CompTIA Security Plus Mock Test Q151

A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption. Which of the following should be implemented?

A. WPA2-CCMP with 802.1X
D. WPA2-Enterprise

Correct Answer: D
Section: Network Security

D: WPA-Enterprise is also referred to as WPA-802.1X mode, and sometimes just WPA (as opposed to WPA-PSK), this is designed for enterprise networks and requires a RADIUS authentication server. This requires a more complicated setup, but provides additional security (e.g. protection against dictionary attacks on short passwords). Various kinds of the Extensible Authentication Protocol (EAP) are used for authentication. RADIUS can be managed centrally, and the servers that allow access to a network can verify with a RADIUS server whether an incoming caller is authorized. Thus the RADIUS server can perform all authentications. This will require users to use their passwords on their user accounts.

Incorrect Answers:
A & C: CCMP is a block cipher that makes use of a 128 bit key. CCMP provides the following security services: Data confidentiality; ensures only authorized parties can access the
information; Authentication; provides proof of genuineness of the user; Access control in conjunction with layer management. However, WPA2 includes support for CCMP.
B: EAP-PSK is documented in an experimental RFC that provides a lightweight and extensible EAP method that does not require any public-key cryptography.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 145, 172, 182