CWNP CWNA-109 Exam Dumps & Practice Test Questions

Question 1:

You manage a small wireless network with nine autonomous access points, all secured using WPA2-Personal without a RADIUS server. After recently changing the WPA2 passphrase on every AP and client, some users report intermittent connection failures, but only within a specific area of the building. A WLAN scanner shows the AP in that area is online with a strong signal, and no other changes have been made. 

What is the most likely cause of this connectivity problem?

A. The access point covering the affected area is misconfigured
B. The client devices are misconfigured
C. The access point has malfunctioned
D. The clients’ network adapters are faulty

Answer: A

Explanation:

In a small wireless LAN where access points (APs) operate autonomously (i.e., without a centralized controller), each AP requires individual configuration, including SSID and security settings like the WPA2-Personal passphrase. Unlike controller-managed networks, these APs don’t synchronize settings automatically, so any changes must be applied manually on each unit.

In this case, the administrator changed the WPA2-Personal passphrase across all APs and clients. Users are now experiencing connection issues only in one part of the building, while connectivity works fine elsewhere. The WLAN scanner confirms the AP covering that area is active and emitting a strong signal, which rules out hardware failure or signal strength problems.

The most plausible explanation is that the AP in the problematic area was not correctly updated with the new passphrase. This mismatch causes client authentication failures despite the AP being operational and visible. Because clients can connect successfully in other parts of the building, the problem is unlikely to be client-side misconfiguration or hardware issues on the client devices, since those would typically cause connection problems everywhere, not just one zone.

Additionally, the AP hasn’t failed because it’s detected online with a strong signal, so hardware failure is improbable. It’s also unlikely that multiple client network adapters failed simultaneously, given the localized nature of the problem.

Therefore, the scenario strongly points to an AP configuration error—specifically, the AP in the affected area still using the old WPA2 passphrase while clients attempt to authenticate using the updated one. This results in clients being unable to connect in that zone. Hence, the correct answer is that the AP covering the problem area is improperly configured (Option A).

Question 2:

Which authentication method must be used for passphrase-based security when operating 802.11ax access points on the 6 GHz frequency band?

A. VHT PHY
B. CCMP
C. SAE
D. HT PHY

Answer: C

Explanation:

When deploying 802.11ax (Wi-Fi 6) access points in the 6 GHz spectrum with passphrase-based authentication, the mandatory protocol is SAE (Simultaneous Authentication of Equals). SAE is a modern, secure handshake mechanism introduced with WPA3 to replace the older Pre-Shared Key (PSK) authentication used in WPA2.

SAE provides stronger security by protecting against offline dictionary attacks, which makes it especially important in the 6 GHz band—a newly allocated frequency range where higher security standards are enforced. This method enhances the robustness and confidentiality of wireless authentication, ensuring that passphrase exchanges remain resistant to interception or brute force attacks.

The other options do not fit this context:

• VHT PHY (Very High Throughput Physical Layer) relates to 802.11ac (Wi-Fi 5) technology and does not apply specifically to the 6 GHz band or 802.11ax. Wi-Fi 6 in the 6 GHz band uses HE PHY (High Efficiency PHY), optimized for improved efficiency and throughput in this new spectrum.

• CCMP is a data encryption protocol used in WPA2 and WPA3, responsible for encrypting transmitted data. While important for network security, CCMP is not an authentication mechanism and thus not the correct answer for passphrase-based authentication requirements.

• HT PHY (High Throughput PHY) is associated with 802.11n (Wi-Fi 4) and supports the 2.4 GHz and 5 GHz bands. It is outdated and irrelevant for 802.11ax operation in the 6 GHz frequency.

In summary, SAE is the required authentication protocol for passphrase-based connections on 802.11ax APs operating in the 6 GHz band. This protocol enhances security for the newest Wi-Fi standards and frequency allocations, making Option C the correct answer.

Question 3:

Which statement is definitely true about an access point (AP) that is advertised as tri-band, 4x4:4, Wi-Fi 6 (802.11ax)?

A. It supports four channels on the 2.4 GHz band and four channels on the 5 GHz band
B. It contains four radio chains
C. It supports uplink multi-user MIMO (UL-MU-MIMO)
D. It operates using a modified OpenWRT firmware

Answer: B

Explanation:

When analyzing the specifications of a tri-band, 4x4:4 Wi-Fi 6 AP, it’s important to break down each part of this description carefully.

• Tri-band: This means the AP operates on three separate frequency bands. Typically, these bands include 2.4 GHz and two 5 GHz bands or, more recently, 2.4 GHz, 5 GHz, and 6 GHz bands. This classification refers to frequency ranges, not the number of channels per band.

• 4x4:4: This is a critical technical detail. The first "4x4" indicates the number of transmit (TX) and receive (RX) antennas or radio chains the AP possesses — four transmitters and four receivers. The final "4" refers to the number of spatial streams the AP supports simultaneously, which directly correlates with the data throughput capability.

• Wi-Fi 6 (802.11ax): This latest Wi-Fi standard supports advanced features like OFDMA and MU-MIMO, which enhance performance and efficiency. However, these capabilities are not guaranteed simply by the 4x4:4 designation.

Looking at the options:

• Option A incorrectly assumes the number of channels per band, which is not defined by the tri-band specification.

• Option C mentions UL-MU-MIMO, a feature of Wi-Fi 6, but its support depends on the specific AP implementation and is not confirmed by the specs given.

• Option D suggests the use of OpenWRT firmware, which is unrelated to the hardware description provided.

Therefore, the only certainty based on the advertised specs is that the AP has four radio chains, as indicated by "4x4" in the 4x4:4 specification. This means it can transmit and receive across four antenna paths simultaneously, enhancing overall wireless performance and reliability.

Question 4:

When troubleshooting a controller-based access point (AP) that cannot find its controller—given that DHCP is not used, the controller’s IP is 10.10.10.81/24, and the AP is on the 10.10.16.0/24 subnet—what should be checked to confirm proper configuration?

A. TFTP server settings
B. Controller hosts file
C. DNS settings
D. WINS configuration

Answer: B

Explanation:

In a scenario where a controller-based AP fails to locate its wireless LAN controller, especially when DHCP is not utilized, understanding how the AP discovers the controller is crucial.

The controller is located at 10.10.10.81/24, while the AP resides on a different subnet (10.10.16.0/24). Without DHCP to inform the AP of the controller’s IP address, the AP must rely on static configurations or specific name resolution mechanisms.

• Controller hosts file (Option B): This is the most relevant element to check. The hosts file can provide a static mapping of hostnames to IP addresses, enabling the AP to resolve the controller's address. If the AP can’t use DHCP broadcast discovery, a static entry in the hosts file either on the AP itself or in the controller’s configuration is necessary to tell the AP exactly where to find the controller. Misconfigurations or missing entries here often cause discovery failures.

• TFTP (Option A): While TFTP can be used to transfer configuration files during provisioning, it does not assist in the AP discovering the controller’s IP address. Its role is secondary to discovery and comes after initial contact with the controller.

• DNS (Option C): DNS might theoretically be used to resolve the controller’s hostname, but without DHCP or explicit DNS configuration on the AP, this is less likely. DNS resolution depends on the AP having proper DNS server settings, which is not guaranteed in this scenario.

• WINS (Option D): WINS is an older Microsoft-specific name resolution system for NetBIOS names. It is largely irrelevant to modern wireless controller discovery, which relies on IP addressing and possibly DNS, not NetBIOS name resolution.

In summary, ensuring the controller hosts file is correctly configured with the controller’s IP address is essential when DHCP is not used, and the AP and controller are on separate subnets. This static configuration helps the AP locate and communicate with the controller successfully.

Question 5:

You are a consultant managing wireless networks for small businesses. One of your clients, located in a shared office building with multiple tenants, contacts you because their laptops have suddenly started to experience much slower Wi-Fi data speeds. Their WLAN was originally designed to support various devices, including laptops, tablets, and smartphones. 

What is the most likely cause for this sudden slowdown in wireless performance?

A. Some users are using Bluetooth-enabled wireless headsets.
B. A new tenant in the building has configured their access point (AP) to use the same radio frequency (RF) channel as your client.
C. The weather is clearer than usual, and solar radiation is interfering with the signals.
D. The laptop antennas have been physically moved.

Correct Answer: B

Explanation:

When investigating sudden drops in WLAN performance in environments like multi-tenant office buildings, it’s crucial to consider interference sources that can disrupt wireless signals. Let’s examine each option carefully.

Option A points to Bluetooth wireless headsets. Bluetooth devices operate primarily in the 2.4 GHz band, which overlaps with common Wi-Fi frequencies. While Bluetooth can cause some interference, it typically uses frequency hopping spread spectrum (FHSS), which limits its impact. Additionally, unless a large number of Bluetooth devices are transmitting continuously, they generally cause minor, gradual performance degradation rather than sudden, significant slowdowns affecting multiple users.

Option B is highly plausible. In a multi-tenant environment, if a new tenant sets up an AP using the same RF channel as your client’s WLAN, it leads to channel congestion and co-channel interference. Wi-Fi channels, usually 20 MHz wide, can overlap, and when multiple APs operate on the same channel, their transmissions collide and force devices to retransmit data. This results in sharply reduced throughput and slower connection speeds for all users on that channel.

Option C suggests environmental factors like sunlight and cloud cover affect electromagnetic signals. Although solar radiation can cause electromagnetic interference, it rarely impacts indoor WLANs in office buildings. Weather and atmospheric conditions are not typically sudden causes of network degradation in such settings.

Option D proposes that laptop antennas were repositioned. While antenna misalignment can degrade signal strength and quality, this effect is usually gradual and device-specific. It’s unlikely that all laptops experience sudden slowdowns simultaneously due to antenna repositioning.

In conclusion, the most common and realistic cause of a sudden WLAN slowdown in a multi-tenant building is interference from a new tenant’s AP using the same RF channel, as stated in option B. This issue can be mitigated by changing the channel settings or employing a wireless site survey to optimize channel allocation.

Question 6:

You manage a wireless network with a guest access point named GUESTNWORK. Although users can connect to this SSID, they report they cannot access the internet and their devices show “no internet connection.” 

What is the most common issue causing this problem?

A. Network Time Protocol (NTP) issues
B. Problems with SSL/TLS secured websites
C. Trivial File Transfer Protocol (TFTP) issues
D. Captive portal misconfiguration or malfunction

Correct Answer: D

Explanation:

This issue commonly occurs in guest Wi-Fi setups where a captive portal is used for authentication or acceptance of terms before allowing full internet access. Let’s analyze why the captive portal is likely the culprit and why the other options are less relevant.

A captive portal is a web page that guests must interact with before gaining full internet access. When users connect to the guest SSID, their devices are often redirected to this portal to log in, accept terms, or enter credentials. If this portal is misconfigured, offline, or unable to redirect users properly, the devices will connect to the Wi-Fi but won’t be able to access the internet, which matches the symptoms described.

Option A, NTP issues, refer to time synchronization problems. Although incorrect system time can sometimes affect certain security certificates or timed authentications, NTP problems don’t generally prevent internet browsing outright for all users connected to a guest network.

Option B involves SSL/TLS issues. While problems with secure website certificates might block access to specific sites, they wouldn’t prevent all browsing on the guest network. Users would typically still reach non-secure sites or get specific error messages rather than a complete lack of connectivity.

Option C, TFTP issues, relate to simple file transfers commonly used for device configuration or firmware updates. TFTP problems wouldn’t interfere with general web browsing or internet access on a guest WLAN.

Thus, the most plausible cause for users connecting but not browsing is a captive portal problem. This could be due to the portal server being down, improper redirection settings, or firewall rules blocking access. Troubleshooting should start by verifying captive portal functionality, ensuring the portal server is operational, and checking that users are correctly redirected to the authentication page. Fixing these issues will restore normal internet access for guest users.

Question 7:

When a radio frequency (RF) wave travels through space, it naturally spreads out, causing its signal strength at any given remote location to weaken. 

Which principle best explains the rate at which this signal strength diminishes due to the wave’s expansion?

A. Frontwave thinning theory
B. Ohm’s law
C. Return loss or through loss
D. Inverse square law

Answer: D

Explanation:

The reduction in RF signal strength as the wave propagates through space and spreads over a larger area is described by the inverse square law. This law is a cornerstone in physics and telecommunications, explaining how the intensity of a wave decreases with distance from its source.

According to the inverse square law, the power or intensity of the wave is inversely proportional to the square of the distance from the source. In other words, if the distance between the source and the point of measurement doubles, the signal strength drops to one-fourth its original value because the energy disperses over an area that grows with the square of the radius. This spherical spreading of energy means that the farther the wave travels, the weaker it becomes at any specific point.

Mathematically, if P(r) represents the power at a distance r from the source, then:
P(r)∝1r2P(r) \propto \frac{1}{r^2}P(r)∝r21​
This implies that doubling the distance causes a reduction in power by a factor of 4, tripling it reduces power by a factor of 9, and so forth.

Let’s clarify why the other options are incorrect:

• A. Frontwave thinning theory is not a recognized principle in wave propagation or physics, and it doesn’t accurately describe the weakening of RF signals with distance.

• B. Ohm’s law deals with voltage, current, and resistance in electrical circuits but does not relate to wave propagation or signal strength in free space.

• C. Return loss or through loss refer to losses caused by impedance mismatches or signal attenuation in mediums, not the natural spreading loss of an RF wave.

Hence, the inverse square law best explains how an RF wave’s power decreases naturally due to expansion in space.

Question 8:

When a wireless client device (STA) is selecting the best Access Point (AP) to connect to, it must confirm that the AP supports data rates compatible with its own capabilities. 

Which type of frame can the client STA examine to determine the data rates supported by an AP?

A. Probe request frames sent by other client STAs
B. Beacon frames broadcast by the AP
C. Authentication frames exchanged by other client STAs
D. Data frames transmitted between the AP and its connected clients

Answer: B

Explanation:

In Wi-Fi networks, a client device (STA) must ensure that the Access Point (AP) it connects to supports compatible data rates to maintain optimal network performance and stability. The best way for a client STA to identify the supported data rates of an AP is by analyzing the beacon frames the AP regularly broadcasts.

Beacon frames are special management frames sent periodically by the AP to announce its presence and capabilities to all nearby client devices. These frames contain a wealth of information, including supported data rates, network name (SSID), security protocols, and other important parameters. Since the beacon is openly broadcast to all potential clients, it serves as a direct source for a client STA to determine whether the AP can communicate at the client’s supported speeds.

The other options don’t serve this purpose:

• A. Probe request frames are sent by client devices to actively seek out APs, but these frames contain information about the client’s desired capabilities rather than the AP’s supported rates. They are used to prompt APs to respond but do not carry AP capability data.

• C. Authentication frames are used during the connection setup phase to verify client identities and establish a secure association. These frames don’t include details about supported data rates or AP capabilities.

• D. Data frames are used to carry actual user data between a connected client and the AP but do not provide information about the AP’s supported data rates, especially to new or scanning clients.

Thus, by reviewing the beacon frames, a client STA can effectively verify that an AP supports the data rates it requires, making beacon frames the correct choice.

Question 9:

You are managing a WLAN with dual-band 802.11ac access points that support three spatial streams. Each access point has both 2.4 GHz and 5 GHz radios active, using 20 MHz channels on 2.4 GHz and 40 MHz channels on 5 GHz. Each AP is connected via a single 1 Gbps Ethernet link. 

A manager worries that this 1 Gbps link might not be sufficient to carry all the traffic from both radios simultaneously. How would you address his concern?

A. The AP compresses all wireless data before sending it over Ethernet, so the concern is unwarranted.
B. Because of how 802.11 devices dynamically adjust their rates, the combined traffic from both radios typically won't exceed the 1 Gbps Ethernet capacity.
C. His concern is justified, and a second 1 Gbps Ethernet link should be installed immediately.
D. The Ethernet links should be upgraded to 10 Gbps right away to handle the load.

