CISSP-ISSAP · Question #148
Perfect World Inc., provides its sales managers access to the company's network from remote locations. The sales managers use laptops to connect to the network. For security purposes, the (ISC)2 CISSP
The correct answer is D. Extensible Authentication Protocol (EAP). EAP (Extensible Authentication Protocol) is correct because it is specifically designed to support multiple authentication methods - including smart cards, certificates, tokens, and biometrics - over remote connections such as VPNs and PPP links, making it the only option here fl
Question
Perfect World Inc., provides its sales managers access to the company's network from remote locations. The sales managers use laptops to connect to the network. For security purposes, the (ISC)2 CISSP-ISSAP Exam company's management wants the sales managers to log on to the network using smart cards over a remote connection. Which of the following authentication protocols should be used to accomplish this?
Options
- AChallenge Handshake Authentication Protocol (CHAP)
- BMicrosoft Challenge Handshake Authentication Protocol (MS-CHAP)
- COpen Shortest Path First (OSPF)
- DExtensible Authentication Protocol (EAP)
How the community answered
(25 responses)- A4% (1)
- B8% (2)
- C8% (2)
- D80% (20)
Explanation
EAP (Extensible Authentication Protocol) is correct because it is specifically designed to support multiple authentication methods - including smart cards, certificates, tokens, and biometrics - over remote connections such as VPNs and PPP links, making it the only option here flexible enough to handle smart card authentication.
CHAP (A) and MS-CHAP (B) are both challenge-response protocols that authenticate using usernames and passwords; neither supports smart card or certificate-based authentication, so they cannot fulfill the smart card requirement. OSPF (C) is a routing protocol used for IP network path selection - it has nothing to do with user authentication and is a deliberate distractor to catch those who confuse network protocols with authentication protocols.
Memory tip: Think of EAP as a "plugin framework" - it's Extensible precisely because it was built to plug in any auth method (smart cards, biometrics, OTPs), while CHAP/MS-CHAP are rigid password-only systems. If a question mentions smart cards, certificates, or tokens over a remote link, EAP is almost always the answer.
Topics
Community Discussion
No community discussion yet for this question.