When using a tunneled EAP type, what is protected from clear text across the wireless medium?

A.
X.509 certificates

B.
User credentials

C.
EAPoL keys

D.
Pairwise Master keys

E.
Server credentials

Explanation:
You have already learned that within any 802.1X framework the authentication server validates the supplicant ‘ s credentials. The most secure EAP authentication methods incorporate the concept ofmutual authentication.

The supplicant identity credentials are then exchanged within the encrypted TLS tunnel. The supplicant identity, we have already learned, can come in many forms. Whatever form of identity that is passed by supplicant, it will be passed within the encrypted TLS tunnel. The TLS tunnel protects the supplicant credentials from offl ine dictionary attacks and from eavesdropping. This is just like the method employed with e – commerce websites using SSL where credit card and personal information is passed securely through an SSL tunnel.

The supplicant sends an EAP response frame with the supplicant ‘ s identity in clear text. The username is always in clear text in the EAP – Response Identity frame. At this point, the uncontrolled port opens to allow EAP traffic through. All other traffic remains blocked by the controlled port.