CISSP-ISSAP · Question #40
Which of the following authentication protocols sends a user certificate inside an encrypted tunnel?
The correct answer is B. EAP-TLS. EAP-TLS uses Transport Layer Security to create an encrypted tunnel, then sends the user's digital certificate inside that tunnel for mutual authentication - both client and server present certificates, making it one of the most secure EAP methods. Why the distractors are wrong:
Question
Which of the following authentication protocols sends a user certificate inside an encrypted tunnel?
Options
- APEAP
- BEAP-TLS
- CWEP
- DEAP-FAST
How the community answered
(46 responses)- A17% (8)
- B72% (33)
- C7% (3)
- D4% (2)
Explanation
EAP-TLS uses Transport Layer Security to create an encrypted tunnel, then sends the user's digital certificate inside that tunnel for mutual authentication - both client and server present certificates, making it one of the most secure EAP methods.
Why the distractors are wrong:
- A. PEAP - also creates a TLS tunnel, but authenticates inside using credentials (typically MSCHAPv2 with username/password), not a user certificate.
- C. WEP - is a deprecated wireless encryption protocol, not an authentication protocol at all; it has no tunneling or certificate mechanism.
- D. EAP-FAST - establishes a tunnel using a pre-shared Protected Access Credential (PAC), then authenticates inside with credentials, not certificates.
Memory tip: Think TLS = Two-sided certificate exchange - unlike PEAP which only requires a server certificate, EAP-TLS requires the user to carry their own certificate too, and that certificate rides inside the encrypted TLS tunnel.
Topics
Community Discussion
No community discussion yet for this question.