5 Tips to Have Your Certified Wireless Security Professional (CWSP) Exam on Lock

Much like the CWAP, many consider the CWSP a major roadblock to getting their CWNE. Personally, I found this test easier, but that does NOT make it easy.

If you haven't already, check out my post for the CWAP exam because a lot of the same advice applies here:

• Reviewing the Exam Objectives

• Taking the practice tests

• Reviewing notes ASAP if you fail

That aside, the advice I'm giving here is absolutely none of those things. Hopefully if you follow these steps, you'll have this exam out the way in no time. Keep these exam objectives handy as I will reference them throughout.

1. Don't take the CWSP until you see CompTIA Security+

I know what you're thinking: "She really said go take another test and come back". Truth is, this test has a lot of unspoken pre-requisite material. For example, you must understand these topics before even uttering the word Wi-Fi:

• The difference between encryption and hashing

• The difference between asymmetric and symmetric encryption

• Public Key Infrastructure (PKI)

• EAP and 802.1x

There's no need to sit for the exam and spend the money. Instead, look at the best free resource for CompTIA certs: Professor Messer's video course. I don't know what I would have done without this man's website during college and so much of it is relevant to CWSP too.

2. Read the standards

It's hard to cover all the nitty, gritty details for the protocols in a textbook. Whenever possible, get used to reading IETF, IEEE, and Wi-Fi Alliance documents. For the exam, it's overkill, but future you will be happy you read them. If you ever thought "Gee how does that protocol really work?", this is for you.

Fortunately, most documents are free to the public. These are the documents per standards group that I recommend: Wi-Fi Alliance

WPA3 Specification IEEE

802.1X document

802.11i document

802.11r document

802.11u document IETF

RFC 2865 - RADIUS

RFC 5246 - TLS v1.2

RFC 8446 - TLS v1.3 RFC 5216 - EAP-TLS

RFC 5281 - EAP-TTLS All but the IEEE document should be accessible. If you have a school, employer, or library that offers IEEE XPlore access, you can get them that way for free.

3. Become familiar with security's business side

At least 20% of the test of the test is security business related: 1.0 Security Policy, 2.0 Security Lifecycle Management, and some in the 3.0 Vulnerabilities, Threats, and Attacks section) These include understanding regulatory policies (PCI-DSS, HIPAA, GDPR etc.), risk management, and developing security policies. Most topics here are fairly intuitive, but do not underestimate their importance.

Some other "paperwork" security matters include researching CVEs, conducting audits, and reporting breaches. If you want to go the extra mile, read Jennifer (JJ) Minella's book Wireless Security Architecture and her free eBook here.

4. Ensure you can explain key frame exchanges

I was trying to not repeat advice from CWAP here, but "go look at pcaps" is rarely bad advice. However, the difference here for CWSP is you need to look at security frame exchanges, not just any 802.11 frames. These are the exchanges you should know before sitting for the exam.

Difference between SAE and legacy authentication frames

Here my client using SAE exchanges four authentication frames with the AP instead of two. First they trade a pair of Commit SAE messages, then a pair of Confirm SAE messages. If this was good ol' WPA2-Personal, you'd only see two authentication frames.

EAP and RADIUS Sides of WPA2/3-Enterprise

The exact frames vary based on the EAP type chosen (EAP-TLS, EAP-TTLS, PEAP etc.). Generally, EAP frames are exchanged between the supplicant (client) and authenticator (AP) whereas RADIUS frames are exchanged between the authenticator (AP) and the authentication server (A RADIUS server, for example).

4-way Handshake

You must know which direction each message goes in the handshake. It's easiest to remember that the AP starts the transaction. Also remember that message 2 is when you'll find out your client has incorrect credentials potentially. For example, if I enter the wrong passphrase on the client, the message integrity check during message 2 will fail. Want more in depth 4-way handshake information? Read my post here!

5. Get out there, don't break stuff

It's hard to explain what bad configurations or certain attacks look like other than having them pointed out to you. Before moving on, I must convey:

Do NOT go out and start hacking places.

Do NOT go out and start hacking places.

Do NOT go out and start hacking places.

Ok, got it? With that out the way, what I mean is looking at packet captures at home or reading about how hackers carry out Wi-Fi attacks. Even loading up Kali Linux and exploring your network at home without disturbing others is helpful. To go about it the safe way, consider taking a wireless security class in an lab environment. The CWSP will want you to know things like deauthentication frames sent to a broadcast MAC address are likely indicative of an attack or that WPA2-PSK is vulnerable to KRACK and other attacks. That's all I had. In conclusion, the CWSP is challenging because the world of security is much broader than the exam. Hopefully these pointers help those of you taking the exam.