A security architect wishes to implement a wireless network with connectivity to the company’s internal
network. Before they inform all employees that this network is being put in place, the architect wants to
roll it out to a small test segment. Which of the following allows for greater secrecy about this network
during this initial phase of implementation?

A.
Disabling SSID broadcasting

B.
Implementing WPA2 – TKIP

C.
Implementing WPA2 – CCMP

D.
Filtering test workstations by MAC address

Explanation:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized
personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s adiscoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t
for public use.
Incorrect Answers:
B: WPA2 makes use of CCMP, not TKIP.
C: WPA2 is an encryption scheme, but it will not make discovering the network difficult.
D: This will block devices not included in the MAC address list from accessing the network, but it will not
make discovering the network difficult.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 60, 61