In wireless security, which mode uses a passphrase-based mechanism to derive an encryption key?

• A. enterprise authentication
• B. certificate-based authentication
• C. pre-shared key (PSK)
• D. open authentication

Answer: (C)

Deriving an encryption key from a user-provided passphrase is how pre-shared key mode works. In WPA/WPA2-PSK, the same passphrase is configured on both ends, and that passphrase is run through a key derivation function (PBKDF2) with the network’s SSID as the salt to produce the PMK (Pairwise Master Key). That PMK is then used, along with other data, to derive the PTK (Pairwise Transient Key), which feeds the actual encryption algorithms protecting the traffic. Because the security relies on the strength of the passphrase, weak passphrases are vulnerable to offline guessing once the handshake is captured. In contrast, enterprise authentication uses 802.1X with credentials or certificates and derives session keys through the EAP exchange, not from a single shared passphrase, and open authentication provides no credentials or keys at all.