[TABS_R id=8782]
Which of the following EAP authentication protocols requires both a client and a server digital certificate? (Select the best answer.)
- LEAP
- PEAP
- EAP-FAST
- EAP-TLS
Explanation:
Extensible Authentication Protocol (EAP)Transport Layer Security (TLS) requires both a client and a server digital certificate. EAPTLS is an authentication protocol that can be used for pointtopoint connections and for both wired and wireless links. EAPTLS performs mutual authentication to secure the authentication process. When EAPTLS is used, a digital certificate must be installed on the authentication server and each client that must authenticate with the server. The digital certificate used on clients and the server must be obtained from the same certificate authority (CA).
Protected EAP (PEAP) does not require that clients be configured with digital certificates. When EAPPEAP is used, only servers are required to be configured with digital certificates. Clients can use alternative authentication methods, such as onetime passwords (OTPs).
Lightweight EAP (LEAP) does not require either the server or the client to be configured with a digital certificate. When LEAP is used, the client initiates an authentication attempt with a Remote Authentication DialIn User Service (RADIUS) server. The RADIUS server responds with a challenge response. If the challenge/response process is successful, the client then validates that the RADIUS server is correct for the network. If the RADIUS server is validated, the client will connect to the network.
Similar to LEAP, EAPFlexible Authentication via Secure Tunneling (FAST) does not require either the server or the client to be configured with a digital certificate. When EAPFAST is used, Protected Access Credentials (PACs) are used to authenticate users. The EAPFAST authentication process consists of three phases. The first phase, which is optional and is considered phase 0, consists of provisioning a client with a PAC, which is a digital credential that is used for authentication. A PAC can be manually configured on a client, in which case phase 0 is not required. The second phase, which is referred to as phase 1, involves creating a secure tunnel between the client and the server. The final phase, which is referred to as phase 2, involves authenticating the client. If the client is authenticated, the client will be able to access the network.
Extensible Authentication Protocol (EAP)Transport Layer Security (TLS) requires both a client and a server digital certificate. EAPTLS is an authentication protocol that can be used for pointtopoint connections and for both wired and wireless links. EAPTLS performs mutual authentication to secure the authentication process. When EAPTLS is used, a digital certificate must be installed on the authentication server and each client that must authenticate with the server. The digital certificate used on clients and the server must be obtained from the same certificate authority (CA).
Protected EAP (PEAP) does not require that clients be configured with digital certificates. When EAPPEAP is used, only servers are required to be configured with digital certificates. Clients can use alternative authentication methods, such as onetime passwords (OTPs).
Lightweight EAP (LEAP) does not require either the server or the client to be configured with a digital certificate. When LEAP is used, the client initiates an authentication attempt with a Remote Authentication DialIn User Service (RADIUS) server. The RADIUS server responds with a challenge response. If the challenge/response process is successful, the client then validates that the RADIUS server is correct for the network. If the RADIUS server is validated, the client will connect to the network.
Similar to LEAP, EAPFlexible Authentication via Secure Tunneling (FAST) does not require either the server or the client to be configured with a digital certificate. When EAPFAST is used, Protected Access Credentials (PACs) are used to authenticate users. The EAPFAST authentication process consists of three phases. The first phase, which is optional and is considered phase 0, consists of provisioning a client with a PAC, which is a digital credential that is used for authentication. A PAC can be manually configured on a client, in which case phase 0 is not required. The second phase, which is referred to as phase 1, involves creating a secure tunnel between the client and the server. The final phase, which is referred to as phase 2, involves authenticating the client. If the client is authenticated, the client will be able to access the network.
[TABS_R id=8782]