A security administrator must implement a network authentication solution which will ensure
encryption of user credentials when users enter their username and password to
authenticate to the network. Which of the following should the administrator implement?
A.
WPA2 over EAP-TTLS
B.
WPA-PSK
C.
WPA2 with WPS
D.
WEP over EAP-PEAP
What?
0
0
Ha!!
This one is blatently wrong.
Now i am certain that a few others have been as well.
Nonetheless, the correct answer is: WPA2 over EAP-TTLS
0
0
EAP-TTLS (Tunneled Transport Layer Security) is designed to provide authentication that is as strong as EAP-TLS, but it does not require that each user be issued a certificate. Instead, only the authentication servers are issued certificates. User authentication is performed by password, but the password credentials are transported in a securely encrypted tunnel established based upon the server certificates.
The EAP-PEAP (Protected EAP) protocol is similar to EAP-TTLS. Unlike EAP-TTLS, which can tunnel any kind of authentication request (such as PAP or CHAP) and extended attributes, PEAP can tunnel only other EAP protocols inside its connection.
Both methods seem to encrypt the username and password, so why WEP over EAP-PEAP is the “correct” answer is beyond me.
0
0
As I read in comptia security+ book page 183 ” Although many consider PEAP and EAP-TTLS to be similar, PEAP is more secure because it establishes an encrypted channel between the server and the client”, so i think D is the correct one.
0
0
I see the same thing in the book. For the sake of the test, I’ll go with what’s in the CompTIA book.
0
0
EAP-TTLS and EAP-PEAP provide the same ability “encryption of user credentials when users enter their username and password to authenticate”, since both establish a secured channel prior to authentication information being sent back to the TTLS/PEAP server. It was challenging to find info on EAP-PEAP.
No, the glaring thing here is WEP doesn’t support EAP of any kind.
0
0
I read somewhere that five EAP types adopted by the WPA/WPA2 standard are EAP-TLS, EAP-PSK, EAPMD5,LEAP and PEAP.
0
0
BTW, part of free PL SY0-401 dumps are available here:
https://drive.google.com/open?id=0B-ob6L_QjGLpcG9CWHp3bXlNTTg
0
0
Another question that leaves more questions than answers.
If the challenge of securing a wireless LAN wasn’t already confusing enough, things have just gotten worse. The confusion started IN 2005 when the Wi-Fi Alliance changed the WPA and WPA2 standards from supporting a single EAP (Extensible Authentication Protocol) standard to five EAP standards.
A. WPA2 over EAP-TTLS
This one is by far the strongest of them all
D. WEP over EAP-PEAP
This one is by far the weakest of them all
So The first questions is: Why would anybody use WEP for authentication when they can use WPA or WPA2? Everybody knows that WPA provides stronger wireless data encryption than WEP.
WEP and EAP:
As an aside: Wired Equivalent Privacy (WEP) is laid out in the original 802.11 standard. The 802.1x standard augments WEP with Extensible Authentication Protocol (EAP) and secure key exchange using Transport Layer Security (TLS). (1) https://mcpmag.com/articles/2003/05/01/empire-of-the-air-wep-and-eap.aspx
Having said that, to my mind the answer is still A
0
0