312-50V13 Question #540: Real Exam Question with Answer & Explanation

Question

You are an ethical hacker contracted to conduct a security audit for a company. During the audit, you discover that the company's wireless network is using WEP encryption. You understand the vulnerabilities associated with WEP and plan to recommend a more secure encryption method. Which of the following would you recommend as a Suitable replacement to enhance the security of the company's wireless network?

Options

• AMAC address filtering
• BWPA2-PSK with AES encryption
• COpen System authentication
• DSSID broadcast disabling

Explanation

WEP Replacement & Wireless Security

WPA2-PSK with AES encryption (Option B) is the correct replacement because it uses the Advanced Encryption Standard (AES), a robust cryptographic algorithm that addresses all of WEP's critical weaknesses, including its static key vulnerability, weak IV (Initialization Vector) implementation, and lack of proper integrity checking - making it the industry-recognized secure standard for wireless networks.

Why the distractors are wrong:

• A (MAC Address Filtering) is a superficial access control measure, not an encryption protocol - MAC addresses can be easily spoofed, providing no real cryptographic protection
• C (Open System Authentication) is actually worse than WEP, as it requires no credentials whatsoever to join the network
• D (SSID Broadcast Disabling) is "security through obscurity" - the network can still be detected using wireless scanning tools, and it does nothing to encrypt transmitted data

💡 Memory Tip: Think of the progression WEP → WPA → WPA2 as a security upgrade ladder. Remember "AES = Always Encrypted Strongly" - whenever you see AES paired with WPA2, it represents the gold standard. Any answer offering access control tricks (MAC filtering, SSID hiding) instead of actual encryption is always a distractor.

No community discussion yet for this question.