CCIE Security Written Exam: Client MFP Components - Answer Key

Client MFP Components

Prev Question Next Question


Client MFP supplements rather than replaces infrastructure MFP.

Which three are client MFP components? (Choose three.)



Click on the arrows to vote for the correct answer

A. B. C. D. E.


MFP stands for Management Frame Protection, which is a security feature designed to protect the wireless network against attacks that exploit vulnerabilities in the management frames. Management frames are used for communication between wireless clients and access points (APs) and contain important information such as authentication and association requests.

Client MFP is a feature that is supported on wireless clients, and it supplements the infrastructure MFP that is supported on APs. Client MFP provides additional protection for the wireless client, even if the AP does not support MFP.

The three components of client MFP are:

  1. Key generation and distribution: Client MFP uses a pre-shared key (PSK) that is distributed to the client and AP. The key is used to protect the management frames exchanged between the client and AP. The PSK is generated by a key management server and is unique for each client and AP.

  2. Protection and validation of management frames: Client MFP protects the management frames by adding a Message Integrity Check (MIC) to each frame. The MIC is calculated using the PSK and is used to validate the authenticity and integrity of the management frame. If the MIC does not match, the frame is discarded.

  3. Error reports: Client MFP generates error reports if there is a problem with the MIC validation process. The error reports can be used for troubleshooting purposes.

Therefore, options A, B, and E are the correct components of client MFP, while options C and D are not.