and E. An MDM server can monitor mobile device information including device name, serial number, capacity, battery life, and applications that are installed on the device. Information that cannot be seen includes SMS messages, personal emails, calendars, and browser history.
  7. D. The operating systems of some mobile devices require MDM agent application software. An MDM agent application can report back to an MDM server unique information about mobile devices that can later be used in MDM restriction and configuration policies.
  8. A, B and E. A captive portal solution effectively turns a web browser into an authentication service. To authenticate, the user must launch a web browser. After the browser is launched and the user attempts to go to a website, no matter what web page the user attempts to browse, the user is redirected to a logon prompt, which is the captive portal logon web page. Captive portals can redirect unauthenticated users to a logon page using an IP redirect, DNS redirection, or redirection by HTTP.
  9. B, C and D. The AP holds the mobile client device inside a walled garden. Within a network deployment, a walled garden is a closed environment that restricts access to web content and network resources while still allowing access to some resources. A walled garden is a closed platform of network services provided for devices and/or users. While inside the walled garden designated by the AP, the only services that the mobile device can access include DHCP, DNS, push notification services, and the MDM server. In order to escape from the walled garden, the mobile device must find the proper exit point, much like a real walled garden. The designated exit point for a mobile device is the MDM enrollment process.
  10. C. Over-the-air provisioning differs between different device operating systems; however, using trusted certificates and SSL encryption is the norm. iOS devices use the Simple Certificate Enrollment Protocol (SCEP), which uses certificates and SSL encryption to protect the MDM profiles. The MDM server then sends a SCEP payload, which instructs the mobile device about how to download a trusted certificate from the MDM's certificate authority (CA) or a third-party CA. Once the certificate is installed on the mobile device, the encrypted MDM profile with the device configuration and restrictions payload is sent to the mobile device securely and installed.
  11. A. An IP tunnel normally using Generic Routing Encapsulation (GRE) can transport guest traffic from the edge of the network back to the isolated DMZ. Depending on the WLAN vendor solution, the tunnel destination in the DMZ can be either a WLAN controller or simply a layer 2 server appliance. The source of the GRE tunnel is the AP.
  12. E. A guest management solution with employee sponsorship capabilities will integrate with an LDAP database such as Active Directory. Guest users can also be required to enter the email address of an employee, who must approve and sponsor the guest prior to allowing the guest access on the network. The sponsor typically receives an email requesting access for the guest, with a link in the email that allows the sponsor to easily accept or reject the request. Once the user has registered or been sponsored, they can log on using their newly created credentials.
  13. C. When employees enroll their personal devices though the corporate MDM solution, typically the employee will still have the ability to remove the MDM profiles because they own the device. If the employee removes the MDM profiles, the device is no longer managed by the corporate MDM solution. However, the next time the employee tries to connect to the company's WLAN with the mobile device, they will have to once again go through the MDM enrollment process.
  14. D. The phrase bring your own device (BYOD) refers to the policy of permitting employees to bring personally owned mobile devices such as smartphones, tablets, and laptops to their workplace. A BYOD policy dictates which corporate resources can or cannot be accessed when employees access the company WLAN with their personal devices.
  15. A. Social login is a method of using existing logon credentials from a social networking service such as Twitter, Facebook, or LinkedIn to register into a third-party website. Social login allows a user to forgo the process of creating new registration credentials for the third-party website. Retail and service businesses like the idea of social login because it allows the business to obtain meaningful marketing information about the guest user from the social networking service. Businesses can then build a database of the type of customers that are using the guest Wi-Fi while shopping.
  16. F. A mobile device can still be managed remotely even if the mobile device is no longer connected to the corporate WLAN. The MDM servers can still manage the devices as long as the devices as connected to the Internet from any location. The communication between the MDM server and the mobile devices requires push notifications from a third-party service. Push notification services will send a message to a mobile device telling the device to contact the MDM server. The MDM server can then take remote actions over a secure connection.
  17. B, D and E. Client isolation is a feature that can often be enabled on WLAN access points or controllers to block wireless clients from communicating with other wireless clients on the same wireless VLAN. Client isolation is highly recommended on guest WLANs to prevent peer-to-peer attacks. Enterprise WLAN vendors also offer the capability to throttle bandwidth of user traffic. Bandwidth throttling, which is also known as rate limiting, can be used to curb traffic at either the SSID level or user level. Rate limiting the guest user traffic to 1024 Kbps is a common practice. A web content filtering solution can block guest users from viewing websites based on content categories. Each category contains websites or web pages that have been assigned based on their prevalent web content.
  18. D. Captive portals are available as standalone software solutions, but most WLAN vendors offer integrated captive portal solutions. The captive portal may exist within a WLAN controller, or it may be deployed at the edge within an access point.
  19. B. The mobile device must first establish an association with an AP. The AP holds the mobile client device inside a walled garden. Within a network deployment, a walled garden is a closed environment that restricts access to web content and network resources while still allowing access to some resources. A walled garden is a closed platform of network services provided for devices and/or users. While the mobile device is inside the walled garden designated by the AP, the only services it can access are DHCP, DNS, push notification services, and the MDM server. After the mobile device completes the MDM enrollment process, the device is released from the walled garden.
  20. A, B and C. A NAC server will use system health information, as reported by a posture agent, to identify if the device is healthy. DHCP fingerprinting is used to help identify the hardware and operating system. RADIUS attributes can be used to identify if the client is connected wirelessly or wired, along with other connection parameters. RADIUS CoA is used to disconnect or change the privileges of a client connection.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.165.144