nerdexam
Exams300-715Questions#91
CiscoCisco

300-715 · Question #91

300-715 Question #91: Real Exam Question with Answer & Explanation

The correct answer is A: PEAP. PEAP and EAP-TTLS are the two protocols that establish a secure tunnel to protect access credentials from exposure during 802.1x authentication.

Policy Enforcement

Question

A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components. Which two protocols should complete this task?

Options

  • APEAP
  • BEAP-MD5
  • CLEAP
  • DEAP-TLS
  • EEAP-TTLS

Explanation

PEAP and EAP-TTLS are the two protocols that establish a secure tunnel to protect access credentials from exposure during 802.1x authentication.

Common mistakes.

  • B. EAP-MD5 is considered weak and sends the username in cleartext, making it susceptible to dictionary attacks and credential exposure.
  • C. LEAP (Lightweight EAP) is a Cisco proprietary protocol known for weak password hashing and vulnerabilities to dictionary attacks, exposing credentials.
  • D. While EAP-TLS is a highly secure EAP method that protects credentials, the question asks for two protocols and this choice is not paired with another correct option.

Concept tested. EAP Methods for Secure Credential Exchange

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ISE_admin_3_1/m_eap_protocol_support.html

Topics

#802.1x authentication#EAP protocols#Credential protection#Network access security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-715 PracticeBrowse All 300-715 Questions