ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During a security review, you learn that the company's distribution-center Wi-Fi uses WPA2-PSK with AES encryption. Auditors warn that anyone who captures the 4-way handshake can perform unlimited offline dictionary attacks to guess the passphrase. Management wants to eliminate this weakness while still relying on a passphrase model and without introducing new backend servers. What is the best solution?
Reconfigure the access points to use WPA2 with CCMP-AES and enable 802.11r fast BSS transition (FT).
Upgrade the WLAN to WPA3-Personal, which replaces the 4-way handshake with the Simultaneous Authentication of Equals (SAE) key exchange.
Downgrade to 128-bit WEP combined with MAC address filtering to restrict station access.
Migrate to WPA2-Enterprise and require credentials over PEAP tunneled EAP authentication.
WPA3-Personal is designed for environments that want to keep a preshared key approach but need stronger protection. It replaces the WPA2 4-way handshake with the Simultaneous Authentication of Equals (SAE) key exchange, which provides forward secrecy and prevents an attacker who records the handshake from running offline dictionary or brute-force attacks. WPA2-Enterprise (with PEAP) would also stop offline attacks, but it requires deploying and maintaining a RADIUS server, which management explicitly wants to avoid. Enabling 802.11r or simply continuing with WPA2-AES does nothing to mitigate the handshake weakness. Downgrading to WEP with MAC filtering dramatically reduces security and leaves the network vulnerable to numerous well-known attacks. Therefore, upgrading the WLAN to WPA3-Personal with SAE best meets the stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is WPA3-Personal and how does it differ from WPA2?
Open an interactive chat with Bash
What is forward secrecy in the context of Wi-Fi security?
Open an interactive chat with Bash
What are the limitations of WPA2 compared to WPA3?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .