During a post-assessment briefing, you report that an attacker repeatedly forced employees off the company's WPA2-Enterprise WLAN by transmitting spoofed deauthentication frames. Management asks for a preventive control that can be deployed without replacing existing access points or requiring users to change their workflow. Which measure most effectively thwarts this specific attack?
Disable SSID broadcast and implement MAC address filtering on every access point
Enable IEEE 802.11w Protected Management Frames (PMF) on the WLAN and require compatible clients
Lower each access point's transmit power to reduce signal leakage outside the building
Switch the network to WEP with shared-key authentication to obscure traffic contents
Forged deauthentication frames exploit the fact that legacy 802.11 management frames are neither encrypted nor authenticated. Enabling IEEE 802.11w Protected Management Frames (also called Management Frame Protection or PMF) cryptographically signs critical management frames, including deauthentication and disassociation, so clients reject spoofed packets. Merely hiding the SSID or using MAC filtering offers no protection because attackers can still sniff frames and spoof MACs. Downgrading to WEP weakens security and does not secure management frames. Reducing transmit power may slightly shrink the attack surface but does not stop an attacker within range from injecting forged frames. Therefore, enforcing 802.11w/PMF is the most effective countermeasure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are IEEE 802.11w Protected Management Frames (PMF)?
Open an interactive chat with Bash
Why is disabling SSID broadcast and MAC filtering not effective against spoofed deauthentication attacks?
Open an interactive chat with Bash
How do deauthentication attacks exploit legacy management frames?
Open an interactive chat with Bash
What are IEEE 802.11w Protected Management Frames (PMF)?
Open an interactive chat with Bash
Why are WPA2-Enterprise WLANs vulnerable to spoofed deauthentication attacks?
Open an interactive chat with Bash
How do spoofed deauthentication frames impact network security?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Wireless Network Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .