If a typical 802.11 client associates using its default "automatic" settings, which cipher will actually protect broadcast and multicast frames on this WPA2-PSK network, and why is that choice considered weak?
TKIP, because WPA2 uses the AP-defined Group Temporal Key based on RC4, which is susceptible to IV reuse and MIC attacks.
WEP-104, because mixed-mode WPA2 falls back to legacy WEP for group frames, exposing weak IV protection.
CCMP, because clients always prefer the strongest available cipher, making broadcast traffic safe with AES-128.
GCMP, because WPA2 automatically upgrades group traffic to Galois/Counter Mode for integrity and confidentiality.
The Robust Security Network (RSN) element advertises a single Group Cipher - here, TKIP. 802.11 clients must accept the AP's selected Group Temporal Key (GTK) algorithm for broadcast and multicast traffic, even if they negotiate a stronger pair-wise cipher such as CCMP for unicast frames. TKIP uses the legacy RC4 stream cipher, employs 48-bit IVs, and re-uses the Michael MIC mechanism, all of which are vulnerable to key-recovery and packet-injection attacks (e.g., Chop-Chop, Beck-Tews). Therefore, broadcast and multicast frames will be encrypted with TKIP, exposing the WLAN to known weaknesses despite the presence of CCMP in the pair-wise list. The other options are incorrect because CCMP or GCMP would only be used if they were specified as the group cipher, and WPA2 never downgrades group traffic to WEP.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is RC4 and why is it considered vulnerable?
Open an interactive chat with Bash
Why does WPA2-PSK use TKIP for group traffic despite its weaknesses?
Open an interactive chat with Bash
What is the difference between a pairwise cipher and a group cipher in WPA2?
Open an interactive chat with Bash
What is TKIP and why is it considered weak?
Open an interactive chat with Bash
What is CCMP and how does it differ from TKIP?
Open an interactive chat with Bash
What is the Group Temporal Key (GTK) and how does it impact security?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Wireless Network Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .