A company's IT policy requires that all wireless traffic be encrypted using the strongest available protocol. A technician is configuring a new access point that supports WPA3-SAE, WPA2-PSK with AES, and WPA2-PSK with TKIP. Which configuration meets the policy?
WPA3-SAE is the current strongest standard, offering improved security over WPA2.
Why this answer
WPA3-SAE (Simultaneous Authentication of Equals) is the strongest available wireless encryption protocol among the options, as it replaces the pre-shared key (PSK) model with a more secure handshake that provides forward secrecy and is resistant to offline dictionary attacks. The IT policy requires the strongest available protocol, and WPA3-SAE is superior to both WPA2-PSK variants, making option C the correct choice.
Exam trap
A common misconception is that WPA2-PSK with AES is the strongest option because it uses the AES cipher, but the trap here is that the security of the authentication handshake (SAE vs. PSK) is more critical than the encryption cipher, and WPA3-SAE provides a fundamentally stronger authentication mechanism.
How to eliminate wrong answers
Option A is wrong because WPA2-PSK with TKIP uses the deprecated TKIP cipher, which is vulnerable to attacks like MIC key recovery and is not the strongest available protocol. Option B is wrong because although WPA2-PSK with AES (CCMP) is more secure than TKIP, it still uses the four-way handshake that is susceptible to offline dictionary attacks and lacks forward secrecy, making it weaker than WPA3-SAE. Option D is wrong because a mixed mode of WPA2 and WPA3 would allow clients to connect using WPA2, which is less secure than WPA3-SAE alone, and does not enforce the strongest encryption for all traffic as required by the policy.