CompTIA Security Plus Mock Test Q1026

Which of the following provides the strongest authentication security on a wireless network?

A. MAC filter
D. Disable SSID broadcast

Correct Answer: B
Section: Cryptography

The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) authentication protocols were designed to address the core, easy-to-crack problems of WEP.

Incorrect Answers:
A: MAC filtering would increase the security, but an authentication protocol such as WPA2 would still be required.
Note: When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with users’ computers and enters those addresses. When a client attempts to
connect and other values have been correctly entered, an additional check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is
forbidden from doing so.
C: WEP is weak compared to WPA2. WEP has many vulnerabilities.
D: Disabling SSID broadcasting is not the best solution.
One method of protecting the network that is often recommended is to disable, or turn off, the SSID broadcast (also known as cloaking). The access point is still there, and it is still
accessible by those who have been told of its existence by the administrator, but it prevents those who are just scanning from finding it. This is considered a very weak form of security,
because there are still other ways, albeit a bit more complicated, to discover the presence of the access point besides the SSID broadcast.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 171, 178, 183, 258