CompTIA Security Plus Mock Test Q163

A security architect wishes to implement a wireless network with connectivity to the company’s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?

A. Disabling SSID broadcasting
B. Implementing WPA2 – TKIP
C. Implementing WPA2 – CCMP
D. Filtering test workstations by MAC address

Correct Answer: A
Section: Network Security

Explanation:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.

Incorrect Answers:
B: WPA2 makes use of CCMP, not TKIP.
C: WPA2 is an encryption scheme, but it will not make discovering the network difficult.
D: This will block devices not included in the MAC address list from accessing the network, but it will not make discovering the network difficult.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 60, 61