Which of the following does PEAP use to authenticate the user inside an encrypted tunnel?
Each correct answer represents a complete solution. Choose two.

A.
RC4

B.
AES

C.
MS-CHAP v2

D.
GTC

Explanation:
PEAP uses only a server-side certificate. This certificate creates an encrypted tunnel in which the user is authenticated. PEAP (Protected EAP) uses Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) or Generic Token Card (GTC) to authenticate the user inside an encrypted tunnel. Fact What is PEAP? Hide PEAP (Protected Extensible Authentication Protocol) is a method to securely transmit authentication information over wired or wireless networks. It was jointly developed by Cisco Systems, Microsoft, and RSA Security. PEAP is not an encryption protocol; as with other EAP protocols, it only authenticates a client into a network. PEAP uses server-side public key certificates to authenticate the server. It creates an encrypted SSL/TLS (Secure sockets layer/Transport layer security) tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server’s public key. The resultant exchange of authentication information inside the tunnel to authenticate the client is then encrypted and the user credentials are thus safe and secure. Fact What is MS- CHAP v2? Hide Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is the new version of MSCHAP. MS-CHAP v2 provides the highest level of security and encryption for dial-up connection in the environment consisting of both Windows NT and Windows 2000/XP dial-up clients. It provides mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving datA.Fact What is GTC? Hide GTC (Generic Token Card) is an alternative to PEAP-MSCHAPv2. GTC is used by the PEAP authentication protocol to tunnel password data that is used for token cards and plaintext authentication. It carries a text challenge from an authentication server and a reply that is generated by a security token. GTC does not generate session keys to secure network traffic.
Answer A is incorrect. RC4 is a stream cipher designed by Ron Rivest. It is used in many applications, including Transport Layer Security (TLS), Wired EquivalentPrivacy (WEP), Wi-Fi Protected Access (WPA), etc. RC4 is fast and simple. However, it has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not discarded, nonrandom or related keys are used, or a single keystream is used twice. Some ways of using RC4 can lead to very insecure cryptosystems such as WEP.

Answer B is incorrect. AES (Advanced Encryption Standard) is an encryption method used in WPA and WPA2. Fact What is AES? Hide The Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192, and AES-256. Each AES cipher has a 128-bit block size, with key sizes of 128, 192, and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable. It became effective as a standard on May 26, 2002. As of 2009, AES is one of the most popular algorithms used in symmetric key cryptography. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information. You are concerned about attackers simply passing by your office, discovering your wireless network, and getting into your network via the wireless connection.