SY0-501 · Question #175
SY0-501 Question #175: Real Exam Question with Answer & Explanation
The correct answer is D: Disable responses to a broadcast probe request. Disabling SSID broadcast alone is insufficient because access points still respond to broadcast probe requests, revealing the network's presence. To further obscure the network, the AP must also be configured to ignore broadcast probe requests.
Question
The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administor has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled. Which of the following would further obscure the presence of the wireless network?
Options
- AUpgrade the encryption to WPA or WPA2
- BCreate a non-zero length SSID for the wireless router
- CReroute wireless users to a honeypot
- DDisable responses to a broadcast probe request
Explanation
Disabling SSID broadcast alone is insufficient because access points still respond to broadcast probe requests, revealing the network's presence. To further obscure the network, the AP must also be configured to ignore broadcast probe requests.
Common mistakes.
- A. Upgrading encryption to WPA or WPA2 improves data confidentiality and authentication security but does nothing to hide the presence of the wireless network from passive scanning or probe request responses.
- B. Creating a non-zero length SSID actually makes the network more visible, not less, as it ensures the SSID name is broadcast in beacon frames rather than being suppressed.
- C. Rerouting users to a honeypot is a deception/detection technique used after unauthorized access is suspected, and does not obscure the presence of the wireless network from initial discovery.
Concept tested. Wireless network obscurity via probe request suppression
Community Discussion
No community discussion yet for this question.