Master Wireless Network Security with Real-World Accuracy
The Securing Cisco Wireless Enterprise Networks (WISECURE) Practice Exam from Exam Sage is your trusted companion in preparing for one of the most essential certifications in enterprise wireless networking. This comprehensive and meticulously crafted practice test is designed for IT professionals, wireless engineers, and network security specialists seeking to validate their skills in deploying, securing, and troubleshooting Cisco wireless networks.
What is the Securing Cisco Wireless Enterprise Networks Exam?
The WISECURE exam evaluates your ability to implement and secure Cisco wireless infrastructure within a scalable enterprise environment. It covers advanced topics in wireless security, identity management, policy enforcement, and enterprise-grade wireless design principles. Passing this exam qualifies you for roles involving wireless security architecture, network infrastructure hardening, and advanced threat defense in wireless deployments.
What You Will Learn
By using this practice exam, you’ll reinforce your knowledge of:
Enterprise wireless network security architecture
Secure configuration of Cisco Wireless LAN Controllers (WLCs) and Access Points (APs)
Implementation of 802.1X authentication, EAP methods, and RADIUS
Cisco Identity Services Engine (ISE) integration and policy creation
Guest access control, posture assessment, and endpoint profiling
TrustSec, SGTs, and scalable access control in wireless networks
Wireless threat detection, rogue mitigation, and RF policy enforcement
Cisco DNA Center integration and SD-Access Wireless
Secure Fast BSS Transition (802.11r), Protected Management Frames (802.11w), and WPA3 enhancements
Network segmentation using VLANs and mobility anchors
Key Topics Covered
This practice exam covers all major domains of the Cisco WISECURE curriculum:
Wireless Threat Defense: Detect and prevent rogue devices, honeypots, and denial-of-service attacks
Identity and Access Control: Implement robust user and device authentication using Cisco ISE
Secure Wireless Design: Design secure WLANs that comply with enterprise policies
Guest Wireless Solutions: Deploy and secure guest access portals and self-registration systems
Wireless Security Policies: Apply granular security policies using TrustSec and SGTs
Fast Roaming and Mobility: Configure and secure seamless client roaming
Advanced Protocols and Technologies: Utilize 802.11r/k/v, 802.11w, WPA3, and SAML authentication
Cisco DNA Center Integration: Automate security policy creation and ensure visibility into user access
SD-Access Wireless: Understand role-based access and segmentation in modern wireless fabrics
Why Choose Exam Sage?
At Exam Sage, we specialize in helping professionals like you prepare for demanding certification exams with confidence. Here’s what makes our practice exams stand out:
✅ Authentic, Realistic Questions: Reflect actual exam difficulty and structure
✅ Detailed Explanations: Understand the “why” behind every answer
✅ Regular Updates: Aligned with the latest Cisco WISECURE blueprint
✅ Downloadable Format: Study anytime, anywhere
Who Should Use This Practice Exam?
This resource is ideal for:
Wireless Engineers
Network Security Specialists
CCNP and CCIE Wireless Candidates
IT Professionals aiming for Cisco Enterprise Wireless certifications
Anyone looking to master secure wireless deployment in enterprise environments
Start Preparing Today
Whether you’re planning to pass the WISECURE exam on your first attempt or aiming to reinforce your professional skills in wireless network security, this practice exam is an essential resource. Get hands-on with advanced Cisco wireless security scenarios, test your understanding, and gain the confidence you need with Exam Sage.
Sample Questions and Answers
1. Which EAP method is most commonly used with WPA2-Enterprise in Cisco wireless deployments?
A. EAP-TLS
B. EAP-MD5
C. LEAP
D. EAP-FAST
Answer: A. EAP-TLS
Explanation: EAP-TLS (Extensible Authentication Protocol – Transport Layer Security) is considered one of the most secure EAP methods. It uses client and server certificates, ensuring strong mutual authentication, and is widely adopted in Cisco WPA2-Enterprise deployments.
2. What is the purpose of PMF (Protected Management Frames) in 802.11w?
A. Increase bandwidth
B. Encrypt user data
C. Protect management frames from tampering
D. Reduce latency
Answer: C. Protect management frames from tampering
Explanation: PMF enhances security by preventing spoofing and forgery of critical management frames like deauthentication and disassociation. It is a part of 802.11w and is essential in mitigating attacks like deauth floods.
3. Which Cisco component provides centralized management of wireless policies and security enforcement?
A. Cisco Identity Services Engine (ISE)
B. Cisco Prime Infrastructure
C. Cisco ASA
D. Cisco AnyConnect
Answer: A. Cisco Identity Services Engine (ISE)
Explanation: Cisco ISE provides centralized policy-based control for users and devices accessing network resources. It integrates with wireless infrastructure to enforce secure access using features like 802.1X and profiling.
4. Which protocol is used to securely tunnel EAP messages between the access point and the RADIUS server in wireless networks?
A. HTTPS
B. GRE
C. RADIUS
D. EAPoL
Answer: C. RADIUS
Explanation: RADIUS (Remote Authentication Dial-In User Service) is responsible for authenticating users and relaying EAP messages securely between the access point and the back-end authentication server.
5. In a Cisco wireless environment, what feature prevents rogue access points from broadcasting within your network?
A. CleanAir
B. Rogue AP Containment
C. RRM
D. WMM
Answer: B. Rogue AP Containment
Explanation: Rogue AP Containment uses wireless infrastructure to detect and disable unauthorized APs by sending deauthentication frames or disabling switch ports.
6. What authentication framework allows for mutual authentication and dynamic encryption keys in enterprise Wi-Fi?
A. PSK
B. 802.1X
C. MAC filtering
D. Static WEP
Answer: B. 802.1X
Explanation: 802.1X is the standard for port-based network access control and is used in enterprise Wi-Fi to provide strong authentication and dynamic key distribution through RADIUS and EAP.
7. Which WPA2 vulnerability was exposed by the KRACK attack?
A. Weak passwords
B. PMKID replay
C. 4-way handshake vulnerability
D. WEP fallback
Answer: C. 4-way handshake vulnerability
Explanation: KRACK (Key Reinstallation Attack) exploits weaknesses in the WPA2 4-way handshake process, allowing attackers to decrypt or manipulate traffic under certain conditions.
8. Which security feature in Cisco APs allows scanning of wireless channels for threats even when serving clients?
A. WMM
B. Spectrum Intelligence
C. CleanAir
D. Flexible Radio Assignment
Answer: C. CleanAir
Explanation: CleanAir technology allows Cisco APs to scan for and classify RF interference while continuing to serve clients, helping identify and mitigate security threats like jammers and rogue devices.
9. What Cisco tool is used to generate dynamic VLAN assignments based on user identity?
A. Cisco Prime
B. Cisco DNA Center
C. Cisco ISE
D. Cisco WLC
Answer: C. Cisco ISE
Explanation: Cisco ISE can dynamically assign users to VLANs based on identity, posture, or device type after successful authentication through 802.1X.
10. What is the purpose of RADIUS accounting in wireless authentication?
A. Encrypt user data
B. Prevent MAC spoofing
C. Track user session details
D. Provide DHCP assignments
Answer: C. Track user session details
Explanation: RADIUS accounting records information about user sessions, including login time, session duration, and data usage, essential for auditing and monitoring.
11. What is a key advantage of using EAP-TLS over PEAP in a wireless environment?
A. No need for certificates
B. Supports MAC filtering
C. Provides mutual authentication using certificates
D. Works without a RADIUS server
Answer: C. Provides mutual authentication using certificates
Explanation: EAP-TLS offers stronger security than PEAP by requiring certificates on both client and server, enabling mutual authentication and reducing the risk of man-in-the-middle attacks.
12. Which Cisco technology assists in identifying and blocking wireless DoS attacks?
A. Cisco AMP
B. Cisco Stealthwatch
C. Cisco WLC Rogue Detection
D. Cisco Umbrella
Answer: C. Cisco WLC Rogue Detection
Explanation: Cisco Wireless LAN Controllers (WLCs) can detect wireless DoS attacks such as deauthentication floods or fake APs by monitoring the RF spectrum and client behavior.
13. Which role does the supplicant play in the 802.1X framework?
A. Authenticator
B. RADIUS Server
C. Client requesting access
D. Wireless controller
Answer: C. Client requesting access
Explanation: The supplicant is the client device attempting to gain network access through authentication with the authenticator and RADIUS server.
14. What is the default port used by RADIUS for authentication requests?
A. 80
B. 443
C. 1812
D. 22
Answer: C. 1812
Explanation: RADIUS authentication typically uses UDP port 1812, while accounting uses port 1813.
15. Why should PEAP-MSCHAPv2 be avoided in highly secure environments?
A. It does not use encryption
B. It lacks server authentication
C. It can be susceptible to password cracking
D. It is not supported by Windows
Answer: C. It can be susceptible to password cracking
Explanation: PEAP-MSCHAPv2 relies on password-based credentials, making it vulnerable to offline cracking if the encrypted handshake is captured.
16. Which WPA3 feature improves protection against dictionary attacks?
A. 802.1X
B. Simultaneous Authentication of Equals (SAE)
C. WEP
D. PMK caching
Answer: B. Simultaneous Authentication of Equals (SAE)
Explanation: SAE, used in WPA3-Personal, provides forward secrecy and stronger protection against offline brute-force password guessing attacks.
17. What feature allows Cisco APs to automatically adjust channel and power settings?
A. CleanAir
B. RRM
C. MFP
D. FlexConnect
Answer: B. RRM
Explanation: Radio Resource Management (RRM) automatically adjusts AP settings to optimize coverage, reduce interference, and maintain performance.
18. What type of wireless attack floods a network with authentication requests?
A. Evil twin attack
B. Beacon flood
C. Authentication DoS
D. WPA cracking
Answer: C. Authentication DoS
Explanation: Authentication DoS overwhelms the AP with fake authentication requests, preventing legitimate users from connecting.
19. Which Cisco product provides post-connect endpoint posture assessments?
A. Cisco DNA Center
B. Cisco Umbrella
C. Cisco ISE
D. Cisco AMP
Answer: C. Cisco ISE
Explanation: Cisco ISE can perform post-connect posture assessments to evaluate endpoint security compliance and enforce access restrictions.
20. What feature enables Cisco WLCs to encrypt CAPWAP data between APs and the controller?
A. DTLS
B. IPsec
C. SSL
D. SNMPv3
Answer: A. DTLS
Explanation: Datagram Transport Layer Security (DTLS) is used to encrypt CAPWAP control and optionally data traffic between APs and the WLC.
21. Which tool helps detect client misbehavior and policy violations in Cisco wireless networks?
A. Cisco Umbrella
B. Cisco ISE
C. Cisco AMP
D. Cisco Stealthwatch
Answer: B. Cisco ISE
Explanation: Cisco ISE uses profiling and policy rules to detect anomalous client behavior or policy violations post-authentication.
22. What mechanism in 802.11ac improves security through beamforming?
A. Secure beam
B. Dynamic keying
C. Spatial stream encryption
D. Beamforming does not enhance security
Answer: D. Beamforming does not enhance security
Explanation: Beamforming improves signal quality and throughput by focusing signal directionality but does not provide any direct security benefits.
23. In Cisco WLCs, what does the ‘Management Frame Protection’ feature do?
A. Encrypts all wireless traffic
B. Prevents spoofed control frames
C. Protects management frames
D. Filters rogue SSIDs
Answer: C. Protects management frames
Explanation: MFP (Management Frame Protection) secures management traffic against spoofing, such as fake disassociation or deauthentication frames.
24. Which method helps isolate guests from internal enterprise wireless clients?
A. VLAN tagging
B. Guest anchor controller
C. 802.1X authentication
D. RRM
Answer: B. Guest anchor controller
Explanation: A guest anchor controller isolates guest wireless traffic by tunneling it to a designated WLC that is separated from internal resources.
25. What protocol secures communication between Cisco ISE and WLCs?
A. RADIUS
B. TACACS+
C. SNMP
D. FTP
Answer: A. RADIUS
Explanation: Cisco ISE and WLCs communicate using RADIUS for authentication, authorization, and accounting, secured over UDP.
26. What is the primary risk of using shared key authentication in wireless networks?
A. High bandwidth usage
B. Increased latency
C. Susceptibility to replay and dictionary attacks
D. Incompatibility with iOS
Answer: C. Susceptibility to replay and dictionary attacks
Explanation: Shared key authentication methods like WPA-PSK are vulnerable to key reuse, brute-force, and replay attacks if the key is weak or leaked.
27. What is the purpose of Access Control Lists (ACLs) in wireless security?
A. Speed up DNS resolution
B. Monitor client data usage
C. Restrict traffic flow based on policies
D. Assign dynamic IPs
Answer: C. Restrict traffic flow based on policies
Explanation: ACLs define what traffic is allowed or denied from clients, enforcing policy and segmenting access in wireless deployments.
