nerdexam
(ISC)2

CISSP-ISSAP · Question #48

Which of the following authentication methods support mutual authentication? Each correct answer represents a complete solution. Choose two.

The correct answer is A. MS-CHAP v2 D. EAP-TLS. MS-CHAP v2 achieves mutual authentication because after the client authenticates, the server sends back an authenticator response that the client verifies - both sides prove their identity. EAP-TLS uses digital certificates on both the client and server, making mutual authenticat

Identity and Access Management (IAM) Architecture

Question

Which of the following authentication methods support mutual authentication? Each correct answer represents a complete solution. Choose two.

Options

  • AMS-CHAP v2
  • BNTLM
  • CEAP-MD5
  • DEAP-TLS

How the community answered

(63 responses)
  • A
    75% (47)
  • B
    17% (11)
  • C
    8% (5)

Explanation

MS-CHAP v2 achieves mutual authentication because after the client authenticates, the server sends back an authenticator response that the client verifies - both sides prove their identity. EAP-TLS uses digital certificates on both the client and server, making mutual authentication a core design requirement of the protocol.

NTLM (B) is one-directional: the server challenges the client, but the client has no mechanism to verify the server's identity, leaving it vulnerable to rogue server attacks. EAP-MD5 (C) similarly only authenticates the client to the server via an MD5 hash challenge - the server never proves itself to the client, which is why it's considered weak and largely deprecated.

Memory tip: Link mutual authentication to certificates and explicit server verification - EAP-TLS (TLS = certificates on both ends) and MS-CHAP v2 ("v2 added mutual" - the upgrade from v1 specifically added the server authentication step). If a protocol has no server-side proof mechanism, it's one-way only.

Topics

#Mutual Authentication#EAP-TLS#MS-CHAP v2#Authentication Protocols

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice