Matt, a systems security engineer, is determining which credential-type authentication to use within a planned
802.1x deployment. He is looking for a method that does not require a client certificate, has a server side
certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these
requirements?

A.
EAP-TLS

B.
EAP-FAST

C.
PEAP-CHAP

D.
PEAP-MSCHAPv2

Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is
accomplished via password-base credentials (user name and password) rather than digital certificates or smart
cards. Only servers running Network Policy Server (NPS) or PEAP-MS-CHAP v2 are required to have a
certificate.