Home » CompTIA » SY0-501 v.2 » Which of the following technologies allows for encrypted authentication of wireless clients over TLS?
An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS?
A. PEAP
B. EAP
C. WPA2
D. RADIUS
Correct Answer: A
Explanation/Reference:
Explanation:
EAP by itself is only an authentication framework.
PEAP (Protected Extensible Authentication Protocol) fully encapsulates EAP and is designed to work within a TLS (Transport Layer Security) tunnel that may be encrypted but is authenticated. The primary motivation behind the creation of PEAP was to help correct the deficiencies discovered within EAP since that protocol assumes that the communications channel are protected. As a result, when EAP messages are able to be discovered in the "clear" they do not provide the protection that was assumed when the protocol was originally authored.
PEAP, EAP-TTLS, and EAP-TLS "protect" inner EAP authentication within SSL/TLS sessions.
How To Pass SY0-601 Exam?
CompTIA SY0-601 PDF dumps.
High quality SY0-601 pdf and software. VALID exam to help you pass.
|
|
Correct Answer A. C is WPA2, not WPA2-Enterprise. WPA2 doesn’t provide authentication, only encryption. PEAP uses TLS.
C WPA2 – The question says “allows for encrypted authentication of wireless clients over TLS.” That would indicate either PEAP or WPA2-Enterprise, since they both use TLS. But WPA2-Enterprise authenticates BOTH the client and the server via certificates, and PEAP is NOT required to use a client-side certificate, so WPA2-Enterprise is more secure. https://docs.microsoft.com/en-us/windows/win32/nativewifi/wpa2-enterprise-with-tls-profile-sample
Not (A) PEAP requires ONLY server-side certificates to authenticate – and does not require client-side certificates. https://en.wikipedia.org/wiki/Protected_Extensible_Authentication_Protocol
As of 2012, RADIUS can also use TCP as the transport layer with TLS for security. But “for office access points” indicates multiple AP’s instead of a single RADIUS server.