nerdexam
CompTIA

SY0-301 · Question #395

The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be

The correct answer is B. WPA2 CCMP. WPA2 using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) based on AES encryption is significantly stronger than WPA using TKIP. Upgrading from WPA TKIP to WPA2 CCMP is the correct path to improve wireless security.

Security architecture

Question

The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?

Options

  • AWEP
  • BWPA2 CCMP
  • CDisable SSID broadcast and increase power levels
  • DMAC filtering

How the community answered

(18 responses)
  • B
    94% (17)
  • C
    6% (1)

Why each option

WPA2 using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) based on AES encryption is significantly stronger than WPA using TKIP. Upgrading from WPA TKIP to WPA2 CCMP is the correct path to improve wireless security.

AWEP

WEP (Wired Equivalent Privacy) is an older and cryptographically broken standard that is far less secure than even WPA TKIP, representing a downgrade not an upgrade.

BWPA2 CCMPCorrect

WPA2 with CCMP uses AES (Advanced Encryption Standard), a 128-bit block cipher that is substantially more secure than the RC4-based TKIP used in WPA. CCMP also provides stronger data integrity and authentication, making it the recommended upgrade path for wireless access points requiring improved security.

CDisable SSID broadcast and increase power levels

Disabling SSID broadcast is a minor obscurity measure and increasing power levels has no security benefit; neither improves encryption strength.

DMAC filtering

MAC filtering provides minimal security because MAC addresses can be easily spoofed and it does not improve encryption at all.

Concept tested: Wireless encryption upgrade from WPA TKIP to WPA2 CCMP

Source: https://www.wi-fi.org/discover-wi-fi/security

Topics

#WPA2#CCMP#wireless encryption#TKIP upgrade

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice