nerdexam
GIAC

GSLC · Question #12

GSLC Question #12: Real Exam Question with Answer & Explanation

The correct answer is B. The wireless network communication will be secured.. PEAP-MS-CHAP v2 uses password-based credentials and cannot support smart card authentication, so only the wireless security task is accomplished while the smart card requirement fails.

Question

You work as a Network Administrator for McNeil Inc. The company has a Windows Active Directorybased single domain single forest network. The functional level of the forest is Windows Server 2003. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks: - The wireless network communication should be secured. - The laptop users should be able to use smart cards for getting authenticated. In order to accomplish the tasks, you take the following steps: - Configure 802.1x and WEP for the wireless connections. - Configure the PEAP-MS-CHAP v2 protocol for authentication What will happen after you have taken these steps?

Options

  • ABoth tasks will be accomplished.
  • BThe wireless network communication will be secured.
  • CNone of the tasks will be accomplished.
  • DThe laptop users will be able to use smart cards for getting authenticated.

Explanation

PEAP-MS-CHAP v2 uses password-based credentials and cannot support smart card authentication, so only the wireless security task is accomplished while the smart card requirement fails.

Common mistakes.

  • A. Both tasks cannot be accomplished because PEAP-MS-CHAP v2 relies solely on password-based mutual authentication and has no mechanism to process the certificate stored on a smart card.
  • C. This is incorrect because 802.1x combined with WEP does provide a layer of wireless security, meaning the first task of securing wireless communication is in fact accomplished.
  • D. Smart card authentication requires a certificate-based EAP method such as EAP-TLS; PEAP-MS-CHAP v2 only supports username and password credentials and cannot read or validate smart card certificates.

Concept tested. PEAP-MS-CHAP v2 vs EAP-TLS for smart card wireless auth

Reference. https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/network-access

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice