ERRATA - CWSP 2nd Edition Book. My observations
Last Post: July 3, 2018:
-
ERRATA
'Dictionary Attack' in the Glossary wasn't bold
Chapter 1 - "Understand how to select and use [and] protocol analyzer based on its security features" - substitute with 'an'
Chapter 3 - "Explain and demonstrate the use [or] protocol analysis capture the following sensitive information..." - substitute with 'of'
Chapter 7 - Review Questions.Q2 - "A secure password is [on] that includes multiple character types" - substitute with 'one'
Chapter 8 - pg 226, '(3)Wireless Intrusion Prevention Systems' and '(3)Wireless VLANs' {I don't get,why the number 3 in brackets?}
Chapter 10 - pg 249, Enterprise Security Overview, line 6 "strength [on] many" substitute with 'of' and pg 250, line 3, "[One] again" substitute with 'Once'
Chapter 18 - Hybrid Architecture model , line 15, "effectively utilize [s] resources" close up the gap.
Thats as far as I've gotten.still on chapter 10. pls would appreciate everyone's help. could we post print errors for the book in this topic? -
Chapter 10 - p. 374 -- states that most applications use port 883 for HTTP/SSL communications. The diagrams get it right at port 443.
-
Chapter 12 - p. 503 -- "12. RBAC mechanisms can be used to restrict user access to what resources available [b]though[/b] a WLAN?"
Should be "12. RBAC mechanisms can be used to restrict user access to what resources available [b]through[/b] a WLAN?"
-
OK, this one really got under my skin because it's easily proven wrong, and it's old news.
Companion CD, Bonus Exam #2, Question 16 -- states that only EAP-MD5 and EAP-TLS can be used for wired port access control. Since when??? I was testing PEAP with wired 802.1X 5 years ago.
Additionally, this 2009 publication shows that PEAP can be used for wired 801.2X:
http://technet.microsoft.com/en-us/library/dd378898%28v=ws.10%29.aspx -
Course Guide. Chapter 2, page 11:
The paragraph refers to WEP-40 and WEP-104. I have always heard it referred to as WEP-64 and WEP-128. This is also how the Study Guide refers to the standards on page 39.
No love for the IV :-)
Dan
-
Salihu,
For your future reference there is already a "sticky" CWSP post for this information. Same for CWDP.
Dan,
Its worse than that. Some manufacturers call them 40 bit and 128 bit. Expect any combination !
Personally I'll take either, as long as they are consistent .
-
All, I take it back. There isn't a CWSP sticky post.
Dave1234 and I had talked about creating one at one time though. Too tired I guess.
-
Chapter 4. page 147. Figure 4.27.
Step 5 says "real username." Should say... something else. Step 2 says the suplicant gives the authenticator a "bogus username." It doesn't say if that bogus username is passed on by the authenticator. The text just says the authenticator tells the AS that "a supplicant wants to be validated." Perhaps it depends on the PEAP type. -
The sample packet capture on the CD has a username of "Administrator." Perhaps the capture was made of a WZC supplicant.
-
PC Flash Card 2:
Q: "...what is a byproduct of 802.1X/EAP type with mutual authentication?"
A: "Dynamic encryption key generation."Word "mutual" is extraneous and misleading. It implies that EAP types that don't do mutual authentication don't lead to dynamic key generation.