CompTIA Security Plus Mock Test Q1044

Due to hardware limitation, a technician must implement a wireless encryption algorithm that uses the RC4 protocol. Which of the following is a wireless encryption solution that the technician should implement while ensuring the STRONGEST level of security?

A. WPA2-AES
B. 802.11ac
C. WPA-TKIP
D. WEP

Correct Answer: C
Section: Cryptography

Explanation:
WPA-TKIP uses the RC4 cipher.
TKIP and the related WPA standard implement three new security features to address security problems encountered in WEP protected networks. First, TKIP implements a key mixing
function that combines the secret root key with the initialization vector before passing it to the RC4 initialization. WEP, in comparison, merely concatenated the initialization vector to
the root key, and passed this value to the RC4 routine. This permitted the vast majority of the RC4 based WEP related key attacks. Second, WPA implements a sequence counter to
protect against replay attacks. Packets received out of order will be rejected by the access point. Finally, TKIP implements a 64-bit Message Integrity Check (MIC)
To be able to run on legacy WEP hardware with minor upgrades, TKIP uses RC4 as its cipher. TKIP also provides a rekeying mechanism. TKIP ensures that every data packet is sent
with a unique encryption key.

Incorrect Answers:
A: WPA2-AES does not use the RC4 protocol.
B: 802.11ac does not use the RC4 protocol.
D: WEP uses the RC4 protocol but is weaker in terms of security than WPA. WPA was created to replace WEP.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 171, 172-173, 258
http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol
http://www.diffen.com/difference/WPA_vs_WPA2