This is a bad question because AES Is technically correct, SAE is the handshake mechanism WPA 3 uses, it protects against offline dictionary attacks, and by the way the question is worded it's probably A, but D is correct as the actual encryption is AES for WPA 2 AND WPA 3. Thus AES is what is protecting all the data, but SAE is an enhancement WPA 3 has over WPA.

The third version of a Wi-Fi Alliance standard introduced in 2018 that requires pre-shared key or 802.1x authentication, GCMP, SAE, and forward secrecy. Simultaneous Authentication of Equals (SAE) A strong authentication method used in WPA3 to authenticate wireless clients and APs and to prevent dictionary attacks for discovering pre-shared keys.

A is correct

I know that it is a tricky question, because when you talk about security against hackers maybe you can think in a encryption method, such as AES. However in 31-Days-Before-your-CCNA-Exam material, you can find some paragraphs that link: WPA3 + SAE + against hackers. WPA3-Personal: . In WPA2-Personal, threat actors can listen in on the “handshake” between a wireless client and the AP and use brute-force attacks to try to guess the PSK. . WPA3-Personal thwarts such attacks by using (SAE), a feature specified in the IEEE 802.11-2016. . The PSK is never exposed, making it impossible for the threat actor to guess. Source: 31-Days-Before-your-CCNA-Exam (pg. 160)

bad wording though. SAE (Simultaneous Authentication of Equals) is not a method of encryption itself; rather, it's an authentication method used in WPA3 (Wi-Fi Protected Access 3) to establish a secure connection between a wireless client and an access point. SAE addresses the security vulnerabilities of traditional pre-shared keys (PSKs) used in WPA and WPA2. Instead of relying solely on a static passphrase, SAE uses a more robust and secure key exchange process to prevent various types of attacks, including offline dictionary attacks and brute-force attacks. The actual encryption method used in WPA3 is typically AES (Advanced Encryption Standard), which provides the encryption and confidentiality of data transmitted over the network. To clarify, SAE enhances the authentication process to protect against attacks on the initial key exchange, while AES provides the encryption of the data itself.

answer; D

AES is the right Answer here, the question is CLEARLY asking about Traffic, not about the Authentication method , SEA is used for securing Authentication , while the traffic it self is secured by AES

SAE is for key exchange , the question here asks about traffic, AES is used for traffic encryption D is the Answer

The WPA3 enhancement that protects against hackers viewing traffic on the Wi-Fi network is SAE (Simultaneous Authentication of Equals) encryption. SAE is a secure key establishment protocol that provides stronger protection against password guessing attacks and offline dictionary attacks compared to the previous WPA2-Personal (PSK) protocol. SAE uses the Dragonfly key exchange method and provides forward secrecy, which means that if an attacker obtains the Wi-Fi network password, they cannot decrypt previously captured traffic. Therefore, option A is the correct answer.

WPA3 uses simultaneous authentication of equals (SAE) encryption

WPA3 uses simultaneous authentication of equals (SAE) encryption and allows only WiFi devices that support WPA3 to join the virtual access point (VAP).

AES in general can be used by WPA3 to prevent the viewing of traffic, SAE only protects authentication​ ​ Though, AES isn’t new to WPA3, but SAE is. “Simultaneous authentication of equals”​ It results in a more secure initial key exchange while in personal mode, replaces WPS, and mitigates vulnerabilities posed by weak PSKs.​ https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/16-12/config-guide/b_wl_16_12_cg/wpa3.html

Nse SAE

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-2/config-guide/b_wl_17_2_cg/wi_fi_protected_access_3.html

Definitely not in the OCG