nerdexam
GIAC

GPEN · Question #299

GPEN Question #299: Real Exam Question with Answer & Explanation

The correct answer is A. The wireless network communication will be secured.. PEAP-MS-CHAP v2 authenticates using username and password credentials, not smart cards. Only the wireless security task is accomplished; smart card authentication requires EAP-TLS.

Question

You work as a Network Administrator for McNeil Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks: The wireless network communication should be secured. The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps: Configure 802.1x and WEP for the wireless connections. Configure the PEAP-MS-CHAP v2 protocol for authentication. What will happen after you have taken these steps?

Options

  • AThe wireless network communication will be secured.
  • BThe laptop users will be able to use smart cards for getting authenticated.
  • CBoth tasks will be accomplished.
  • DNone of the tasks will be accomplished

Explanation

PEAP-MS-CHAP v2 authenticates using username and password credentials, not smart cards. Only the wireless security task is accomplished; smart card authentication requires EAP-TLS.

Common mistakes.

  • B. PEAP-MS-CHAP v2 only supports username/password authentication and cannot leverage smart card certificates; EAP-TLS would be the required protocol to enable smart card logon.
  • C. Both tasks are not accomplished because smart card authentication is not supported by the PEAP-MS-CHAP v2 configuration chosen.
  • D. Wireless communication security is accomplished via 802.1x and WEP, so it is incorrect to say neither task was accomplished.

Concept tested. EAP method selection for smart card wireless authentication

Reference. https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/network-access

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice