Which of the following enables the validation of both u…

Which of the following enables the validation of both user and device credentials in a single EAP transaction?
(Select the best answer.)

Which of the following enables the validation of both user and device credentials in a single EAP transaction?
(Select the best answer.)

A.
PEAP

B.
EAP-FAST

C.
EAP-FAST with EAP chaining

D.
EAP-MD5

Explanation:
Extensible Authentication Protocol (EAP)Flexible Authentication via Secure Tunneling (FAST) with EAP
chaining, which is also sometimes called EAPFAST version 2 (EAPFASTv2), enables the validation of both
user and device credentials in a single EAP transaction. EAP chaining enables a Cisco security device to
validate authentication credentials for both a user and the user’s device. In order to enable EAP chaining, both
the Cisco security device and the supplicant device must support EAP chaining. The Cisco security device will
assign a different level of authorization access depending on one of four success and failure possibilities, as
shown in the following table:

EAPFAST is an authentication protocol that can be used for point-to-point connections and for both wired and
wireless links. The EAPFAST authentication process consists of three phases. The first phase, which is
optional and is considered phase 0, consists of provisioning a client with a PAC, which is a digital credential that
is used for authentication. A PAC can be manually configured on a client, in which case phase 0 is not required.
The second phase, which is referred to as phase 1, involves creating a secure tunnel between the client and
the server. The final phase, which is referred to as phase 2, involves authenticating the client. If the client is
authenticated, the client will be able to access the network.
EAPTransport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard that is defined in
Request for Comments (RFC) 5216. It does not support EAP chaining. Protected EAP (PEAP) is an open
standard developed by Cisco, Microsoft, and RSA? it does not support EAP chaining.
EAPMessage Digest 5 (MD5) uses an MD5 hash function to provide security and is therefore considered weak
when compared to later methods. EAP is an IETF standard that was originally defined in RFC 2284? it does not
support EAP chaining.

Cisco: Cisco Identity Services Engine Administrator Guide, Release 1.3: Allowed Protocols



Leave a Reply 0

Your email address will not be published. Required fields are marked *