CompTIA Security Plus Mock Test Q623

Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?

A. Disable SSID broadcast
B. Install a RADIUS server
C. Enable MAC filtering
D. Lowering power levels on the AP

Correct Answer: C
Section: Threats and Vulnerabilities

MAC filtering is commonly used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network.
MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network.

Incorrect Answers:
A: Disabling SSID broadcasting for the wireless network would make the network invisible to users’ computers. The user would need to know the name (SSID) of the network and enter it manually in order to connect to the network. However, it does not prevent access to the network by anyone that knows the SSID of the wireless network.
B: A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access. It is used by wireless networks that require WPA-Enterprise security. It can restrict which users can log on to the wireless network. However, it does not restrict which devices can connect to the wireless network.
D: Lowering the power levels on the access point would reduce the range of the wireless network. However, it does not restrict which devices (within range) can connect to the wireless network.