nerdexam
(ISC)2

CISSP · Question #117

When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints.

The correct answer is C. Wi-Fi Protected Access 2 (WPA2) Enterprise. WPA2 Enterprise uses IEEE 802.1X with a RADIUS server to provide individual authentication and authorization for each client endpoint, unlike PSK-based methods that use a shared password for all users.

Submitted by stefanr· Mar 5, 2026Communication and Network Security

Question

When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints.

Options

  • ATemporal Key Integrity Protocol (TKIP)
  • BWi-Fi Protected Access (WPA) Pre-Shared Key (PSK)
  • CWi-Fi Protected Access 2 (WPA2) Enterprise
  • DCounter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

How the community answered

(41 responses)
  • A
    5% (2)
  • B
    10% (4)
  • C
    83% (34)
  • D
    2% (1)

Why each option

WPA2 Enterprise uses IEEE 802.1X with a RADIUS server to provide individual authentication and authorization for each client endpoint, unlike PSK-based methods that use a shared password for all users.

ATemporal Key Integrity Protocol (TKIP)

TKIP is a legacy encryption protocol used in WPA to address WEP weaknesses; it handles data encryption integrity, not client authentication or authorization.

BWi-Fi Protected Access (WPA) Pre-Shared Key (PSK)

WPA PSK uses a single shared passphrase distributed to all users, meaning there is no individual client authentication - all devices with the correct key are granted access equally.

CWi-Fi Protected Access 2 (WPA2) EnterpriseCorrect

WPA2 Enterprise implements IEEE 802.1X/EAP (Extensible Authentication Protocol) authentication, which requires each client to present individual credentials (certificates, usernames/passwords, etc.) validated by a RADIUS authentication server. This enables per-user authentication, authorization policies, and centralized access control, making it suitable for enterprise environments where individual accountability is required.

DCounter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

CCMP is an encryption protocol based on AES used in WPA2 for data confidentiality and integrity; it is a cipher mechanism, not an authentication or authorization framework.

Concept tested: WPA2 Enterprise 802.1X individual client authentication

Source: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/wifi/wpa2-enterprise-authentication

Topics

#wireless security#WPA2 Enterprise#802.1X#network authentication

Community Discussion

No community discussion yet for this question.

Full CISSP Practice