A security administrator must implement a wireless security system, which will require users to enter a 30
character ASCII password on their accounts. Additionally the system must support 3DS wireless
encryption.
Which of the following should be implemented?
A.
WPA2-CCMP with 802.1X
B.
WPA2-PSK
C.
WPA2-CCMP
D.
WPA2-Enterprise
Explanation:
D: WPA-Enterprise is also referred to as WPA-802.1X mode, and sometimes just WPA (as opposed to
WPA-PSK), this is designed for enterprise networks and requires a RADIUS authentication server. This
requires a more complicated setup, but provides additional security (e.g. protection against dictionary
attacks on short passwords). Various kinds of the Extensible Authentication Protocol (EAP) are used for
authentication. RADIUS can be managed centrally, and the servers that allow access to a network can
verify with a RADIUS server whether an incoming caller is authorized. Thus the RADIUS server can
perform all authentications. This will require users to use their passwords on their user accounts.
Incorrect Answers:
A & C: CCMP is a block cipher that makes use of a 128 bit key. CCMP provides the following security
services: Data confidentiality; ensures only authorized parties can access the information; Authentication;
provides proof of genuineness of the user; Access control in conjunction with layer management.
However, WPA2 includes support for CCMP.
B: EAP-PSK is documented in an experimental RFC that provides a lightweight and extensible EAP method
that does not require any public-key cryptography.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 145, 172, 182