CompTIA Security+ (SY0-501) — Question 763

An organization wants to set up a wireless network in the most secure way. Budget is not a major consideration, and the organization is willing to accept some complexity when clients are connecting. It is also willing to deny wireless connectivity for clients who cannot be connected in the most secure manner. Which of the following would be the MOST secure setup that conforms to the organization's requirements?

Answer options

• A. Enable WPA2-PSK for older clients and WPA2-Enterprise for all other clients.
• B. Enable WPA2-PSK, disable all other modes, and implement MAC filtering along with port security.
• C. Use WPA2-Enterprise with RADIUS and disable pre-shared keys.
• D. Use WPA2-PSK with a 24-character complex password and change the password monthly.

Correct answer: C

Explanation

The most secure option is C, as WPA2-Enterprise with RADIUS provides robust authentication and eliminates the vulnerabilities associated with pre-shared keys. Option A is less secure due to the inclusion of WPA2-PSK for older clients, while B adds unnecessary complexity without enhancing security, and D, despite using a strong password, still relies on pre-shared keys, which are not as secure as enterprise solutions.