312-50V12 Question #205: Real Exam Question with Answer & Explanation

Question

As the lead security engineer for a retail corporation, you are assessing the security of the wireless networks in the company's stores. One of your main concerns is the potential for "Wardriving" attacks, where attackers drive around with a Wi-Fi-enabled device to discover vulnerable wireless networks. Given the nature of the retail stores, you need to ensure that any security measures you implement do not interfere with customer experience, such as their ability to access in-store Wi-Fi. Taking into consideration these factors, which of the following would be the most suitable measure to mitigate the risk of Wardriving attacks?

Options

• ALimit the range of the store's wireless signals
• BImplement MAC address filtering
• CDisable SSID broadcasting
• DImplement WPA3 encryption for the store's Wi-Fi network

Explanation

Implementing WPA3 encryption is the most suitable measure to mitigate wardriving risks by significantly strengthening wireless network security against exploitation without hindering customer access.

Common mistakes.

• A. Limiting signal range primarily makes discovery from a distance harder but does not prevent discovery from closer proximity or enhance the security of the network against exploitation once discovered.
• B. MAC address filtering is easily circumvented by MAC spoofing and is impractical for a customer-facing Wi-Fi network that requires frequent connections from various devices.
• C. Disabling SSID broadcasting offers minimal security as the SSID can still be discovered by common tools and makes it more difficult for legitimate customers to connect, degrading user experience.

Concept tested. Wireless Network Security, WPA3 Encryption, Wardriving Mitigation

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/wpa3-security

No community discussion yet for this question.