nerdexam
(ISC)2

CISSP-ISSAP · Question #40

Which of the following authentication protocols sends a user certificate inside an encrypted tunnel?

The correct answer is B. EAP-TLS. EAP-TLS uses Transport Layer Security to create an encrypted tunnel, then sends the user's digital certificate inside that tunnel for mutual authentication - both client and server present certificates, making it one of the most secure EAP methods. Why the distractors are wrong:

Identity and Access Management (IAM) Architecture

Question

Which of the following authentication protocols sends a user certificate inside an encrypted tunnel?

Options

  • APEAP
  • BEAP-TLS
  • CWEP
  • DEAP-FAST

How the community answered

(46 responses)
  • A
    17% (8)
  • B
    72% (33)
  • C
    7% (3)
  • D
    4% (2)

Explanation

EAP-TLS uses Transport Layer Security to create an encrypted tunnel, then sends the user's digital certificate inside that tunnel for mutual authentication - both client and server present certificates, making it one of the most secure EAP methods.

Why the distractors are wrong:

  • A. PEAP - also creates a TLS tunnel, but authenticates inside using credentials (typically MSCHAPv2 with username/password), not a user certificate.
  • C. WEP - is a deprecated wireless encryption protocol, not an authentication protocol at all; it has no tunneling or certificate mechanism.
  • D. EAP-FAST - establishes a tunnel using a pre-shared Protected Access Credential (PAC), then authenticates inside with credentials, not certificates.

Memory tip: Think TLS = Two-sided certificate exchange - unlike PEAP which only requires a server certificate, EAP-TLS requires the user to carry their own certificate too, and that certificate rides inside the encrypted TLS tunnel.

Topics

#EAP-TLS#802.1X authentication#Wireless security#Certificate-based auth

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice