Question 348 of 1,819
Network Services and SecuritymediumMultiple ChoiceObjective-mapped

Quick Answer

WPA2 with AES is the correct choice because it combines the robust 802.11i security framework with the Advanced Encryption Standard, a symmetric block cipher that is far more resistant to cryptographic attacks than the RC4 stream cipher used by WEP or legacy WPA. On the CCNA 200-301 v2 exam, this question tests your understanding of enterprise wireless security standards, often appearing in a multiple-choice context where you must distinguish between open, WEP, WPA-TKIP, and WPA2-AES options. A common trap is confusing WPA2 with AES for WPA2 using TKIP, which is weaker and not recommended for modern deployments; remember that AES is mandatory for CCNA-level enterprise WLANs. For a quick memory tip, think “AES is the best” — it stands for Advanced Encryption Standard, and on the exam, if you see WPA2 paired with AES, it is always the strongest choice among legacy options.

CCNA Network Services and Security Practice Question

This 200-301 practice question tests your understanding of network services and security. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: wEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Which wireless security method is considered strongest among these choices for modern enterprise WLAN deployments?

Question 1mediummultiple choice
Read the full wireless explanation →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

WPA2 with AES

WPA2 with AES provides substantially stronger security than WEP, legacy WPA, or open authentication. In current enterprise environments, WPA2 and WPA3 are the expected baseline approaches depending on platform support.

Key principle: WEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • WEP

    Why it's wrong here

    WEP is deprecated and insecure.

    When this WOULD be correct

    If the exam question asked for the wireless security method that was historically used in early WLANs or in legacy systems, WEP could be considered correct. For example, a question might specify 'Which wireless security method was commonly used before WPA and is still found in some older devices?'

  • WPA

    Why it's wrong here

    Legacy WPA is better than WEP but weaker than WPA2 with AES.

    When this WOULD be correct

    In a scenario where the exam question asks for the best security method for a legacy system that only supports WPA, or if the question specifies a context where backward compatibility is prioritized over security, then WPA could be considered the correct answer.

  • WPA2 with AES

    Why this is correct

    Correct. WPA2 with AES is the strongest listed option.

    Related concept

    WEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security.

  • Open authentication

    Why it's wrong here

    Open authentication provides no real WLAN encryption.

    When this WOULD be correct

    If the exam question asked for the simplest method of connecting devices in a controlled environment where security is not a concern, such as a guest network for temporary access, then open authentication could be considered correct.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

WPA2 with AESCorrect answer

Why this is correct

Correct. WPA2 with AES is the strongest listed option.

WEPWrong answer — click to see why

Why this is wrong here

WEP uses RC4 encryption with static keys and is vulnerable to multiple attacks, including IV reuse and key cracking. It is deprecated and should never be used in any modern deployment.

★ When this WOULD be the correct answer

If the exam question asked for the wireless security method that was historically used in early WLANs or in legacy systems, WEP could be considered correct. For example, a question might specify 'Which wireless security method was commonly used before WPA and is still found in some older devices?'

Why candidates choose this

Students may think WEP is acceptable because it was the original Wi-Fi security standard and is still found in legacy devices, but it provides no real security today.

WPAWrong answer — click to see why

Why this is wrong here

WPA uses TKIP encryption, which is weaker than AES and has known vulnerabilities. It was designed as a temporary upgrade from WEP and is not recommended for modern networks.

★ When this WOULD be the correct answer

In a scenario where the exam question asks for the best security method for a legacy system that only supports WPA, or if the question specifies a context where backward compatibility is prioritized over security, then WPA could be considered the correct answer.

Why candidates choose this

WPA is often confused with WPA2 because of similar names, and students may assume it is still secure since it is an improvement over WEP.

Open authenticationWrong answer — click to see why

Why this is wrong here

Open authentication provides no encryption or authentication, leaving all traffic exposed. It is only suitable for public hotspots or guest networks with separate security measures.

★ When this WOULD be the correct answer

If the exam question asked for the simplest method of connecting devices in a controlled environment where security is not a concern, such as a guest network for temporary access, then open authentication could be considered correct.

Why candidates choose this

Students might think 'open' means easy to use or that it is acceptable for some scenarios, but it offers no security and is not considered a wireless security method.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

A frequent exam trap is selecting WPA instead of WPA2 with AES because WPA sounds like a newer or stronger protocol than WEP. However, WPA uses TKIP, which is less secure and considered legacy. Another trap is underestimating the insecurity of open authentication, which provides no encryption and leaves WLAN traffic exposed. Candidates might also mistakenly think WEP is acceptable due to its historical use, but it is deprecated and easily cracked. The key mistake is not recognizing that WPA2 with AES is the current minimum security standard for enterprise wireless networks, making it the strongest choice among the options.

Detailed technical explanation

How to think about this question

Wireless security methods protect data transmitted over WLANs by encrypting the communication between clients and access points. WEP (Wired Equivalent Privacy) was the original standard but uses weak RC4 encryption with static keys, making it vulnerable to attacks such as key reuse and packet injection. WPA (Wi-Fi Protected Access) introduced TKIP to improve security but still relies on legacy encryption algorithms that can be compromised. WPA2 replaced TKIP with AES (Advanced Encryption Standard), a robust encryption algorithm that provides strong confidentiality and integrity, making it the industry standard for enterprise WLAN security. In Cisco networking and CCNA contexts, understanding the encryption protocols is critical for securing wireless networks. WPA2 with AES is the baseline security method expected in enterprise deployments due to its strong cryptographic protections. Cisco devices and wireless controllers enforce WPA2 with AES to ensure compliance with security policies and to prevent unauthorized access. Open authentication offers no encryption and is only suitable for public or guest networks where security is not a concern. The decision process in exams and real networks involves selecting the strongest encryption method supported by the devices and infrastructure, which is WPA2 with AES among the given options. A common exam trap is confusing WPA with WPA2 or assuming that any WPA version is sufficiently secure. Candidates might incorrectly select WPA due to its name similarity or think that WEP still provides basic security. In practice, WEP is deprecated and should never be used. Additionally, open authentication is often overlooked as a security risk because it does not encrypt traffic. Cisco exam questions test the candidate’s ability to distinguish these protocols based on their encryption strength and suitability for enterprise WLANs. Practically, deploying WPA2 with AES ensures compliance with Cisco best practices and industry standards, protecting wireless networks from common attacks like eavesdropping and unauthorized access.

KKey Concepts to Remember

  • WEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security.
  • Legacy WPA improves on WEP by introducing TKIP, but it still relies on outdated encryption methods and is less secure than WPA2 with AES.
  • WPA2 with AES uses the Advanced Encryption Standard, providing strong encryption and integrity checks, making it the preferred choice for enterprise WLANs.
  • Open authentication allows clients to connect without encryption or authentication, exposing WLAN traffic to interception and unauthorized access.
  • Enterprise WLAN deployments require robust encryption methods like WPA2 with AES to protect data confidentiality and prevent unauthorized network access.
  • Cisco devices supporting CCNA-level wireless security expect candidates to understand the differences in encryption strength between WEP, WPA, and WPA2.
  • WPA3 is the emerging standard that improves on WPA2, but since it is not listed, WPA2 with AES remains the strongest option among the given choices.
  • Selecting the correct wireless security method impacts network integrity, confidentiality, and compliance with industry security standards.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

WEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security.

Real-world example

How this comes up in practice

A practitioner preparing for the 200-301 exam encounters this exact type of scenario on the job. The correct answer here is not the most general option — it is the best answer for the specific constraint described. WEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security. Real exam questions reward reading the full scenario before eliminating options, because the constraint defines which answer fits.

What to study next

Got this wrong? Here's your next step.

Review wEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Network Services and Security — This question tests Network Services and Security — WEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security..

What is the correct answer to this question?

The correct answer is: WPA2 with AES — WPA2 with AES provides substantially stronger security than WEP, legacy WPA, or open authentication. In current enterprise environments, WPA2 and WPA3 are the expected baseline approaches depending on platform support.

What should I do if I get this 200-301 question wrong?

Review wEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security., then practise related 200-301 questions on the same topic to reinforce the concept.

What is the key concept behind this question?

WEP uses weak RC4 encryption and static keys, which makes it vulnerable to attacks and unsuitable for modern enterprise WLAN security.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: May 17, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.