Which of the following is the only IETF Standards Track based EAP method that does not provide server authentication?

A.
EAP-FAST

B.
EAP-MD5

C.
EAP-TTLS

D.
EAP-TLS

Explanation:
EAP-MD5 is the only IETF Standards Track based EAP method. It does not provide server authentication. It offers minimal security; the MD5 hash function is vulnerable to dictionary attacks, and does not support key generation, which makes it unsuitable for use with dynamic WEP, or WPA/WPA2 enterprise. EAP-MD5 differs from other EAP methods in that it only provides authentication of the EAP peer to the EAP server but not mutual authentication. By not providing EAP server authentication, this EAP method is vulnerable to man-in-the-middle attacks. EAP-MD5 support was first included in Windows 2000 and deprecated in Windows Vista. Answer option D is incorrect. EAP-Transport Layer Security (EAP-TLS) is an IETF open standard and is well-supported among wireless vendors.
The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server.
Answer option C is incorrect. EAP-Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extends TLS. It is widely supported across platforms; although there is no native OS support for this EAP protocol in Microsoft Windows, it requires the installation of small extra programs such as SecureW2. EAP-TTLS offers very good security. The client can but does not have to be authenticated via a CA-signed PKI certificate to the server. This greatly simplifies the setup procedure, as a certificate does not need to be installed on every client. After the server is securely authenticated to the client via its CA certificate and optionally the client to the server, the server can then use the established secure connection (“tunnel”) to authenticate the client.
Answer option A is incorrect. EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) is a publicly accessible IEEE 802.1X protocol developed by Cisco. It is designed to search the weaknesses of LEAP while conserving the lightweight implementation. The use of server certificates is optional in EAP-FAST. EAP-FAST uses a Protected Access Credential (PAC) to establish a TLS tunnel in which
client identifications are verified. EAP-FAST has the following three phases:
1.Phase 0: It is an optional phase in which the PAC can be provisioned manually or dynamically. PAC provisioning is still officially work-in-progress, even though there are many implementations. PAC provisioning typically only needs to be done once for a RADIUS server, client pair. 2.Phase 1: In this phase, the client and the AAA server uses the PAC to establish TLS tunnel. 3.Phase 2: In this phase, the client credentials are exchanged inside the encrypted tunnel.