Certified Ethical Hacker v11 312-50v11 – Question281

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication
"open" but sets the SSID to a 32-character string of random letters and numbers.
What is an accurate assessment of this scenario from a security perspective?

A.
Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.
B. Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging "security through obscurity".
C. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.
D. Javik's router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.

Correct Answer: C