A customer has completed the installation of a Wi-Fi 6 greenfield deployment at their new campus. They want to leverage Wi-Fi 6 enhanced speeds on the trusted employee WLAN. To configure the employee WLAN, which two Layer 2 security policies should be used? (Choose two.)
To configure the employee WLAN in a Wi-Fi 6 environment, WPA2 (AES) and 802.1X should be used. WPA2 (AES) provides robust encryption and is supported in Wi-Fi 6, ensuring a secure connection. 802.1X is an authentication framework that provides an additional layer of security by requiring devices to authenticate before accessing the network. These two options together enhance security and performance, making them suitable for a trusted employee WLAN.
The given answer is correct
No, it's not.
The correct answer is: B. 802.1X C. OPEN
WPA2 is not supported on WI-FI6, and WEP is out of the discussion, so the correct answers are 802.1x and OPEN.
B&C WPA2 is not supported on wifi6
I think the question is confusing.. They want you to use .1x (instead of a PSK) with! wpa2. Open is not a standard that is discussed
802.1x without a doubt is an answer. Regarding the A/C Debate, you would not secure a wifi 6 environment with WPA2, and it is a trusted employee WLAN. I currently do this where I am eployed now and the trusted OPEN Network with 802.1x allows for enhanced security.
B and C
I see the debate is between AB and BC combos. My question about BC is: how can you you have both Open Authentication and 802.1X authentication on the same WLAN? I understand about using Open authentication with a security suite such as WPA2/WPA3, but how would OPEN + 802.1X work?
Its AB lol
yeah , they are right WPA2 is not supported so B & C https://www.extremenetworks.com/resources/blogs/wireless-security-in-a-6-ghz-wi-fi-6e-world#:~:text=The%20Wi%2DFi%20Alliance%20requires,(OWE)%20in%206%20GHz.
This link is wifi 6E, not wifi 6. The are two different things. I can't believe the wifi committee did something great by renaming our wifis by generation instead of protocol (b, g, n, ac, and etc) but then mess it up immediately by coming up with 6E, why not name it 7?
Is this about wifi 6E? Do they mean OWE or Open SSID? Anyway, WPA2 seems to be out of support on wifi 6/6E. 802.1x and Open (OWE?) seem to be working. Could someone check this please? A couple of good sources: https://www.cisco.com/c/en/us/products/collateral/wireless/nb-06-preparing-for-wifi-6-ebook-cte-en.html "WPA3 is a mandatory requirement for the Wi-Fi 6E network" https://blogs.cisco.com/networking/wlan-ssid-security-migration-into-6ghz-networks "any new device supporting 6GHz, will be required to “only” support the following security standards while in the new band: WPA3..., OWE..., SAE..." https://www.cisco.com/c/en/us/products/wireless/what-is-wifi-6-vs-wifi-6e.html#~benefits "Wi-Fi Protected Access 3 (WPA3) mandatory for all Wi-Fi 6E devices, without backward compatibility for WPA2"
When Cisco is describing Wi-fi 6, they state this about OPEN: Wifi6…It offers enhanced security for open Wi-Fi networks with encryption of unauthenticated traffic, robust password protection against brute-force dictionary attacks, and superior data reliability for sensitive information with 192-bit encryption. Also, they state this about 802.1X, in the context of wifi6: Cisco Network Essentials and Network Advantage licenses enable wireless fundamentals such as 802.1X authentication, QoS, Plug and Play (PnP), telemetry and visibility, Single Sign-On (SSO), and security controls. These licenses are perpetual. Source: https://www.cisco.com/c/en/us/products/collateral/wireless/nb-06-preparing-for-wifi-6-ebook-cte-en.html
More on 802.1X: Supported WPA3 modes [….] WPA3-Enterprise, for 802.1X security networks. This leverages IEEE 802.1X with SHA-256 as the Authentication and Key Management (AKM). […] while the WPA2-capable clients can use WPA2-Enterprise’s 802.1X SHA1 or 802.1X-SHA256 Note: This mode should be used only when necessary. For maximum security, the recommended mode is to use only WPA3 and not a mix of WPA3 and WPA2. Source: https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9100ax-access-points/wpa3-dep-guide-og.html WPA2(AES) is not a wifi6 Security Enhancement, which is the question concern. - wifi6 enhancement. Looks to me the BC we would be a better choice. What do you think?
Moreover: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01010000.html
The default security setting for new WLANs is 802.1X with dynamic keys enabled. To maintain robust Layer 2 security, leave 802.1X configured on your WLANs.
Chapter: Configuring Layer2 Security: The available Layer 2 security policies are as follows: None (open WLAN) Static WEP or 802.1X source: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01010000.html
Leaving it OPEN is not a security feature....
A & B are correct WPA2 is supported on wifi 6, but it´s not supported on wifi 6E! this is from cisco: WPA3 is AVAILABLE in Wi-Fi 6 and is MANDATORY for Wi-Fi 6E, they dosen´t say WPA2 is not supoorted on wifi 6, if WPA3 is optional on wifi 6 then WPA2 is suppoerted. C is a good feature for wifi 6E https://www.cisco.com/c/en/us/products/wireless/what-is-wi-fi-6.html#~elements:~:text=(WPA3)%20is%20available%20in%20Wi%2DFi%206%20and%20is%20mandatory%20for%20Wi%2DFi%206E. https://www.cisco.com/c/en/us/products/wireless/what-is-wifi-6-vs-wifi-6e.html#~benefits:~:text=Wi%2DFi%206E%20benefits,in%20Wi%2DFi%206E.
............
The correct answer is B and C ( 802.1X and Open) !
WPA 2 is supported on WiFi 6. It is not supported on WiFi6E (on 6GHz band; it is supposed to be "legacy free")
Similar question on older exam when referring ro 802.11ac - the answer was OPEN: https://www.examtopics.com/discussions/cisco/view/5831-exam-200-355-topic-1-question-36-discussion/