Exam SY0-501 topic 1 question 83 discussion

I hate these question, if they can't support at least somewhat modern encryption, then they need to not be on the network or get new devices

The answer should be C: 802.1X does NOT require a RADIUS server, but that's how it's commonly done for legacy reasons. ... As part of the authentication mechanism, keying material is securely generated on the RADIUS server (and the same keying material is also generated on the WPA2 client).

You are struggling because you never did networking. Answer absolutely correct

B is correct do to their request. It states that some employees use older devices. So you must implement WAP because it supports older devices. And pre-shared key makes WPA to WPA-PSK. Pre-share keys used for: used to authenticate users on wireless local area networks.

this is what makes me lose trust in this website (exam topics) two different answers are given for the same question -- Q#83 and here. Which is right?

I did chose C but its wrong. A is the correct one as previous comment stated. Ref https://www.itprotoday.com/mobile-management-and-security/use-vpn-wireless-security

I would agree on A simply based on standard deployments I've seen. Users with enterprise laptops VPN in coffee shops all the time. We set up site to site on our less secure wifi networks.

same question as #83. And the comments there all points to B too. Btw, there the "answer" is C.

I would go with C. My understanding is that WPA2 is backward compatible with TKIP allowing interoperability with legacy devices. Jacob Moran covers this in Wireless Encryption topic " WPA2 is going to support encryption with AES. You might even see the option with WPA to support TKIP..." Many of the comments focus on the legacy devices but what about the newer ones? Would you really want to use open or WPA to secure the newer devices?

As much as I hate to admit it, it looks like 'A' may be the correct answer. The notion is supported by the following websites: https://www.professormesser.com/security-plus/sy0-401/vpn-over-open-wireless-networks/ https://www.f5.com/pdf/white-papers/wlan-wp.pdf https://rysavyresearch.files.wordpress.com/2017/08/2005_aventail_wireless.pdf

Open wireless network - SSL VPN. This might help us; https://www.professormesser.com/security-plus/sy0-401/vpn-over-open-wireless-networks/

WPA - Preshared Key

B is the answer, pls update it.

... you might wonder if WPA2 is backward-compatible with WPA, and whether WPA is backward-compatible with dynamic and static WEP so that one AP infrastructure could support the gamut of protocols. The answer is technically no, but operationally yes. You can support all three security mechanisms on a single physical Wi-Fi network. However, client devices must find a protocol match on the APs to which they associate. In other words, WEP has to talk to WEP; it can’t talk to WPA or WPA2. The way you accommodate this is by divvying up the physical network into separate logical “security networks.” Most of the enterprise-class access point makers support all three protocols at the high end, as well as the ability to create separate service set identifiers (SSID) associated with corresponding virtual LANs (VLAN) to accommodate each protocol. So, in other words, on one physical Wi-Fi network, you could have three logical security networks: a WEP network, a WPA network, and a WPA2 network. https://www.networkworld.com/article/2309159/is-wi-fi-security-backward-compatible-.html

The answer is correct, the key word is ‘encrypt’. Only SSL does that

“Balance b/w the security of the wireless network and usability”. A is no wireless security. VPN is just to protect the transmission. Nothing really for usability as well. I would go with B. Has security and with PSK easy for the clients as well. Ppl saying WPA is cracked or not secure don’t know what cracked is or WPA is. WPA-PSK with a 10+ character passphrase is impractical to crack with dict attacks but hey admin here is not concerned about using the most secure implementation

I think the answer is correct as the question states "Strong Security". We all know WPA is weak