nerdexam
(ISC)2

CISSP · Question #255

Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

The correct answer is A. Length of Initialization Vector (IV). According to the CISSP All-in-One Exam Guide2, a weakness of Wired Equivalent Privacy (WEP) is the length of the Initialization Vector (IV). WEP is a security protocol that was designed to provide confidentiality and integrity for wireless networks, by using the RC4 stream cipher

Submitted by hans_de· Mar 5, 2026Communication and Network Security

Question

Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

Options

  • ALength of Initialization Vector (IV)
  • BProtection against message replay
  • CDetection of message tampering
  • DBuilt-in provision to rotate keys

How the community answered

(26 responses)
  • A
    96% (25)
  • B
    4% (1)

Explanation

According to the CISSP All-in-One Exam Guide2, a weakness of Wired Equivalent Privacy (WEP) is the length of the Initialization Vector (IV). WEP is a security protocol that was designed to provide confidentiality and integrity for wireless networks, by using the RC4 stream cipher to encrypt the data and the CRC-32 checksum to verify the data. However, WEP has several flaws that make it vulnerable to various attacks, such as the IV attack, the key recovery attack, the bit- flipping attack, and the replay attack. One of the flaws of WEP is the length of the IV, which is only 24 bits long. This means that the IV space is very small, and the IVs are likely to repeat after a short period of time, especially in a busy network. This allows an attacker to capture enough IVs and ciphertexts to perform a statistical analysis and recover the encryption key. WEP does not provide protection against message replay, detection of message tampering, or built-in provision to rotate keys, but these are not weaknesses of WEP, but rather limitations or features that WEP

Topics

#WEP#wireless security#initialization vector (IV)#cryptographic weaknesses

Community Discussion

No community discussion yet for this question.

Full CISSP Practice