350-401 · Question #751
350-401 Question #751: Real Exam Question with Answer & Explanation
The correct answer is C: WPA3 Personal. WPA3 Personal – Explanation WPA3 Personal satisfies both requirements: it allows users to enter a human-readable passphrase (like WPA2 Personal), but critically adds Simultaneous Authentication of Equals (SAE), which replaces the older Pre-Shared Key (PSK) handshake and provides
Question
An engineer must configure a new WLAN that allows a user to enter a passphrase and provides forward secrecy as a security measure. Which Layer 2 WLAN configuration is required on the Cisco WLC?
Options
- AWPA2 Personal
- BWPA3 Enterprise
- CWPA3 Personal
- DWPA2 Enterprise
Explanation
WPA3 Personal – Explanation
WPA3 Personal satisfies both requirements: it allows users to enter a human-readable passphrase (like WPA2 Personal), but critically adds Simultaneous Authentication of Equals (SAE), which replaces the older Pre-Shared Key (PSK) handshake and provides forward secrecy - meaning that even if a passphrase is compromised later, previously captured traffic cannot be decrypted.
- WPA2 Personal (A) uses PSK authentication and supports passphrases, but lacks forward secrecy, making it vulnerable to offline dictionary attacks and session decryption.
- WPA2 Enterprise (D) and WPA3 Enterprise (B) both use 802.1X/EAP authentication with a RADIUS server - they do not use a simple passphrase, so they fail the "passphrase" requirement. WPA3 Enterprise does offer forward secrecy, but it's the wrong authentication method.
💡 Memory Tip: Think "3 = Forward, Personal = Passphrase" - WPA3 gives you forward secrecy, and Personal means a passphrase. If you need both together, WPA3 Personal is your only match. Enterprise always means RADIUS, never a simple passphrase.
Topics
Community Discussion
No community discussion yet for this question.