A security administrator has been tasked with setting up a new internal wireless network that must use
end to end TLS. Which of the following may be used to meet this objective?

A.
WPA

B.
HTTPS

C.
WEP

D.
WPA 2

Explanation:
Wi-Fi Protected Access 2 (WPA2) was intended to provide security that’s equivalent to that on a wired
network, and it implements elements of the 802.11i standard. In April 2010, the Wi-Fi Alliance announced
the inclusion of additional Extensible Authentication Protocol (EAP) types to its certification programs for
WPA- and WPA2- Enterprise certification programs. EAP-TLS is included in this certification program.
Note: Although WPA mandates the use of TKIP, WPA2 requires Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol (CCMP). CCMP uses 128-bit AES encryption with a 48-bit
initialization vector. With the larger initialization vector, it increases the difficulty in cracking and
minimizes the risk of a replay attack.Incorrect Answers:
A: The difference between WPA and WPA2 is that the former implements most, but not all, of 802.11i in
order to be able to communicate with older wireless devices that might still need an update through their
firmware in order to be compliant.
B: HTTPS is not a protocol for wireless communication. HTTPS is a communications protocol for secure
communication over a computer network, with especially wide deployment on the Internet.
C: In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA).
WEP does include support for TLS.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 75, 171, 172-173, 274