312-50V12 Question #216: Real Exam Question with Answer & Explanation

Question

As the Chief Information Security Officer (CISO) at a large university, you are responsible for the security of a campus-wide Wi-Fi network that serves thousands of students, faculty, and staff. Recently, there has been a rise in reports of unauthorized network access, and you suspect that some users are sharing their login credentials. You are considering deploying an additional layer of security that could effectively mitigate this issue. What would be the most suitable measure to implement in this context?

Options

• AImplement network segmentation
• BDeploy a VPN for the entire campus
• CEnforce a policy of regularly changing Wi-Fi passwords
• DImplement 802.1X authentication

Explanation

This question tests knowledge of network access control mechanisms that prevent credential sharing on enterprise Wi-Fi networks. 802.1X provides per-user authentication tied to unique identities, making credential sharing both detectable and mitigatable.

Common mistakes.

• A. Network segmentation divides the network into zones to limit lateral movement, but it does not authenticate individual users or prevent multiple people from using the same shared credentials to gain access.
• B. Deploying a campus-wide VPN encrypts traffic and can add an authentication layer, but it does not inherently prevent credential sharing and introduces significant infrastructure complexity without solving the root identity verification problem.
• C. Regularly changing Wi-Fi passwords (PSK rotation) only temporarily inconveniences unauthorized users; as long as one legitimate user shares the new password, unauthorized access resumes immediately, making this measure ineffective against deliberate credential sharing.

Concept tested. 802.1X port-based network access control authentication

Reference. https://learn.microsoft.com/en-us/windows-server/networking/technologies/nap/nap-overview

No community discussion yet for this question.