After nearly 15 months of putting it off, today I finally took and passed the CWSP exam. I got an 83%, which is coincidentally what I received on the CWNA exam as well.
The current CWSP exam is due to be retired on 12/31/05, so it's not really useful to review it now. However, I will make the following suggestions that should be useful for taking the next revision of the CWSP exam:
Use the CWSP Study Guide as your primary study material. Pay close attention to the "best practices" opinions that are given in the text. The CWSP exam may be vendor-neutral, but the information it contains is definitely "wireless security as the CWNP thinks wireless security should be."
The CWSP on-line practice exams at cwnp.com were invaluable. Their questions are much more difficult than the actual exam, and they really show you the areas in which your wireless security knowledge is deficient.
Know SOHO and enterprise wireless security solutions inside and out. This includes 802.1X/EAP, VLAN protocols, and all types of network segmentation devices (EEG, EWG, VLAN, firewalls, and switches).
Understand all authentication protocols and their benefits and deficits. This includes password protocols (PAP, MS-CHAPv2, PAC), 802.1X/EAP (all possible flavors), and RADIUS. Throw in a basic understanding of Kerberos and LDAP as well.
Know all of the types of attacks that can be performed against a wireless LAN, its devices, and its clients. Know what types of attacks
are and
are not mitigated by which technologies.
Finally, I would like to thank our dear Webmaster, Johan, for providing me an early Christmas present that encouraged me to spend a weekend cracking the books and taking the exam.