nerdexam
(ISC)2

CISSP · Question #717

How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished?

The correct answer is C. It uses clear text and shared secret keys.. RADIUS is a client-server AAA protocol that transmits most attributes in clear text but protects passwords using an MD5 hash combined with a shared secret key. Understanding its authentication mechanism is fundamental to network access security.

Submitted by emma.c· Mar 5, 2026Identity and Access Management

Question

How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished?

Options

  • AIt uses clear text and firewall rules.
  • BIt relies on Virtual Private Networks (VPN).
  • CIt uses clear text and shared secret keys.
  • DIt relies on asymmetric encryption keys.

How the community answered

(51 responses)
  • A
    2% (1)
  • B
    4% (2)
  • C
    92% (47)
  • D
    2% (1)

Why each option

RADIUS is a client-server AAA protocol that transmits most attributes in clear text but protects passwords using an MD5 hash combined with a shared secret key. Understanding its authentication mechanism is fundamental to network access security.

AIt uses clear text and firewall rules.

While RADIUS does transmit some attributes in clear text, it does not rely on firewall rules for authentication; access control is handled by the RADIUS server's policy engine, not network-layer firewall filtering.

BIt relies on Virtual Private Networks (VPN).

VPNs are a separate tunneling and encryption technology; RADIUS operates independently of VPNs as a dedicated AAA protocol using UDP ports 1812/1813 and does not require a VPN to function.

CIt uses clear text and shared secret keys.Correct

RADIUS sends most packet attributes in clear text over UDP, but the user password is obfuscated using an MD5 hash of a shared secret key and a random authenticator value - not full encryption. Both the RADIUS client (NAS) and server must be configured with the same shared secret, which is the cornerstone of RADIUS mutual authentication and message integrity.

DIt relies on asymmetric encryption keys.

RADIUS does not use asymmetric (public/private key) encryption for its authentication process; it relies on a symmetric shared secret combined with MD5 hashing, making asymmetric encryption incorrect for describing its mechanism.

Concept tested: RADIUS authentication mechanism and shared secret usage

Source: https://datatracker.ietf.org/doc/html/rfc2865

Topics

#RADIUS#authentication protocols#shared secret key#network authentication

Community Discussion

No community discussion yet for this question.

Full CISSP Practice