Finding and Remediation of Unauthorized Devices on a Wireless Network | CompTIA Security+ SY0-601 Exam

Unauthorized Devices on Wireless Network

Prev Question Next Question

Question

During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset inventory.

WiFi access is protected with 256-bit encryption via WPA2

Physical access to the company's facility requires two-factor authentication using a badge and a passcode.

Which of the following should the administrator implement to find and remediate the issue? (Choose two.)

A.

Check the SIEM for failed logins to the LDAP directory. B.

Enable MAC filtering on the switches that support the wireless network. C.

Run a vulnerability scan on all the devices in the wireless network. D.

Deploy multifactor authentication for access to the wireless network. E.

Scan the wireless network for rogue access points. F.

Deploy a honeypot on the network.

BE.

Explanations

During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset inventory.

WiFi access is protected with 256-bit encryption via WPA2

Physical access to the company's facility requires two-factor authentication using a badge and a passcode.

Which of the following should the administrator implement to find and remediate the issue? (Choose two.)

A.

Check the SIEM for failed logins to the LDAP directory.

B.

Enable MAC filtering on the switches that support the wireless network.

C.

Run a vulnerability scan on all the devices in the wireless network.

D.

Deploy multifactor authentication for access to the wireless network.

E.

Scan the wireless network for rogue access points.

F.

Deploy a honeypot on the network.

BE.

The security administrator has discovered several unauthorized devices on the wireless network of a retail company. The administrator needs to take immediate action to identify and remediate the issue. Two options must be chosen from the list of possible solutions.

A. Check the SIEM for failed logins to the LDAP directory. This option may help the administrator determine whether the unauthorized devices were added to the network via an LDAP exploit. However, it is not likely to be the most effective solution in this case, as the administrator has already discovered the unauthorized devices and the issue may not be related to LDAP.

B. Enable MAC filtering on the switches that support the wireless network. This option can help prevent unauthorized devices from connecting to the wireless network in the future. MAC filtering allows the network to only allow devices with specific MAC addresses to connect. This is a simple but effective measure that can help prevent unauthorized access.

C. Run a vulnerability scan on all the devices in the wireless network. This option can help the administrator identify vulnerabilities in the devices that may have been exploited to gain unauthorized access to the network. However, it may not be the most urgent response, as the administrator has already identified the unauthorized devices on the network.

D. Deploy multifactor authentication for access to the wireless network. Multifactor authentication can significantly increase the security of the wireless network by requiring multiple forms of authentication to access the network. However, it may not be the most urgent response, as the administrator has already identified the unauthorized devices on the network.

E. Scan the wireless network for rogue access points. This option can help the administrator identify any unauthorized access points on the network, which may be used to gain unauthorized access. Rogue access points can be used by attackers to intercept traffic, steal credentials, or launch attacks. Scanning for rogue access points is an effective measure to identify potential threats.

F. Deploy a honeypot on the network. A honeypot is a decoy system designed to attract attackers and monitor their behavior. While honeypots can be useful for identifying attackers and their methods, they may not be the most urgent response, as the administrator has already identified the unauthorized devices on the network.

Based on the above, the best options for the security administrator to implement are B and E. The administrator should enable MAC filtering to prevent further unauthorized devices from connecting to the wireless network and scan the network for rogue access points to identify potential threats.