GCMP (Galois/Counter Mode Protocol): This is a newer and more secure encryption method used in WPA3. WPA3 mandates the use of GCMP, specifically GCMP128 for WPA3-Personal.
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol): While CCMP128 is used in WPA2, it is not the required cipher for WPA3.
It's A, because the other encryption ciphers are not supported for personal mode. The question mentions the use of a PSK, which implies personal mode is in use.
Configuring WPA3 (GUI)
...
Chose the Encryption Cipher from the following options:
CCMP128(AES)
CCMP256 (not available for Personal security type)
GCMP128 (not available for Personal security type)
GCMP256 (not available for Personal security type)
Source:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/wlan_security.html
The question states the SSID is using WPA3-Personal, which only supports CCMP128 according to source's Client interoperability matrix at the bottom:
https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9100ax-access-points/wpa3-dep-guide-og.pdf
official cert guide vol1, page 662 :
s. WPA3 leverages
stronger encryption by AES with the Galois/Counter Mode Protocol (GCMP). It also uses
Protected Management Frames (PMF) to secure important 802.11 management frames
between APs and clients, to prevent malicious activity that might spoof or tamper with a
BSS’s operation.
C. CCMP256: CCMP256 stands for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol using a 256-bit encryption key. It is the encryption cipher used in WPA3-Personal for enhanced security.
That elliptic curve got me, but I believe it's this:
WPA2 uses CCMP-128 security level with AES-128 cipher suite plus CBC-MAC cipher (personal or enterprise mode).
WPA3 also uses CCMP-128 security level with AES-128 cipher suite plus CBC-MAC cipher (personal or enterprise mode);
(or) GCMP-128 security level with AES-128 cipher suite plus GMAC cipher (enterprise mode);
(or) GCMP-192 security level (called Suite B) with AES-256 cipher suite plus GMAC cipher (enterprise mode).
In the case the question asked for the AES cipher (not the security level which is also 128 bits), CCMP-128 in this case refers to the 128 bit AES cipher.
According to RFC 5430, this confusion between cipher and elliptic curve security level is common, which represents the set of encryption ciphers plus the integrity cipher (AES Encryption + MIC CBC-MAC / or MIC GMAC).
The 128-bit security level corresponds to an elliptic curve size of 256 bits and AES-128; it also makes use of SHA-256 [SHS]. The 192-bit security level corresponds to an elliptic curve size of 384 bits and AES-256; it also makes use of SHA-384 [SHS].
Note: Some people refer to the two security levels based on the AES key size that is employed instead of the overall security provided by the combination of Suite B algorithms. At the 128-bit security level, an AES key size of 128 bits is used, which does not lead to any confusion. However, at the 192-bit security level, an AES key size of 256 bits is used, which sometimes leads to an expectation of more security than is offered by the combination of Suite B algorithms.
https://datatracker.ietf.org/doc/html/rfc5430#:~:text=The%20128%2Dbit,Suite%20B%0A%20%20%20algorithms.
When implementing a corporate SSID for WPA3-Personal security with a PSK (Pre-Shared Key), the encryption cipher that must be configured is:
C. CCMP256
CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) is the encryption protocol used in WPA3, and the "256" refers to the key length. CCMP256 utilizes AES-256 (Advanced Encryption Standard with a key length of 256 bits) for stronger encryption and security.
Therefore, option C, CCMP256, is the correct encryption cipher that should be configured for a corporate SSID implementing WPA3-Personal security with a PSK.
This section is not available anymore. Please use the main Exam Page.200-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
michael1001
Highly Voted 2 years, 5 months agoyogiyo
Highly Voted 1 year, 6 months agoBrianny93
Most Recent 11 months, 3 weeks ago7b1df62
7 months ago[Removed]
1 year, 1 month ago[Removed]
1 year, 5 months agoma44
1 year, 5 months agoNmk3216
1 year, 6 months agometideimos
1 year, 6 months agoSAAVYTECH
1 year, 6 months agoAmr_001
1 year, 8 months agoVikramaditya_J
1 year, 9 months agoShabeth
1 year, 10 months agono_blink404
1 year, 10 months agohainsberg
1 year, 3 months ago[Removed]
1 year, 11 months agodropspablo
1 year, 11 months agodropspablo
1 year, 11 months agoStingVN
1 year, 11 months agoCiscoman021
2 years, 1 month ago