350-401 · Question #118
350-401 Question #118: Real Exam Question with Answer & Explanation
The correct answer is A: It does not require a RADIUS server certificate. Cisco EAP-FAST Explanation EAP-FAST (Flexible Authentication via Secure Tunneling) was designed by Cisco specifically to address PEAP and LEAP weaknesses without requiring server-side certificates, instead using a Protected Access Credential (PAC) to establish a secure tunnel - m
Question
Which statement about Cisco EAP-FAST is true?
Options
- AIt does not require a RADIUS server certificate
- BIt requires a client certificate
- CIt is an IETF standard.
- DIt operates in transparent mode
Explanation
Cisco EAP-FAST Explanation
EAP-FAST (Flexible Authentication via Secure Tunneling) was designed by Cisco specifically to address PEAP and LEAP weaknesses without requiring server-side certificates, instead using a Protected Access Credential (PAC) to establish a secure tunnel - making option A correct. Option B is wrong because EAP-FAST does not require client certificates either; it uses PAC files to mutually authenticate, which is one of its key advantages over other EAP methods. Option C is incorrect because EAP-FAST is a Cisco proprietary protocol, not an IETF standard (though an informational RFC 4851 documents it, it was never standardized). Option D is a fabricated distractor - "transparent mode" is not a concept associated with EAP-FAST operation.
💡 Memory Tip: Think of EAP-FAST as "Certificate-FREE and Cisco-made" - no server certificate needed (uses PAC instead), and it's Cisco's own creation, not an open standard. The "F" in FAST stands for Flexible, reminding you it's flexible enough to work without certificates.
Topics
Community Discussion
No community discussion yet for this question.