Nonproprietary EAP Methods for Mutual Authentication | CCIE Security Exam

Nonproprietary EAP Methods for Mutual Authentication

Prev Question Next Question

Question

Which three nonproprietary EAP methods do not require the use of a client-side certificate for mutual authentication? (Choose three.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

CDE.

The answer is: C. PEAP, D. EAP-TTLS, and E. EAP-FAST.

EAP (Extensible Authentication Protocol) is a framework that defines the transport and usage of authentication protocols between the client and the authentication server. It supports different authentication methods, including those that require the use of client-side certificates for mutual authentication. However, not all EAP methods require the use of a client-side certificate.

The three nonproprietary EAP methods that do not require the use of a client-side certificate for mutual authentication are:

  1. PEAP (Protected Extensible Authentication Protocol) - It is an EAP method that creates an encrypted SSL/TLS tunnel between the client and the authentication server, allowing the client to securely transmit its credentials without the need for a client-side certificate.

  2. EAP-TTLS (Tunneled Transport Layer Security) - It is an EAP method that also creates an encrypted tunnel between the client and the authentication server, but it uses a different protocol than PEAP. EAP-TTLS allows for the use of a username and password, eliminating the need for a client-side certificate.

  3. EAP-FAST (Flexible Authentication via Secure Tunneling) - It is an EAP method that uses a similar approach to PEAP, creating an encrypted tunnel between the client and the authentication server. However, it does not rely on SSL/TLS and instead uses a proprietary protocol to establish the tunnel. EAP-FAST also allows for the use of a username and password, eliminating the need for a client-side certificate.

LEAP (Lightweight Extensible Authentication Protocol) is not a nonproprietary EAP method, and it does not provide mutual authentication. EAP-TLS (EAP-Transport Layer Security) is a nonproprietary EAP method that does require the use of a client-side certificate for mutual authentication.