GAWN Exam Questions

An auditor sees that clients accept any server certificate during PEAP. Which mitigation is BEST?

Which wireless security mechanism provides per-user accountability and centralized control?

Which is MOST likely to indicate a misconfigured "Enterprise" WLAN that is vulnerable to credential interception?

Which regulatory concept can force certain 5 GHz channels to be unavailable at times?

Which audit control BEST limits "over-the-air leakage" outside a building without changing encryption?

Which method is commonly used to audit the security of a hotspot?

During an advanced fuzzing attack, what is the primary objective when targeting an 802.11 network?

What are the recommended practices for securing WPA3-enabled networks? (Choose Three)

In practical SDR applications, what is crucial for maintaining operational security while conducting wireless analyses?

A beacon advertises RSN AKM suites: 00-0f-ac:2 and 00-0f-ac:8. What is the MOST accurate description?

A client sends a Probe Request with SSID = "<broadcast>" (wildcard). What does that imply?

An auditor sees repeated Deauthentication frames with Reason Code 7 in the air. Which is the BEST interpretation?

Which artifact is REQUIRED to attempt a PMKID-based offline attack against WPA2-Personal?

A WPA2-Enterprise SSID uses PEAP with MSCHAPv2 and "Do not validate server certificate" is common on endpoints. What is the highest-impact risk?

A beacon shows RSN pairwise cipher suites: CCMP and TKIP. What is the auditor's MOST defensible finding?

PMF (802.11w) is set to "capable" but not "required". Which statement is TRUE?

Which frame type/subtype is MOST useful to identify the supported rates and channel of an AP without associating?

An AP operates on 5 GHz DFS channels. During assessment, the AP vacates the channel unexpectedly. What is the MOST likely trigger?

You capture an Association Request showing RSN Capabilities "MFPR=0, MFPC=1". What does that mean?

Which wireless control BEST mitigates "evil twin" in WPA2-Enterprise when properly implemented?

An auditor sees an SSID advertising OWE. What is the MOST accurate statement?

Which of the following are vulnerabilities specific to WPA2 that are addressed in WPA3? (Choose Two)

In NFC transactions, what security mechanism is often employed to protect data integrity and confidentiality?

What is the typical attack vector used to compromise high-frequency RFID systems?

How can wireless client segmentation reduce security risks?

Which EAP method provides mutual authentication using client and server certificates?

A client repeatedly fails to connect; AP logs show "TKIP countermeasures invoked". What is the expected AP behavior?

Which 2.4 GHz channel plan is MOST defensible for minimizing adjacent-channel interference in North America?

You must discover hidden SSIDs with minimal active interaction. Which observed traffic will MOST reliably reveal the SSID?

Which statement about WPA2-PSK offline cracking is TRUE?

A network uses 802.11r Fast Transition. Which artifact may reduce time needed for roaming?

Which is the MOST accurate risk statement for "SSID hiding" as a security control?

A wireless adapter must capture all management frames on a channel for assessment. Which mode is required?

Which scenarios are indicative of a rogue network setup? (Choose Two)

What is a common vulnerability in Bluetooth technology that allows unauthorized access through brute force attacks?