SY0-301 · Question #395
The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be
The correct answer is B. WPA2 CCMP. WPA2 using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) based on AES encryption is significantly stronger than WPA using TKIP. Upgrading from WPA TKIP to WPA2 CCMP is the correct path to improve wireless security.
Question
The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?
Options
- AWEP
- BWPA2 CCMP
- CDisable SSID broadcast and increase power levels
- DMAC filtering
How the community answered
(18 responses)- B94% (17)
- C6% (1)
Why each option
WPA2 using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) based on AES encryption is significantly stronger than WPA using TKIP. Upgrading from WPA TKIP to WPA2 CCMP is the correct path to improve wireless security.
WEP (Wired Equivalent Privacy) is an older and cryptographically broken standard that is far less secure than even WPA TKIP, representing a downgrade not an upgrade.
WPA2 with CCMP uses AES (Advanced Encryption Standard), a 128-bit block cipher that is substantially more secure than the RC4-based TKIP used in WPA. CCMP also provides stronger data integrity and authentication, making it the recommended upgrade path for wireless access points requiring improved security.
Disabling SSID broadcast is a minor obscurity measure and increasing power levels has no security benefit; neither improves encryption strength.
MAC filtering provides minimal security because MAC addresses can be easily spoofed and it does not improve encryption at all.
Concept tested: Wireless encryption upgrade from WPA TKIP to WPA2 CCMP
Source: https://www.wi-fi.org/discover-wi-fi/security
Topics
Community Discussion
No community discussion yet for this question.