During a post-engagement briefing you explain that your deauthentication flood worked because the victim access points accepted forged disassociation frames, forcing users to reconnect through an evil-twin AP. The organization is keeping its current WPA2-Enterprise deployment but can change controller and client settings. Which single wireless security control will most directly prevent this specific attack from succeeding in the future?
Lower the access points' transmit power to shrink the wireless cell size
Enable 802.11w Protected Management Frames (PMF) on all access points and require PMF-capable clients
Disable SSID broadcasting so attackers cannot identify the network
Turn on client isolation so stations cannot communicate directly with each other
A deauthentication or disassociation attack abuses the fact that, in legacy 802.11, management frames are sent in the clear and are neither encrypted nor integrity-protected. The IEEE 802.11w amendment (often exposed in controller GUIs as "Protected Management Frames" or PMF) cryptographically protects deauthentication, disassociation, and other management frames once a client is associated. When both the access point and the client enforce PMF, forged deauth frames are rejected, stopping the attacker from forcing clients off the legitimate WLAN. Disabling SSID broadcast, lowering transmit power, or enabling client isolation may reduce casual discovery or certain lateral-movement risks, but none of those measures validates management frames or blocks spoofed deauthentication packets.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Protected Management Frames (PMF)?
Open an interactive chat with Bash
How does enabling PMF stop deauthentication attacks?
Open an interactive chat with Bash
Why are SSID broadcasting or client isolation less effective against deauthentication attacks?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Wireless Network Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .