Comptia Security Plus Mock Test Q68

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected?

A.
VPN
B. VLAN
C. WPA2
D. MAC filtering

Correct Answer: B
Section: Network Security

Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Incorrect Answers:
A: A virtual private network (VPN) is a communication tunnel between two entities across an intermediary network. In most cases, the intermediary network is an untrusted network,
such as the Internet, and therefore the communication tunnel is also encrypted.

C: WPA2 is a new encryption scheme known as the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the Advanced
Encryption Standard (AES) encryption scheme. To date, no real-world attack has compromised the encryption of a properly configured WPA2 wireless network.

D: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. Although it’s a useful feature to
implement, it can only be used in environments with a small (fewer than 20 wireless devices), static set of wireless clients.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 11, 23, 60, 61