Matt, a systems security engineer, is determining which credential-type authentication to use within a
planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a
server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method
BEST fits these requirements?
A.
EAP-TLS
B.
EAP-FAST
C.
PEAP-CHAP
D.
PEAP-MSCHAPv2
Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is
accomplished via password-base credentials (user name and password) rather than digital certificates or
smart cards. Only servers running Network Policy Server (NPS) or PEAP-MS-CHAP v2 are required to have
a certificate.Incorrect Answers:
A: Authenticated wireless access design based on Extensible Authentication Protocol – Transport Level
Security (EAP-TLS) can use either smart cards or user and computer certificates to authenticate wireless
access clients. EAP-TLS does not use usernames and passwords for authentication.
B: EAP-FAST does not make use of TLS, but PAC (Protected Access Credentials).
C: CHAP intermittently authenticates the identity of the client via a three-way handshake.https://technet.microsoft.com/en-us/library/dd348500(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/dd348478(v=ws.10).aspx
http://www.techrepublic.com/article/ultimate-wireless-security-guide-a-primer-on-cisco-eap-fastauthentication/
http://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol