nerdexam
Cisco

300-365 · Question #73

300-365 Question #73: Real Exam Question with Answer & Explanation

The correct answer is A. EAP-TLS. EAP-TLS uses mutual certificate-based authentication, making it impossible for users to share credentials because possession of a unique client certificate and its private key is required.

WLAN Security Deployment

Question

A network administrator has had issues with clients giving out their username and password to other employees to authenticate to the internal wireless SSID. Which 802.1x authentication stops users from being able to share credentials?

Options

  • AEAP-TLS
  • BEAP-MSCHAPv2
  • CLEAP
  • DEAP-FAST

Explanation

EAP-TLS uses mutual certificate-based authentication, making it impossible for users to share credentials because possession of a unique client certificate and its private key is required.

Common mistakes.

  • B. EAP-MSCHAPv2 authenticates with a username and password hash, which users can trivially share verbally or in writing.
  • C. LEAP uses a username and password for authentication and is also considered cryptographically weak, so credentials are both shareable and easily compromised.
  • D. EAP-FAST can fall back to username and password credentials in its inner tunnel authentication phase, which still allows users to share those credentials.

Concept tested. EAP-TLS certificate-based 802.1x authentication

Reference. https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/network-access

Topics

#EAP-TLS#certificate-based authentication#802.1x#credential sharing prevention

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-365 Practice