CISSP-ISSAP · Question #48
Which of the following authentication methods support mutual authentication? Each correct answer represents a complete solution. Choose two.
The correct answer is A. MS-CHAP v2 D. EAP-TLS. MS-CHAP v2 achieves mutual authentication because after the client authenticates, the server sends back an authenticator response that the client verifies - both sides prove their identity. EAP-TLS uses digital certificates on both the client and server, making mutual authenticat
Question
Which of the following authentication methods support mutual authentication? Each correct answer represents a complete solution. Choose two.
Options
- AMS-CHAP v2
- BNTLM
- CEAP-MD5
- DEAP-TLS
How the community answered
(63 responses)- A75% (47)
- B17% (11)
- C8% (5)
Explanation
MS-CHAP v2 achieves mutual authentication because after the client authenticates, the server sends back an authenticator response that the client verifies - both sides prove their identity. EAP-TLS uses digital certificates on both the client and server, making mutual authentication a core design requirement of the protocol.
NTLM (B) is one-directional: the server challenges the client, but the client has no mechanism to verify the server's identity, leaving it vulnerable to rogue server attacks. EAP-MD5 (C) similarly only authenticates the client to the server via an MD5 hash challenge - the server never proves itself to the client, which is why it's considered weak and largely deprecated.
Memory tip: Link mutual authentication to certificates and explicit server verification - EAP-TLS (TLS = certificates on both ends) and MS-CHAP v2 ("v2 added mutual" - the upgrade from v1 specifically added the server authentication step). If a protocol has no server-side proof mechanism, it's one-way only.
Topics
Community Discussion
No community discussion yet for this question.