CISSP Question #717: Real Exam Question with Answer & Explanation

The correct answer is C: It uses clear text and shared secret keys.. RADIUS is a client-server AAA protocol that transmits most attributes in clear text but protects passwords using an MD5 hash combined with a shared secret key. Understanding its authentication mechanism is fundamental to network access security.

Submitted by emma.c· Mar 5, 2026Identity and Access Management

Question

How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished?

Options

AIt uses clear text and firewall rules.
BIt relies on Virtual Private Networks (VPN).
CIt uses clear text and shared secret keys.
DIt relies on asymmetric encryption keys.

Explanation

RADIUS is a client-server AAA protocol that transmits most attributes in clear text but protects passwords using an MD5 hash combined with a shared secret key. Understanding its authentication mechanism is fundamental to network access security.

Common mistakes.

A. While RADIUS does transmit some attributes in clear text, it does not rely on firewall rules for authentication; access control is handled by the RADIUS server's policy engine, not network-layer firewall filtering.
B. VPNs are a separate tunneling and encryption technology; RADIUS operates independently of VPNs as a dedicated AAA protocol using UDP ports 1812/1813 and does not require a VPN to function.
D. RADIUS does not use asymmetric (public/private key) encryption for its authentication process; it relies on a symmetric shared secret combined with MD5 hashing, making asymmetric encryption incorrect for describing its mechanism.

Concept tested. RADIUS authentication mechanism and shared secret usage

Reference. https://datatracker.ietf.org/doc/html/rfc2865

Topics

#RADIUS#authentication protocols#shared secret key#network authentication

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions