Which of the following should be used to authenticate and log connections from wireless users
connecting with EAP-TLS?

A.
Kerberos

B.
LDAP

C.
SAML

D.
RADIUS

Explanation:
EAP-TLS, defined in RFC 2716, is an IETF open standard, and is well-supported among wireless vendors. It
offers a good deal of security, since TLS is considered the successor of the SSL standard. It uses PKI to
secure communication to the RADIUS authentication server.
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized
Authentication, Authorization, and Accounting (AAA) management for users who connect and use a
network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it isoften used by ISPs and enterprises to manage access to the Internet or internal networks, wireless
networks, and integrated e-mail services.
Incorrect Answers:
A: Kerberos makes use of encryption keys as tickets with time stamps to prove identity and grant access
to resources. It is not used to authenticate and log connections from wireless users connecting with EAPTLS. Therefore, this answer is incorrect.
B: The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard
application protocol for accessing and maintaining distributed directory information services over an
Internet Protocol (IP) network. It is not used to authenticate and log connections from wireless users
connecting with EAP-TLS. Therefore, this answer is incorrect.
C: Security Assertion Markup Language (SAML) is an open-standard data format centered on XML. It is
used for supporting the exchange of authentication and authorization details between systems, services,
and devices. It is not used to authenticate and log connections from wireless users connecting with EAPTLS. Therefore, this answer is incorrect.

http://en.wikipedia.org/wiki/RADIUS
http://wiki.freeradius.org/protocol/EAP