300-715 Question #127: Real Exam Question with Answer & Explanation

Question

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

Options

• AEAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-
• BEAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.
• CEAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2
• DEAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.

Explanation

EAP-TLS offers enhanced security over EAP-MS-CHAPv2 by relying on device certificates for mutual authentication.

Common mistakes.

• A. EAP-TLS primarily uses certificates, not usernames and passwords, for authentication, making this statement incorrect.
• B. Both EAP-TLS and EAP-MS-CHAPv2 aim to secure credential exchange, but EAP-TLS does so more robustly through certificate-based mutual authentication and stronger encryption.
• D. EAP-TLS is a single, strong authentication method using certificates, not multiple forms of authentication; EAP-MS-CHAPv2 also uses a single method (username/password challenge-response).

Concept tested. EAP-TLS vs EAP-MS-CHAPv2 security

Reference. https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70wlan_cg/c70eap.html

No community discussion yet for this question.