- Home
- Networking
- CWSP-205
46.
Which of these types of EAP use tunneled authentication? (Choose all that apply.)
- A.EAP-LEAP
- B.EAP-PEAPv0 (EAP-MSCHAPv2)
- C.EAP-PEAPv1 (EAP-GTC)
- D.EAP-FAST
- E.EAP-TLS (privacy mode)
- Answer & Explanation
- Report
Answer : [B, C, D, E]
Explanation :
Explanation :
| Tunneled authentication is used to protect the exchange of client credentials between the supplicant and the authentication server within an encrypted TLS tunnel. All flavors of EAP-PEAP use tunneled authentication. EAP-TTLS and EAP-FAST also use tunneled authentication. While EAP-TLS is highly secure, it rarely uses tunneled authentication. Although rarely supported, an optional privacy mode does exist for EAP-TLS, which can be used to establish a TLS tunnel. EAP-MD5 and EAP-LEAP do not use tunneled authentication. |
47.
Which of these types of EAP require a client-side X.509 digital certificate to be used as the
supplicant credentials? (Choose all that apply.)
- A.EAP-TTLS
- B.EAP-PEAPv0 (EAP-MSCHAPv2)
- C.EAP-PEAPv0 (EAP-TLS)
- D.EAP-FAST
- E.EAP-TLS (privacy mode)
- F.EAP-TLS (nonprivacy mode)
- Answer & Explanation
- Report
Answer : [C, E, F]
Explanation :
Explanation :
| EAP-TLS and EAP-PEAPv0 (EAP-TLS) require client-side certificates to be used as the supplicant credentials. Client-side certificates are optional with EAP-TTLS. EAP-FAST does not use X.509 digital certificates. It is typically recommended that you deploy EAPTLS when using client-side certificates because of the wide support for the protocol. |
48.
Which of these types of EAP use three phases of operation? (Choose all that apply.)
- A.EAP-TTLS
- B.EAP-PEAPv0 (EAP-MSCHAPv2)
- C.EAP-PEAPv0 (EAP-TLS)
- D.EAP-FAST
- E.EAP-TLS (privacy mode)
- F.EAP-TLS (nonprivacy mode)
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| EAP-PEAP and EAP-TTLS both use two phases of operation. Phase 1 is used to create an encrypted TLS tunnel, and the supplicant credentials are exchanged during Phase 2. EAPFAST also uses Phase 1 and 2 operations to accomplish the same goals. However, EAP-FAST also defines an optional Phase 0 that is sometimes used for automatic PAC provisioning. |
49.
Which of these types of EAP require a server-side certificate to create an encrypted TLS
tunnel?
- A.EAP-TTLS
- B.EAP-PEAPv0 (EAP-MSCHAPv2)/li>
- C.EAP-PEAPv0 (EAP-TLS)
- D.EAP-FAST
- E.EAP-PEAPv1 (EAP-GTC)
- F.EAP-LEAP
- Answer & Explanation
- Report
Answer : [A,B,C,E]
Explanation :
Explanation :
| All versions of EAP-PEAP and EAP-TTLS require a server-side certificate to create an encrypted TLS tunnel. EAP-FAST uses a Protected Access Credential (PAC) to create the encrypted tunnel as opposed to a server-side certificate. EAP-LEAP and EAPMD5 do not use a TLS tunnel. EAP-TLS requires a server certificate; however, establishing a TLS tunnel is optional. |
50.
Which of these types of EAP are susceptible to offline dictionary attacks? (Choose all that
apply.)
- A.EAP-SIM
- B.EAP-MD5
- C.EAP-PEAPv0 (EAP-TLS)
- D.EAP-FASTn
- E.EAP-PEAPv1 (EAP-GTC)
- F.EAP-LEAP
- Answer & Explanation
- Report
Answer : [B, F]
Explanation :
Explanation :
| EAP-MD5 uses the MD5 hash algorithm to validate the supplicant credentials during a password challenge and response exchange. EAP-LEAP uses the MS-CHAPv2 hash algorithm to validate the supplicant credentials during a password challenge and response exchange. Both hash methods can be cracked with hacker tools. EAP-MD5 and EAP-LEAP do not protect the supplicant validation exchange within a TLS tunnel and are therefore susceptible to offline dictionary attacks. |
|
|
||||||||||||||||||||||||||||
