Comprehensive and Detailed in-Depth Explanation:
Why the Correct Answer is C (WPA3 SAE):
WPA3 SAE (Simultaneous Authentication of Equals)is the most advanced method for wireless security in small office environments without centralized authentication (like Active Directory).
It addressesbrute-force attacksthroughforward secrecyand theDragonfly key exchangemethod, making it resistant to dictionary attacks and offline cracking.
WPA3 SAEenhances security by protecting against password-guessing attacks even when a weak password is chosen.
Additionally,WPA3 SAEeliminates the vulnerabilities found in WPA2-PSK by using amore secure key exchange mechanism.
Why the Other Options Are Incorrect:
A. Faraday cage:
A Faraday cage can block wireless signals entirely, but it does not provide asecurity protocolfor wireless authentication.
It’s primarily used forsignal isolationrather than securing wireless communication.
B. WPA2 PSK:
AlthoughWPA2 PSK (Pre-Shared Key)is widely used, it is vulnerable tobrute-force and offline dictionary attacks, especially when weak passwords are used.
WPA2 does not includeprotection against offline password cracking, which is a significant concern.
D. WEP 128 bit:
WEP (Wired Equivalent Privacy)is extremely outdated and insecure.
It uses theRC4 stream cipher, which is prone toIV (Initialization Vector) collisionsandkey recovery attacks.
Modern tools can crack WEP keys within minutes, making it highly unsuitable.
Additional Information:
WPA3 SAEis particularly designed for environments where there is no centralized authentication server (likeActive Directory), which fits the small office scenario perfectly.
TheDragonfly handshakeused by WPA3 SAE prevents offline brute-force attacks by usingpassword-based authenticated key exchange.
Even if an attacker captures the handshake, they cannot easily performoffline dictionary attacksdue toindividualized encryptionfor each session.
Extract from CompTIA SecurityX CAS-005 Study Guide:
According to theCompTIA SecurityX CAS-005 Official Study Guide, WPA3 offers improved security over WPA2 by providingrobust protection against password guessing attacks, especially in environments without enterprise-grade authentication mechanisms. TheSAE protocolis highlighted as essential forpersonal and small office wireless networkswhere enhanced security is required without the complexity of a RADIUS server.
