A financial services company is deploying a new 802.11ax network and must comply with PCI-DSS 4.0 requirements. The security architect is designing the authentication mechanism for corporate-owned laptops. The primary requirements are to use device-specific credentials, prevent credential sharing, and ensure the strongest possible cryptographic protection. Which authentication and EAP method combination should be implemented to meet these requirements?
During a security audit of a university campus WLAN, a penetration tester successfully executes an attack by spoofing Disassociation frames targeting a lecturer's laptop, causing it to disconnect from the network during a presentation. The network is currently using WPA2-Enterprise with CCMP/AES. Which 802.11 amendment must be enabled to mitigate this specific attack?
A security administrator is analyzing a packet capture of a failed WPA3-SAE connection attempt. The capture shows the client and AP exchanging several Authentication frames (Commit and Confirm), but the process fails and no Association occurs. What is the most likely cause of this failure?
A hospital is developing its WLAN security policy to comply with HIPAA. The policy must address the security of patient data (ePHI) accessed via wireless devices. Which of the following policy statements are essential to include for HIPAA compliance? (Select TWO)
A consultant is performing a risk assessment for a retail company's guest WLAN. The company has identified that a compromise of the guest network leading to a pivot into the corporate network could result in a loss of $500,000 in data and remediation costs. Based on historical data and industry trends, such an event is estimated to occur once every ten years. What is the Annualized Loss Expectancy (ALE) for this specific risk?
An organization is implementing a new security policy that requires quarterly audits of its wireless network. Which of the following activities falls under the 'Monitor' phase of the security lifecycle?
True or False: In an 802.1X/EAP-TLS implementation, the RADIUS server requires a copy of each client's private key to validate their identity.
A network engineer needs to set up a secure wireless network for a small coffee shop. The owner wants to provide encrypted access for customers but does not want to manage a complex password that needs to be written on a board. The requirements are to provide individualized encryption keys for each client session without any user interaction or pre-shared keys. Which Wi-Fi security mechanism is designed for this specific use case?
A security team is using Kali Linux to perform a penetration test on their corporate WLAN, which uses WPA2-Personal. They have captured the 4-way handshake. Which tool from the Aircrack-ng suite would they use to attempt an offline dictionary attack against the captured handshake to recover the PSK?
A large enterprise is designing a multi-tiered security architecture for its WLAN. The goal is to segment traffic from different user groups (Corporate, IoT, Guest) and apply different security policies to each. Which combination of wired-side security mechanisms is most effective for achieving this? ```mermaid graph TD subgraph WLAN AP1[AP] AP2[AP] end subgraph Wired Infrastructure SW[Access Switch] FW[Firewall] AAA[RADIUS Server] end subgraph Networks CorpNet[Corporate Network] IoTNet[IoT Network] GuestNet[Guest Network] end AP1 --> SW AP2 --> SW SW --> FW SW --- AAA FW --> CorpNet FW --> IoTNet FW --> GuestNet ```