Given: In XYZ’s small business, two autonomous 802.11ac APs and 12 client devices are in use with WPA2-Personal.
What statement about the WLAN security of this company is true?
A.
Intruders may obtain the passphrase with an offline dictionary attack and gain network access, but will be unable to decrypt the data traffic of other users.
B.
A successful attack against all unicast traffic on the network would require a weak passphrase dictionary attack and the capture of the latest 4-Way Handshake for each client.
C.
An unauthorized wireless client device cannot associate, but can eavesdrop on some data because WPA2-Personal does not encrypt multicast or broadcast traffic.
D.
An unauthorized WLAN user with a protocol analyzer can decode data frames of authorized users if he captures the BSSID, client MAC address, and a user’s 4-Way Handshake.
E.
Because WPA2-Personal uses Open System authentication followed by a 4-Way Handshake, hijacking attacks are easily performed.
In WPA2-Personal, each client derives its Pairwise Transient Key (PTK) based on a shared Pairwise Master Key (PMK) and values exchanged during the 4-Way Handshake. Therefore, even if the passphrase is cracked, an attacker must still capture the 4-Way Handshake for each target client in order to decrypt their unicast traffic.
Incorrect:
A. Incorrect because cracking the passphrase allows decrypting data traffic after capturing the 4-Way Handshake.
C. WPA2 encrypts multicast and broadcast traffic using the GTK, which unauthorized clients cannot derive.
D. Capturing BSSID and MAC isn’t enough without knowing the passphrase and the full 4-Way Handshake.
E. Hijacking is harder in WPA2-Personal due to the dynamic PTK derived per session.
[References:, , CWSP-208 Study Guide, Chapter 3 (WPA2-PSK Key Management), , CWNP Learning: WLAN Encryption and PTK Derivation]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit