PrepAway - Latest Free Exam Questions & Answers

Which of the following cryptographic products would be used to provide the MOST secure…?

A network administrator has been tasked with securing the WLAN. Which of the following cryptographic
products would be used to provide the MOST secure environment for the WLAN?

PrepAway - Latest Free Exam Questions & Answers

A.
WPA2 CCMP

B.
WPA

C.
WPA with MAC filtering

D.
WPA2 TKIP

Explanation:
CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than
the WEP protocol and TKIP protocol of WPA. CCMP provides the following security services:
Data confidentiality; ensures only authorized parties can access the information
Authentication; provides proof of genuineness of the user
Access control in conjunction with layer management
Because CCMP is a block cipher mode using a 128-bit key, it is secure against attacks to the 264 steps of
operation.
Incorrect Answers:
B: The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the
availability of the full IEEE 802.11i standard. The WPA protocol implements much of the IEEE 802.11i
standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA. WEP used a 40-bit
or 104-bit encryption key that must be manually entered on wireless access points and devices and does
not change. TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for
each packet and thus prevents the types of attacks that compromised WEP.
WPA also includes a message integrity check. This is designed to prevent an attacker from capturing,
altering and/or resending data packets. This replaces the cyclic redundancy check (CRC) that was used by
the WEP standard. CRC’s main flaw was that it did not provide a sufficiently strong data integrity
guarantee for the packets it handled. Well tested message authentication codes existed to solve these
problems, but they required too much computation to be used on old network cards. WPA uses a
message integrity check algorithm called Michael to verify the integrity of the packets. Michael is much
stronger than a CRC, but not as strong as the algorithm used in WPA2.
C: WPA even with the added security of MAC filtering is still inherently less secure than WPA2.
D: CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure
than the TKIP protocol of WPA.

http://en.wikipedia.org/wiki/CCMP
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access


Leave a Reply