🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 11.13 - Wireless Networks (Part 1 of 3)

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series builds the foundation of Wi-Fi security, part of Domain 4. Every wireless network broadcasts into space where anyone can listen, so getting the design and encryption right is what stands between convenience and exposure as users roam.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What makes a wireless network different from a cabled one?

It carries all the same threats as a wired network, plus a few of its own. Because the signal travels through open air, an attacker can eavesdrop from a distance without ever touching a cable, and that same openness invites new forms of jamming and intrusion. This is why we call Wi-Fi an unbounded network, while a cabled network is a bounded one, like a sealed letter versus a postcard anyone nearby can read.

How do clients and access points arrange themselves?

In one of two modes. Ad hoc mode lets two wireless devices talk directly with no central access point coordinating them. Infrastructure mode routes everyone through a wireless access point that enforces the rules of entry, and it comes in several flavors: a stand-alone setup linking wireless clients only, a wired extension bridging them onto the wired network, an enterprise extended design for seamless roaming, and a bridge that joins two wired networks.

What is the difference between a fat and a thin access point?

It comes down to where the brains live. A fat access point is fully self-managed, handling its own security, routing, and filtering locally, which makes it flexible for a home but tedious to configure one device at a time. A thin access point is little more than a radio, with all the management pulled into a central controller that oversees many of them at once.

How do you name and protect a wireless network?

Every network carries a service set identifier, the name clients look for, and vendors ship widely known default names, so change yours to something unique before deployment. The name is announced in a beacon frame so devices can find it. You can silence that beacon, but do not mistake this for real security, because an attacker with a sniffer still sees the name in ordinary traffic. Rely on strong encryption, not on hiding.

Why is Wi-Fi Protected Access 2 the baseline you should demand?

Because it replaced both earlier schemes with genuinely strong encryption, swapping the old stream cipher for a modern block cipher mode built on the Advanced Encryption Standard. Weaknesses have surfaced in its key exchange process, so keeping devices patched still matters. It introduced two authentication choices you must know: a preshared key, a single fixed password for smaller settings, and an enterprise option that hands authentication off to a central identity service.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 11.13 - Wireless Networks (Part 1 of 3).