28. What role does the WLC play in 802.1X authentication?
A. Supplicant
B. Authenticator
C. Authentication server
D. DHCP relay
Answer: B. Authenticator
Explanation: The WLC acts as the authenticator by relaying EAP messages between the wireless client (supplicant) and the RADIUS server.
29. How does MAC filtering work in Cisco wireless environments?
A. Filters based on IP addresses
B. Filters based on port numbers
C. Grants or denies access based on MAC addresses
D. Encrypts management frames
Answer: C. Grants or denies access based on MAC addresses
Explanation: MAC filtering allows or denies wireless access based on the device’s MAC address, but it’s easily spoofable and not recommended as a primary security mechanism.
30. Which Cisco wireless feature enables local switching while still using central authentication?
A. FlexConnect
B. CleanAir
C. RRM
D. DTLS
Answer: A. FlexConnect
Explanation: FlexConnect allows APs to switch traffic locally at the branch site while still using central authentication (e.g., with Cisco ISE).
31. What is the primary function of Cisco’s Identity Services Engine (ISE) in a wireless network?
A. Manage VLAN assignments
B. Provide wireless coverage mapping
C. Enforce access policies and authenticate clients
D. Control RF interference
Answer: C. Enforce access policies and authenticate clients
Explanation: Cisco ISE serves as a centralized policy management platform. It performs authentication, authorization, and accounting (AAA) for users and devices, enforcing security policies based on user identity, device type, and location.
32. Which protocol is commonly used between a Cisco WLC and ISE for AAA services?
A. LDAP
B. SNMP
C. RADIUS
D. TACACS+
Answer: C. RADIUS
Explanation: RADIUS is the standard protocol used for AAA services between Cisco WLC and ISE. It allows the controller to forward user authentication requests to ISE, which then evaluates policies and responds accordingly.
33. What Cisco wireless security feature protects management frames from spoofing attacks?
A. FlexConnect
B. CleanAir
C. Management Frame Protection (MFP)
D. WPA3
Answer: C. Management Frame Protection (MFP)
Explanation: MFP safeguards management frames by ensuring they are cryptographically signed, thus preventing spoofing or tampering. This protects against attacks like deauthentication floods.
34. What is the purpose of enabling Client Exclusion Policies on a Cisco WLC?
A. Prevents access point failures
B. Automatically blocks clients with repeated authentication failures
C. Disables clients with low signal strength
D. Enables dynamic VLAN assignment
Answer: B. Automatically blocks clients with repeated authentication failures
Explanation: Client exclusion helps protect the network from brute-force or misconfigured clients by temporarily banning them after a certain number of failed attempts, enhancing overall wireless security.
35. How does WPA3-Enterprise improve upon WPA2-Enterprise?
A. Uses shorter keys for faster performance
B. Supports WEP fallback
C. Mandates 192-bit encryption for sensitive environments
D. Eliminates the need for RADIUS authentication
Answer: C. Mandates 192-bit encryption for sensitive environments
Explanation: WPA3-Enterprise introduces a 192-bit security mode for high-security environments, providing stronger encryption and integrity protocols compared to WPA2.
36. What is the function of Cisco TrustSec in wireless environments?
A. Automates firmware updates
B. Provides RF spectrum analysis
C. Enforces scalable security policies using SGTs (Security Group Tags)
D. Detects physical tampering of APs
Answer: C. Enforces scalable security policies using SGTs (Security Group Tags)
Explanation: Cisco TrustSec uses SGTs to apply identity-based access controls, simplifying policy enforcement across wired and wireless networks by tagging traffic at the source.
37. Why is disabling lower data rates (e.g., 1 Mbps and 2 Mbps) recommended in secure WLANs?
A. To conserve bandwidth
B. To prevent legacy device connectivity
C. To reduce RF interference
D. To prevent attackers from exploiting low-rate DoS attacks
Answer: D. To prevent attackers from exploiting low-rate DoS attacks
Explanation: Lower data rates are more susceptible to attacks like low-rate DoS floods. Disabling them increases performance and reduces the attack surface by limiting long-range associations.
38. What role does SNMPv3 play in securing Cisco wireless networks?
A. Disables rogue APs
B. Encrypts RF signal transmissions
C. Provides encrypted and authenticated management access
D. Manages DHCP assignments
Answer: C. Provides encrypted and authenticated management access
Explanation: SNMPv3 offers enhanced security features over previous versions, including message encryption and authentication, ensuring that management data is protected.
