When you configure a WLAN on a Cisco wireless LAN controller (or an autonomous access point) with WPA2 Personal (PSK) through the GUI, which statement accurately describes how wireless clients authenticate and how encryption keys are derived?
Client authentication uses digital certificates exchanged in an EAP-TLS handshake.
All clients authenticate with the same pre-shared passphrase, and session keys are generated from that shared secret.
The access point automatically negotiates a different SAE (Simultaneous Authentication of Equals) passphrase with every client.
Each client submits unique user credentials that the controller validates against a RADIUS server using 802.1X.
In WPA2 Personal, every station supplies the same pre-shared passphrase during association. That passphrase (combined with the SSID) is used to generate the Pairwise Master Key, from which per-session encryption keys are derived. No 802.1X, RADIUS, digital certificates, or WPA3-SAE handshakes are involved. Because the initial secret is common to all users, the method is easy to deploy but lacks individual user accountability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is WPA2 PSK?
Open an interactive chat with Bash
What are the security implications of using a shared pre-shared key?
Open an interactive chat with Bash
What are the differences between WPA2 PSK and WPA2 Enterprise?
Open an interactive chat with Bash
Cisco CCNA 200-301
Security Fundamentals
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access