WPA requires TKIP, WPA2 requires AES and CCMP, WPA3 in 128-bit mode requires AES and CCMP, but WPA3 in 192-bit mode requires AES-GCMP.

The Wi-Fi Alliance defines all versions of the Wi-Fi Protected Access (WPA) security suite. The IEEE is not a correct answer because it defines and maintains many networking standards, including 802.11 and 802.1x, which are used in wireless networking. The FCC is not a correct answer because it is the governing body in the United States that regulates RF frequencies, channels, and transmission power. Cisco is not a correct answer because it designs and manufactures wireless networking products that must adhere to the WPA standards, but not define them.

Encryption is the only way to protect message privacy so that it can be unencrypted and understood by only the intended recipient. Authentication protects network access but does not protect privacy. The MIC function protects data integrity so that it cannot be altered without detection, but it does not affect data privacy. DPP does not affect data privacy because it is a fictitious mechanism.

WPA2-Enterprise mode uses 802.1x to control access until an EAP method successfully authenticates wireless users and devices. AES is used in WPA2-Enterprise, along with CCMP, but that is not unique to the WPA2 version. WPA and WPA3 also use AES, though with differing encryption protocols of CCMP and GCMP, respectively.

The enterprise mode of any WPA version will utilize external authentication through the EAP framework. Therefore, WPA2-Enterprise and WPA3-Enterprise are correct answers. Personal mode does not use EAP.

WPA, WPA2, and WPA3 Page number:1190

WPA2-Personal mode uses a pre-shared key to authenticate wireless devices. Therefore, the pre-shared keys must be configured on every wireless device. If the key ever needs to be changed, network administrators must touch every device to enter a new key. As well, the 4-way handshake can be captured, allowing malicious users to launch an offline dictionary attack to recover the actual pre-shared key. WPA2-Personal does not involve the use of authentication servers or digital certificates.

WPA, WPA2, and WPA3 Page number:1190

The Wi-Fi alliance defines three versions of Wi-Fi Protected Access (WPA):

- WPA: First generation of WPA certification; based on TKIP
- WPA2: Second generation based on CCMP
- WPA3: Third generation based on GCMP

Each version is meant to replace the previous version because of better security mechanisms. The Wi-Fi Alliance defined WPA before the IEEE created their 802.11i security standard. After the IEEE ratified 802.11i, the Wi-Fi Alliance defined WPA2, to replace WPA, matching the details in the 802.11i standard.  

WPA, WPA2, and WPA3 Page number:1190