39. Which tool or feature in Cisco wireless solutions enables the detection and mitigation of rogue devices?
A. NetFlow
B. Prime Infrastructure
C. Rogue Detection and Containment
D. Cisco AnyConnect
Answer: C. Rogue Detection and Containment
Explanation: Rogue Detection and Containment allows Cisco WLCs and APs to identify unauthorized APs broadcasting in the network and optionally block them or alert administrators.
40. What does the DTLS protocol secure in a Cisco wireless deployment?
A. Wireless management frames
B. Communication between AP and WLC in CAPWAP tunnels
C. SNMP traps
D. Client web portal access
Answer: B. Communication between AP and WLC in CAPWAP tunnels
Explanation: DTLS (Datagram Transport Layer Security) is used to encrypt the control channel in CAPWAP tunnels between lightweight APs and the WLC, ensuring secure configuration and policy communication.
41. Which authentication method uses digital certificates for both client and server authentication?
A. PEAP
B. EAP-TTLS
C. EAP-FAST
D. EAP-TLS
Answer: D. EAP-TLS
Explanation: EAP-TLS provides mutual authentication using X.509 certificates on both client and server sides. It is one of the most secure EAP methods due to its reliance on PKI.
42. What feature allows an access point to serve clients while scanning other channels for threats?
A. Rogue AP containment
B. Flexible Radio Assignment
C. Monitor mode
D. RRM
Answer: B. Flexible Radio Assignment
Explanation: FRA allows an AP radio to dynamically switch roles (client-serving or monitoring), enabling both spectrum analysis and client service without deploying dedicated sensors.
43. What is the role of Policy Classification in Cisco ISE?
A. Assign IP addresses
B. Classify incoming RADIUS traffic based on identity and context
C. Manage RF profiles
D. Adjust transmission power
Answer: B. Classify incoming RADIUS traffic based on identity and context
Explanation: Policy Classification in Cisco ISE evaluates session requests based on conditions such as user group, endpoint profile, and posture to determine access control policies.
44. Which attack is mitigated by enabling PMF (Protected Management Frames)?
A. Man-in-the-middle
B. MAC spoofing
C. Deauthentication/disassociation flood
D. DNS poisoning
Answer: C. Deauthentication/disassociation flood
Explanation: PMF ensures management frames are encrypted and authenticated, preventing spoofed deauth and disassociation frames from disconnecting clients.
45. What is the function of the Cisco CleanAir technology?
A. Encrypt wireless traffic
B. Identify and mitigate RF interference sources
C. Configure ISE policies
D. Update firmware automatically
Answer: B. Identify and mitigate RF interference sources
Explanation: CleanAir detects and classifies RF interference (e.g., microwave ovens, Bluetooth devices) and helps avoid those frequencies, maintaining wireless performance and security.
46. What is an example of an endpoint profiling attribute in Cisco ISE?
A. IP address
B. MAC address
C. DHCP class identifier
D. Signal strength
Answer: C. DHCP class identifier
Explanation: Endpoint profiling uses various attributes like DHCP options, user-agent strings, and MAC OUI to identify device types and apply proper security policies.
47. Which CAPWAP tunnel component carries client data between APs and WLCs?
A. Control tunnel
B. Management tunnel
C. Data tunnel
D. Authentication tunnel
Answer: C. Data tunnel
Explanation: CAPWAP creates separate tunnels for control and data. The data tunnel carries client data traffic, allowing centralized switching through the controller.
48. How does Cisco ISE support BYOD security?
A. By assigning static IPs
B. Through endpoint posture assessments and certificate provisioning
C. By forcing devices into VLAN 0
D. By encrypting all traffic with AES-256
Answer: B. Through endpoint posture assessments and certificate provisioning
Explanation: Cisco ISE automates onboarding and checks for security compliance of BYOD devices, issuing certificates and applying posture-based access policies.
49. What is the purpose of setting a pre-shared key with WPA2-Personal?
A. Provide dynamic VLANs
B. Authenticate users via a RADIUS server
C. Authenticate users using a shared secret
D. Assign access lists per user
Answer: C. Authenticate users using a shared secret
Explanation: WPA2-Personal (PSK) uses a pre-shared key to authenticate users. All clients use the same key, making it easier to deploy but less scalable than 802.1X.
50. Which of the following is a requirement for enabling WPA3-Enterprise in Cisco WLCs?
A. PSK configuration
B. 802.11b support
C. 802.1X authentication with 192-bit minimum security
D. SNMPv2c enabled
Answer: C. 802.1X authentication with 192-bit minimum security
Explanation: WPA3-Enterprise mandates the use of 802.1X and requires the 192-bit cryptographic suite, including AES-GCM and HMAC-SHA-384, for enhanced data protection.
51. In a Cisco wireless deployment, what does SGT stand for?
A. Secure Gateway Tunnel
B. Security Group Tag
C. Static Gateway Translation
D. Secure Guard Transport
Answer: B. Security Group Tag
Explanation: SGT is a key feature in Cisco TrustSec. It tags traffic based on identity or policy group, enabling consistent, scalable access control across the network.
52. What is the impact of enabling aggressive load balancing on a Cisco WLC?
A. Prevents high client throughput
B. Encourages clients to spread across APs by rejecting associations
C. Allows clients to roam instantly
D. Switches channels more frequently
Answer: B. Encourages clients to spread across APs by rejecting associations
Explanation: Aggressive load balancing improves distribution by temporarily rejecting connection requests to overloaded APs, nudging clients toward less-loaded ones.
53. What is the main function of a WLC mobility group in Cisco wireless networks?
A. Create RF groups for RRM
B. Enable seamless client roaming between WLCs
C. Perform spectrum analysis
D. Assign SSIDs to APs
Answer: B. Enable seamless client roaming between WLCs
Explanation: Mobility groups allow WLCs to share client and session information. This supports fast and secure client roaming across different controllers within the same group.
54. What Cisco technology assigns access control based on user and device identity, rather than IP addresses?
A. VLAN mapping
B. MAC filtering
C. TrustSec
D. Port Security
Answer: C. TrustSec
Explanation: Cisco TrustSec enables policy enforcement using identity-based attributes (SGTs), decoupling security from traditional IP-based ACLs.
55. How does Cisco Wireless LAN Controller handle rogue AP detection?
A. Only via SNMP traps
B. Through CleanAir spectrum scanning
C. Via neighboring AP reports and RF scanning
D. By analyzing web traffic
Answer: C. Via neighboring AP reports and RF scanning
Explanation: APs report nearby unauthorized APs detected during periodic scanning. The controller can flag these as rogue based on criteria like MAC, SSID, or location.
56. What type of encryption is used in CAPWAP DTLS tunnels?
A. RC4
B. AES
C. Blowfish
D. DES
Answer: B. AES
Explanation: DTLS uses AES (Advanced Encryption Standard) to secure CAPWAP control traffic, protecting configuration and control messages between APs and WLC.
57. Which wireless security standard introduced Simultaneous Authentication of Equals (SAE)?
A. WPA2
B. WPA
C. WPA3
D. WEP
Answer: C. WPA3
Explanation: SAE replaces the PSK exchange in WPA2 with a more secure key exchange mechanism that protects against offline dictionary attacks and forward secrecy.
58. In Cisco ISE, what does Posture Assessment verify?
A. Whether a user has the correct SSID
B. If a device meets defined security criteria (e.g., AV installed, patches applied)
C. If VLAN assignment is correct
D. The MAC address of the endpoint
Answer: B. If a device meets defined security criteria (e.g., AV installed, patches applied)
Explanation: Posture Assessment ensures that client devices are compliant with corporate security policies before granting full network access.
59. What does the term “anchor controller” refer to in Cisco wireless architecture?
A. The controller managing RRM
B. The WLC that handles guest traffic in a DMZ
C. The master controller for CAPWAP
D. A controller used only for CleanAir
Answer: B. The WLC that handles guest traffic in a DMZ
Explanation: In centralized guest access deployments, the anchor controller terminates guest traffic in a secure DMZ and applies guest-specific policies.
60. What’s a key reason to enable 802.11w (PMF) on WLANs?
A. Reduces channel overlap
B. Enhances throughput
C. Prevents disconnection via spoofed management frames
D. Forces clients into monitor mode
Answer: C. Prevents disconnection via spoofed management frames
Explanation: 802.11w (PMF) protects management frames like deauthentication and disassociation from spoofing, securing clients from interruption-based attacks.
