During a wireless security assessment you discover that all office access points broadcast a WPA2-PSK network with Wi-Fi Protected Setup (WPS) PIN authentication still enabled. Because tools such as Reaver can recover the PSK in a matter of hours by brute-forcing the eight-digit PIN, which single countermeasure should you recommend first to most effectively eliminate this specific risk without requiring new hardware?
Disable WPS on all access points and require users to enter the pre-shared key manually when onboarding devices.
Reduce the WPS PIN length from eight digits to six digits to lower the attack surface.
Retain WPS and add MAC address filtering so only known device MACs can associate with the network.
Keep WPS enabled but change the WPA2 passphrase to a randomly generated 64-character string.
The design of WPS divides the eight-digit PIN into two smaller parts, letting an attacker determine the PSK with roughly 11,000 guesses. This makes online brute-force attacks such as those performed by Reaver practical. The most direct and effective defense is simply to disable WPS on every access point, forcing devices to join the WLAN by manually entering the pre-shared key (or migrating to 802.1X). Shortening the PIN or choosing a longer WPA2 passphrase does not matter because the attack targets the WPS exchange, not the PSK itself. MAC address filtering offers only superficial protection; attackers can easily spoof allowed addresses. Therefore, turning off WPS is the only option that removes the vulnerability entirely without additional equipment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is WPS and why does it pose a risk?
Open an interactive chat with Bash
How do brute-force attacks work in the context of WPS?
Open an interactive chat with Bash
Why is disabling WPS more effective than other countermeasures?
Open an interactive chat with Bash
Why is WPS vulnerable to brute-force attacks?
Open an interactive chat with Bash
What is the role of WPA2-PSK in wireless networks?
Open an interactive chat with Bash
Why is MAC address filtering not an effective security measure?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Wireless Network Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .