A network engineer is setting up a network for a company. There is a BYOD policy for the employees so
that they can connect their laptops and mobile devices.
Which of the following technologies should be employed to separate the administrative network from the
network in which all of the employees’ devices are connected?

A.
VPN

B.
VLAN

C.
WPA2

D.
MAC filtering

Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.
VLANs are used for traffic management. Communications between ports within the same VLAN occur
without hindrance, but communications between VLANs require a routing function.
Incorrect Answers:
A: A virtual private network (VPN) is a communication tunnel between two entities across an
intermediary network. In most cases, the intermediary network is an untrusted network, such as the
Internet, and therefore the communication tunnel is also encrypted.
C: WPA2 is a new encryption scheme known as the Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP), which is based on the Advanced Encryption Standard (AES)
encryption scheme. To date, no real-world attack has compromised the encryption of a properly
configured WPA2 wireless network.
D: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to
block access to all unauthorized devices. Although it’s a useful feature to implement, it can only be used
in environments with a small (fewer than 20 wireless devices), static set of wireless clients.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 11, 23, 60, 61