A service set identifier (SSID) is the public name that identifies a wireless network, like 'CoffeeShop_WiFi.' Verifying that an SSID exactly matches the network you intend to join is a key defense against evil twin attacks (EK 1.3.B.1, EK 1.3.C.1).
A service set identifier (SSID) is just the name of a Wi-Fi network. It's the text you see in your phone's list of available networks, like 'Library_Guest' or 'CoffeeShop.' A wireless access point (WAP) broadcasts its SSID so nearby devices know it exists and can connect to it.
Here's the catch that makes the SSID matter for security: it's only a name, and names aren't unique or protected. Anyone can set up their own access point and give it any SSID they want, including one that's identical to a legitimate network. That's exactly what an attacker does in an evil twin attack. So when EK 1.3.C.1 says you should verify that the name of the network you join exactly matches the network you intend to join, the SSID is the thing you're checking.
SSID lives in Unit 1 (Introduction to Security), specifically Topic 1.3, Best Practices for Public Networks. It connects two learning objectives at once. Under AP Cybersecurity 1.3.B (identifying wireless cyberattacks), the SSID is the lever an adversary pulls in an evil twin attack by cloning a trusted network's name. Under AP Cybersecurity 1.3.C (actions to protect sensitive data), checking the SSID is the simple, individual-level defense that EK 1.3.C.1 calls out directly. So the same concept shows up as both the vulnerability and the defense, which is exactly the kind of dot the exam wants you to connect.
Keep studying AP Cybersecurity Unit 1
Visual cheatsheet
view galleryEvil Twin Attack (Unit 1)
An evil twin is an attacker's WAP broadcasting an SSID similar or identical to a real network. The whole attack works because SSIDs are just names that anyone can copy, so victims connect without realizing it.
Wireless Access Point (WAP) (Unit 1)
A WAP is the physical device that bridges wireless devices to a wired network, and the SSID is the name that WAP broadcasts. Same hardware, two roles: legitimate WAPs broadcast trusted SSIDs, and rogue WAPs broadcast fake ones.
VPN and HTTPS (Unit 1)
Verifying the SSID stops you from joining the wrong network, but if you slip up, encryption is your backup. A VPN encrypts all your traffic to the VPN operator, and HTTPS protects individual web sessions, so even an evil twin can't read protected data (EK 1.3.C.2, EK 1.3.C.3).
Expect SSID in multiple-choice stems that describe wireless attacks or defenses. A classic setup describes a war driving adversary spotting a network name like 'CoffeeShop' and asks which wireless component they're identifying, and the answer is the SSID. Another type describes an attacker cloning a network name and expects you to recognize an evil twin attack built on a duplicated SSID. Be ready to separate the SSID (the name) from the WAP (the device that broadcasts it), since stems often test whether you can tell those two apart. There's no released FRQ using this term verbatim, but the SSID-checking habit fits any scenario asking how an individual protects sensitive data on public Wi-Fi.
The SSID is the name; the WAP is the box. The WAP is the physical hardware that connects wireless devices to a wired network, and the SSID is the label that WAP broadcasts so devices can find it. One device can broadcast a name, and an attacker can broadcast a fake name, so don't treat them as the same thing on the exam.
An SSID is the name of a wireless network, like the text you tap to connect in your Wi-Fi list.
SSIDs are not unique or protected, so an attacker can clone a trusted name to set up an evil twin (EK 1.3.B.1).
EK 1.3.C.1 says to verify the SSID exactly matches the network you mean to join before connecting.
Don't confuse the SSID (the name) with the WAP (the device that broadcasts it).
If you connect to the wrong network, encryption like HTTPS or a VPN still protects your sensitive traffic.
An SSID, or service set identifier, is the name of a wireless network that a WAP broadcasts so devices can find and join it. On the AP exam it matters most as the thing you verify (EK 1.3.C.1) and the thing attackers clone in an evil twin attack (EK 1.3.B.1).
No. The SSID is the network's name, while the WAP (wireless access point) is the physical device that broadcasts that name and connects wireless devices to a wired network. The exam often tests whether you can keep those two straight.
Because an evil twin attack works by broadcasting a fake SSID that looks similar or identical to a real one. If you check that the name exactly matches the network you intend to join, you're less likely to connect to an attacker's access point (EK 1.3.C.1, EK 1.3.B.1).
Not really. Hiding or not broadcasting an SSID doesn't encrypt your traffic, and tools can still detect networks, which is why the CED emphasizes encryption defenses like a VPN and HTTPS for actual data protection (EK 1.3.C.2, EK 1.3.C.3).
An SSID is just a network name, while an evil twin is an entire attack where an adversary's WAP broadcasts a copied SSID to trick victims into connecting. The SSID is the tool; the evil twin is the attack built on top of it.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.