CompTIA Security Plus Mock Test Q167

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).

A. Disable the wired ports
B. Use channels 1, 4 and 7 only
C. Enable MAC filtering
D. Disable SSID broadcast
E. Switch from 802.11a to 802.11b

Correct Answer: C,D
Section: Network Security

Explanation
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

Incorrect Answers:
A: Disabling the wired ports will not prevent outsiders from connecting to the AP and gaining unauthorized access.
B: Selecting the correct channels will prevent interference, not unauthorized access.
E: Doing this will decrease the bandwidth and increase the risk of interference.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 61
https://technet.microsoft.com/en-us/library/cc783011(v=ws.10).aspx