Correct answer: B

Explanation:

The concern here is whether the 1 Gbps Ethernet connection to each dual-band 802.11ac access point can handle the potential traffic from simultaneous use of both radios. On the surface, 802.11ac with three spatial streams and wider channels can offer very high wireless throughput, potentially approaching or exceeding 1 Gbps. However, several practical factors influence actual throughput and how much traffic traverses the Ethernet link.

Option A is inaccurate because 802.11ac access points do not inherently compress all wireless data before forwarding it over Ethernet. While some compression may occur in specific scenarios, it is not standard or sufficient to guarantee reduced bandwidth needs. So, compression cannot be relied upon to solve any bottleneck concerns.

Option B is correct. Wireless communication rates in 802.11 networks fluctuate dynamically based on signal quality, interference, and client capabilities. Devices rarely operate at peak theoretical speeds consistently. Additionally, traffic from multiple clients is aggregated and often unevenly distributed across the radios, reducing the likelihood that combined throughput will saturate the 1 Gbps Ethernet link. Environmental factors, distance, and client behavior generally keep actual throughput below the theoretical maximums. Thus, the 1 Gbps Ethernet link usually suffices for typical enterprise wireless loads.

Option C suggesting an immediate second 1 Gbps link is premature and unnecessary given the dynamic nature of wireless throughput. Unless monitoring reveals consistent saturation, this is an overreaction.

Option D recommending upgrading all links to 10 Gbps is also excessive. While future-proofing can be beneficial, current practical wireless loads rarely require this upgrade, and it is an unnecessary expense without clear demand.

In summary, B accurately reflects the real-world dynamic wireless environment and explains why the 1 Gbps Ethernet link is generally sufficient, addressing the manager’s concern appropriately.

Question 10:

ABC Company plans to deploy a new 802.11ac wireless LAN but wants to upgrade its wired infrastructure first for optimal user experience. During a discussion, you learn that the new Ethernet edge switches will supply Power over Ethernet (PoE) to both VoIP phones and 802.11 access points. 

What is the main immediate concern you should highlight?

A. The switches should support EtherChannel to optimize network performance.
B. VoIP phones and access points should not be powered by the same switch due to signal distortion.
C. Switch locations optimized for VoIP phones might not be ideal for 802.11 APs.
D. The power budget on the switches must be carefully planned and managed to support all PoE devices.

Correct answer: D

Explanation:

When planning a wired infrastructure upgrade to support new 802.11ac wireless access points alongside VoIP phones, understanding the power requirements is critical. Both VoIP phones and 802.11 APs typically rely on Power over Ethernet (PoE) to operate, drawing power directly from the network switches. Ensuring that the switches can supply adequate power to all devices is a top priority.

Option A suggests that EtherChannel (link aggregation) is a concern. While EtherChannel can improve bandwidth and redundancy between switches, it does not directly impact the immediate concern of power delivery to PoE devices. Therefore, it is not the most urgent issue here.

Option B is incorrect because powering both VoIP phones and access points from the same PoE-enabled switch does not cause distortion or interference. These devices operate on different frequencies and signals, and as long as the power supply is sufficient, coexistence on the same switch is standard practice.

Option C highlights that switch placement optimized for VoIP might not suit access points. While physical location affects wireless coverage and device connectivity, this concern is secondary when initially upgrading infrastructure. The primary challenge is ensuring sufficient PoE power availability.

Option D correctly identifies that the power budget of the switches is the key immediate concern. Each switch has a finite PoE power budget—the total wattage it can supply to connected devices. If the number of powered devices exceeds this budget, some devices may not receive adequate power, leading to performance issues or device failures. Given that VoIP phones and access points both require power, proper planning and continuous monitoring of the PoE budget are essential to maintain network reliability and avoid outages.

In conclusion, D is the right answer because the ability of the Ethernet switches to provide enough PoE power for all devices is the critical factor that must be managed before deployment, ensuring both voice and wireless services function correctly.