Weekly CISSP Practice

Exam Questions

Week 47 - Question 1

Question: Which wireless security protocol should you recommend for a secure home network?

A. WEP
B. WPA2
C. Open Wi-Fi
D. WPA

Correct Answer: B. WPA2

Understanding Wireless Security Evolution

Wireless security is a game of cat-and-mouse between protocol developers and attackers. For the CISSP exam, you must understand not only which protocol is "best" but also the specific encryption algorithms that make them so.

1. WPA2 (Wi-Fi Protected Access 2)

WPA2 is currently the industry baseline for secure wireless communication. It was the first protocol to mandate the use of the 802.11i standard.

The Mechanism: WPA2 utilizes AES (Advanced Encryption Standard) for encryption and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for integrity.
Why it wins: Unlike its predecessors, the AES/CCMP combination is highly resistant to brute-force and statistical attacks. For the purpose of this question, it is the most robust choice provided.
CISSP Note: In the real world, WPA3 is the newest standard, but on the exam, WPA2-Enterprise (which uses 802.1X/EAP) is often the "Gold Standard" for organizations.

2. WPA (Wi-Fi Protected Access)

WPA was designed as a "stopgap" measure to fix the glaring holes in WEP via a simple firmware update.

The Weakness: It introduced TKIP (Temporal Key Integrity Protocol). While TKIP improved key security by changing keys per packet, it still relied on the fundamentally weak RC4 cipher. It is now considered deprecated and vulnerable.

3. WEP (Wired Equivalent Privacy)

WEP is the "cautionary tale" of wireless security. It was intended to provide the same level of security as a wired connection, but it failed miserably.

The Fatal Flaw: WEP uses a very short, 24-bit Initialization Vector (IV). Because the IV is sent in plain text and repeats frequently on busy networks, attackers can use "IV collision" attacks to recover the master key in under five minutes.
CISSP Rule: Never recommend WEP. If a question asks how to handle a legacy WEP device, the answer is usually to replace it or isolate it.

4. Open Wi-Fi

An Open network provides Identification (the SSID) but zero Authentication or Confidentiality.

The Risk: Traffic is sent in "the clear." Anyone with a basic packet sniffer (like Wireshark) can intercept sensitive data, including passwords and session cookies. This is a "non-starter" for any security-conscious recommendation.

The "CISSP Rule of Thumb"

WEP = Broken (IV Collisions).
WPA = TKIP (The "Quick Fix").
WPA2 = AES/CCMP (The Standard).
WPA3 = SAE/Simultaneous Authentication of Equals (The Future).

Podcasts

Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.

Listen Podcasts

CISSP Cyber Training Academy

Tired of not knowing how to study for the CISSP Exam?

Check out the CISSP Cyber Training Academy to help you on your journey!

Learn about the Academy!

CISSP Cyber Training - YouTube

Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.

Check out channel

Weekly CISSP Practice

Exam Questions

Question: Which wireless security protocol should you recommend for a secure home network?

A. WEP

B. WPA2

C. Open Wi-Fi

D. WPA

Correct Answer: B. WPA2

Understanding Wireless Security Evolution

Wireless security is a game of cat-and-mouse between protocol developers and attackers. For the CISSP exam, you must understand not only which protocol is "best" but also the specific encryption algorithms that make them so.

1. WPA2 (Wi-Fi Protected Access 2)

WPA2 is currently the industry baseline for secure wireless communication. It was the first protocol to mandate the use of the 802.11i standard.

The Mechanism: WPA2 utilizes AES (Advanced Encryption Standard) for encryption and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for integrity.

Why it wins: Unlike its predecessors, the AES/CCMP combination is highly resistant to brute-force and statistical attacks. For the purpose of this question, it is the most robust choice provided.

CISSP Note: In the real world, WPA3 is the newest standard, but on the exam, WPA2-Enterprise (which uses 802.1X/EAP) is often the "Gold Standard" for organizations.

2. WPA (Wi-Fi Protected Access)

WPA was designed as a "stopgap" measure to fix the glaring holes in WEP via a simple firmware update.

The Weakness: It introduced TKIP (Temporal Key Integrity Protocol). While TKIP improved key security by changing keys per packet, it still relied on the fundamentally weak RC4 cipher. It is now considered deprecated and vulnerable.

3. WEP (Wired Equivalent Privacy)

WEP is the "cautionary tale" of wireless security. It was intended to provide the same level of security as a wired connection, but it failed miserably.

The Fatal Flaw: WEP uses a very short, 24-bit Initialization Vector (IV). Because the IV is sent in plain text and repeats frequently on busy networks, attackers can use "IV collision" attacks to recover the master key in under five minutes.

CISSP Rule: Never recommend WEP. If a question asks how to handle a legacy WEP device, the answer is usually to replace it or isolate it.

4. Open Wi-Fi

An Open network provides Identification (the SSID) but zero Authentication or Confidentiality.

The Risk: Traffic is sent in "the clear." Anyone with a basic packet sniffer (like Wireshark) can intercept sensitive data, including passwords and session cookies. This is a "non-starter" for any security-conscious recommendation.

The "CISSP Rule of Thumb"

WEP = Broken (IV Collisions).

WPA = TKIP (The "Quick Fix").

WPA2 = AES/CCMP (The Standard).

WPA3 = SAE/Simultaneous Authentication of Equals (The Future).

Podcasts

CISSP Cyber Training Academy

CISSP Cyber Training - YouTube

Get Your FREE Collection of Top-Quality CISSP Exam Questions Today!

Weekly CISSP Practice

Exam Questions

Question: Which wireless security protocol should you recommend for a secure home network?

A. WEP

B. WPA2

C. Open Wi-Fi

D. WPA

Correct Answer: B. WPA2

Understanding Wireless Security Evolution

Wireless security is a game of cat-and-mouse between protocol developers and attackers. For the CISSP exam, you must understand not only which protocol is "best" but also the specific encryption algorithms that make them so.

1. WPA2 (Wi-Fi Protected Access 2)

WPA2 is currently the industry baseline for secure wireless communication. It was the first protocol to mandate the use of the 802.11i standard.

The Mechanism: WPA2 utilizes AES (Advanced Encryption Standard) for encryption and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for integrity.

Why it wins: Unlike its predecessors, the AES/CCMP combination is highly resistant to brute-force and statistical attacks. For the purpose of this question, it is the most robust choice provided.

CISSP Note: In the real world, WPA3 is the newest standard, but on the exam, WPA2-Enterprise (which uses 802.1X/EAP) is often the "Gold Standard" for organizations.

2. WPA (Wi-Fi Protected Access)

WPA was designed as a "stopgap" measure to fix the glaring holes in WEP via a simple firmware update.

The Weakness: It introduced TKIP (Temporal Key Integrity Protocol). While TKIP improved key security by changing keys per packet, it still relied on the fundamentally weak RC4 cipher. It is now considered deprecated and vulnerable.

3. WEP (Wired Equivalent Privacy)

WEP is the "cautionary tale" of wireless security. It was intended to provide the same level of security as a wired connection, but it failed miserably.

The Fatal Flaw: WEP uses a very short, 24-bit Initialization Vector (IV). Because the IV is sent in plain text and repeats frequently on busy networks, attackers can use "IV collision" attacks to recover the master key in under five minutes.

CISSP Rule: Never recommend WEP. If a question asks how to handle a legacy WEP device, the answer is usually to replace it or isolate it.

4. Open Wi-Fi

An Open network provides Identification (the SSID) but zero Authentication or Confidentiality.

The Risk: Traffic is sent in "the clear." Anyone with a basic packet sniffer (like Wireshark) can intercept sensitive data, including passwords and session cookies. This is a "non-starter" for any security-conscious recommendation.

The "CISSP Rule of Thumb"

WEP = Broken (IV Collisions).

WPA = TKIP (The "Quick Fix").

WPA2 = AES/CCMP (The Standard).

WPA3 = SAE/Simultaneous Authentication of Equals (The Future).

Podcasts

CISSP Cyber Training Academy

CISSP Cyber Training - YouTube

Master the CISSP Exam with Confidence!

Get Your FREE Collection of Top-Quality CISSP Exam Questions Today!