CAS-001 · Question #444
CAS-001 Question #444: Real Exam Question with Answer & Explanation
The correct answer is C: Enforce TLS connections between RADIUS servers. A man-in-the-middle (MITM) attack succeeds when communications between two parties are intercepted because neither the channel nor the peer's identity is verified. Enforcing TLS (Transport Layer Security) between RADIUS servers (C) addresses both problems: TLS encrypts traffic to
Question
Options
- AUse PAP for secondary authentication on each RADIUS server
- BDisable unused EAP methods on each RADIUS server
- CEnforce TLS connections between RADIUS servers
- DUse a shared secret for each pair of RADIUS servers
Explanation
A man-in-the-middle (MITM) attack succeeds when communications between two parties are intercepted because neither the channel nor the peer's identity is verified. Enforcing TLS (Transport Layer Security) between RADIUS servers (C) addresses both problems: TLS encrypts traffic to prevent eavesdropping and, critically, uses certificate-based mutual authentication so each server can verify it is communicating with a legitimate peer - a rogue server without a valid certificate cannot impersonate a trusted RADIUS server. PAP (A) is actually the least secure authentication protocol, transmitting passwords in plaintext, which would worsen the situation. Disabling unused EAP methods (B) reduces attack surface but does not prevent MITM. Shared secrets (D) provide integrity checking for RADIUS packets but do not encrypt the channel or authenticate the server identity, making MITM still possible.
Community Discussion
No community discussion yet for this question.