What is CertGuide.ai?

CertGuide.ai is an AI-powered certification prep platform that helps you pass CompTIA exams like Security+, Network+, and A+. It maps all exam concepts, diagnoses your weak areas, and creates personalized study plans.

How does CertGuide compare to CertMaster?

CertGuide.ai offers AI-powered diagnostics that map your knowledge across all 183 Security+ concepts, personalized study plans, and an AI tutor. Unlike traditional prep tools, CertGuide shows you exactly which concepts need work and tracks your progress to exam readiness.

What is the pass rate for CertGuide users?

99% of CertGuide users who reach 95% concept mastery pass their certification exam on the first attempt.

How much does CertGuide cost?

CertGuide offers a free baseline assessment to diagnose your current knowledge. Full course access is $49 per certification exam.

Which CompTIA certifications does CertGuide support?

CertGuide currently supports CompTIA Security+ (SY0-701), with Network+ and A+ (Core 1 & Core 2) launching soon.

What is the purpose of a wireless site survey?

A site survey assesses the physical environment before wireless deployment to identify coverage requirements, detect existing wireless networks and interference, plan access point placement, and identify security concerns like signal bleeding outside building boundaries.

What does a wireless heat map show?

A heat map visually displays wireless signal strength across a physical space using color coding—typically red/orange for strong signals, green for acceptable, and blue for weak. Heat maps help plan coverage, identify dead zones, detect signal bleed, and troubleshoot issues.

Why is signal bleed a security concern?

Signal bleed allows wireless signals to extend outside building boundaries where attackers can attempt to connect from parking lots or adjacent areas. Even with encryption, this increases attack surface. Mitigation includes reducing AP power, using directional antennas, and strategic AP placement.

What are non-overlapping 2.4 GHz channels?

In the 2.4 GHz band, channels 1, 6, and 11 are non-overlapping—they don't interfere with each other. Using only these channels prevents co-channel interference. Adjacent APs should use different non-overlapping channels for optimal performance.

Objective 4.1Medium11 min

Wireless Security Installation

Implementing wireless security including installation considerations, site surveys, heat maps, and secure access point deployment for enterprise environments.

Understanding Wireless Security Installation

Wireless security starts with proper planning and deployment. Site surveys, heat maps, and careful installation prevent security issues before they occur—from rogue access points to signal bleeding outside building boundaries.

Key wireless security elements: • Site surveys — Assess environment before deployment • Heat maps — Visualize signal coverage and strength • AP placement — Strategic positioning for security • Installation considerations — Physical and logical security

In 2007, TJX Companies suffered a massive breach partly enabled by weak wireless security—attackers sat in parking lots capturing unencrypted wireless traffic. Proper site surveys would have identified signal bleeding outside the building, and stronger encryption would have prevented the data capture.

Wireless security requires both proper deployment AND proper protocols.

Why This Matters for the Exam

Wireless security deployment is tested on SY0-701 because poor installation creates vulnerabilities. Questions cover site surveys, heat maps, and installation best practices.

Understanding wireless deployment helps with network security, physical security, and compliance. Wireless signals don't stop at walls—planning is essential.

The exam tests recognition of deployment considerations and their security implications.

Deep Dive

What Is a Wireless Site Survey?

A site survey assesses the physical environment before deploying wireless infrastructure.

Site Survey Types:

Type	Description	When Used
Passive	Listen for existing signals	Initial assessment
Active	Test with actual equipment	Detailed planning
Predictive	Software modeling	Design phase

Site Survey Goals:

Coverage goals:
- Identify dead zones
- Ensure adequate signal strength
- Plan AP placement

Security goals:
- Identify signal bleed areas
- Find existing wireless networks
- Detect rogue access points
- Assess interference sources

Site Survey Process:

Step	Activity
1	Obtain floor plans
2	Identify coverage requirements
3	Walk facility with survey tool
4	Document signal measurements
5	Identify interference sources
6	Plan AP locations
7	Validate with test deployment

What Are Wireless Heat Maps?

Heat maps visualize wireless signal strength across a physical space.

Heat Map Components:

Color coding (typical):
🔴 Red/Orange = Strong signal (-30 to -50 dBm)
🟡 Yellow = Good signal (-50 to -70 dBm)
🟢 Green = Acceptable (-70 to -80 dBm)
🔵 Blue = Weak signal (-80 to -90 dBm)
⚫ No color = No coverage

Heat Map Uses:

Use	Purpose
Coverage planning	Ensure no dead zones
Security analysis	Identify signal bleeding
Interference detection	Find conflicting signals
Capacity planning	Identify congested areas
Troubleshooting	Diagnose connectivity issues

Signal Bleed Security:

Concern: Signal extending outside building
Risk: Attackers in parking lot can connect

Mitigation:
- Reduce AP power levels
- Strategic AP placement (interior)
- Directional antennas
- Physical barriers

What Are Installation Considerations?

Physical Security:

Consideration	Security Implication
AP location	Tamper-resistant placement
Physical access	Locked enclosures if needed
Cable security	Protected from access
Console access	Secured physical ports

AP Placement Strategy:

Security-focused placement:
- Center of building, not near windows
- Ceiling mounted (harder to tamper)
- Reduce power to limit bleed
- Away from exterior walls

Coverage vs Security trade-off:
- Full coverage may cause bleed
- Security may create dead zones
- Balance based on requirements

Logical Security:

Control	Purpose
SSID configuration	Don't broadcast sensitive info
Encryption	WPA3 or WPA2-Enterprise
Authentication	802.1X, RADIUS
Segmentation	Separate guest/corporate
MAC filtering	Additional layer (not primary)

What Is Channel Planning?

Proper channel selection prevents interference and improves security monitoring.

2.4 GHz Channels:

Non-overlapping channels: 1, 6, 11
Use only these to avoid interference

[CH 1][   ][   ][   ][   ][CH 6][   ][   ][   ][   ][CH 11]

Adjacent APs should use different channels

5 GHz Channels:

Many more non-overlapping channels
DFS channels may require radar detection
Less interference than 2.4 GHz
Shorter range = better for security

What Are Rogue Access Point Concerns?

Rogue APs are unauthorized wireless access points on the network.

Rogue AP Types:

Type	Description	Risk
Employee-installed	Personal AP for convenience	Network bypass
Attacker-installed	Malicious AP	Data capture
Evil twin	Spoofs legitimate SSID	Credential theft

Rogue Detection:

Methods:
- Wireless IDS/IPS
- Site surveys (periodic)
- Network monitoring (unauthorized MACs)
- Physical inspection

Response:
- Locate rogue device
- Disconnect from network
- Investigate source
- Update policies

What Are Antenna Considerations?

Antenna type affects coverage pattern and security.

Antenna Types:

Type	Pattern	Use Case
Omnidirectional	360° coverage	General coverage
Directional	Focused beam	Point-to-point, perimeter
Parabolic	Very focused	Long distance

Security Applications:

Directional antennas:
- Point AWAY from exterior walls
- Reduce signal in parking lots
- Control coverage area

Power control:
- Lower power = smaller coverage
- Reduce to minimum needed
- Less signal outside building

How CompTIA Tests This

Example Analysis

Scenario: A company is deploying wireless in a new office building. The building has large windows, is adjacent to a public parking lot, and will have both employees and visitors needing wireless access. Design a secure wireless deployment.

Analysis - Secure Wireless Deployment:

Site Survey Findings:

Building characteristics:
- 3 floors, 50,000 sq ft total
- Large windows on all sides
- Underground parking garage
- Adjacent public parking lot
- Concrete core, drywall offices

Interference detected:
- Neighbor WiFi on channels 1, 11
- Bluetooth from nearby building
- Microwave in break room

Heat Map Planning:

Coverage requirements:
- 100% coverage in work areas
- Minimal bleed to exterior
- Separate coverage for lobby/guests

AP placement strategy:
- Interior of floor, away from windows
- Reduced power on perimeter APs
- Higher density in center

Network Segmentation:

SSID: Corporate-Secure
- WPA3-Enterprise (802.1X)
- RADIUS authentication
- Corporate VLAN
- Full network access

SSID: Guest-WiFi
- WPA3-Personal or captive portal
- Isolated VLAN
- Internet only, no internal access
- Bandwidth limited

Physical Installation:

Location	Configuration
Perimeter offices	Low power, directional inward
Interior areas	Normal power, omnidirectional
Conference rooms	Coverage for presentations
Lobby	Guest network only
Parking garage	No corporate signal

Security Controls:

Control	Implementation
Encryption	WPA3 (WPA2-Enterprise minimum)
Authentication	802.1X with RADIUS
Rogue detection	Wireless IPS enabled
Signal control	Power levels minimized
Monitoring	Continuous WIDS scanning

Channel Plan:

2.4 GHz: Use only 1, 6, 11
- Floor 1: AP1=1, AP2=6, AP3=11...
- Alternate to avoid co-channel interference

5 GHz: Primary band for security
- More channels available
- Shorter range = less bleed
- Required for high-density areas

Key insight: Wireless security combines physical planning (site surveys, heat maps, AP placement) with logical controls (encryption, authentication, segmentation). Signal management is as important as encryption—signals that reach attackers can be attacked regardless of encryption strength.

Key Terms

wireless securitysite surveyheat mapwireless installationAP placementWiFi securitysignal coverage

Common Mistakes

Skipping site surveys—deploying without surveys leads to coverage gaps and signal bleeding.

Maximum power for all APs—excessive power causes signal to extend outside secure areas.

Single SSID for all users—guests and employees should have separate networks with different access.

Ignoring rogue APs—periodic surveys and wireless IDS are essential to detect unauthorized devices.

Exam Tips

Site survey = assess environment BEFORE deploying wireless. Identifies coverage needs and security issues.

Heat map = visual representation of signal strength. Red/orange = strong, blue = weak.

Signal bleed = wireless extending outside building. Mitigate with power reduction, directional antennas.

2.4 GHz non-overlapping channels: 1, 6, 11 only. Using others causes interference.

Rogue AP = unauthorized access point. Can be employee-installed or attacker-installed (evil twin).

5 GHz = more channels, shorter range, better for security (less bleed).

Memory Trick

•Site Survey Purpose - "SCIP":
•Signal strength mapping
•Coverage planning
•Interference detection
•Placement decisions

Heat Map Colors: "Red = Really strong" "Blue = Barely there" (Think: Fire is hot/strong, ice is cold/weak)

2.4 GHz Channels: "1, 6, 11 = Won Six Eleven" (WSE = WiFi Standards Everywhere) Only use these three non-overlapping channels

•Signal Bleed Control - "PPD":
•Power reduction
•Placement (interior, not perimeter)
•Directional antennas

Rogue AP Types: "Employee installs for Ease" "Evil twin Exfiltrates data"

Antenna Rule: "Omni = Outward everywhere" "Directional = Directed focus"

Test Your Knowledge

Q1.What is the PRIMARY purpose of performing a wireless site survey?

Q2.A heat map shows red/orange areas extending into the parking lot. What does this indicate?

Q3.Which 2.4 GHz channels are non-overlapping and should be used for AP deployment?

Want more practice with instant AI feedback?

Continue Learning

Wireless Security Standards Network Architecture

Ready for the Exam?

See exactly where you stand on this concept and 182 others.

99% pass rate · Pass guarantee

Hardening Targets Mobile Solutions