Which authentication method should you identify?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role
installed.
You plan to deploy 802. lx authentication to secure the wireless network.
You need to identify which Network Policy Server (NPS) authentication method supports certificate-based
mutual authentication for the 802.1x deployment.
Which authentication method should you identify?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role
installed.
You plan to deploy 802. lx authentication to secure the wireless network.
You need to identify which Network Policy Server (NPS) authentication method supports certificate-based
mutual authentication for the 802.1x deployment.
Which authentication method should you identify?

A.
MS-CHAP

B.
PEAP-MS-CHAPv2

C.
EAP-TLS

D.
MS-CHAP v2

Explanation:

802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart
cards, or credentials.
EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate-based security environments,
and it provides the strongest authentication and key determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual
authentication method that supports password-based user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP
authentication protocols.

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

Marcin

Marcin

Answer correct.

From https://technet.microsoft.com/en-us/library/cc731853(v=ws.10).aspx :
For 802.1X wireless and wired, you can use the following authentication methods:
Extensible Authentication Protocol (EAP) with Transport Layer Security (TLS), also called EAP-TLS.

Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), also called PEAP-MS-CHAP v2.

PEAP with EAP-TLS, also called PEAP-TLS.

Reply

MJG

MJG

But … PEAP-MS-CHAP v2 is also allowed, so why isnt B the right answer too?

According to https://technet.microsoft.com/en-us/library/cc731853(v=ws.10).aspx

Deploy components for authentication methods
For 802.1X wireless and wired, you can use the following authentication methods:
Extensible Authentication Protocol (EAP) with Transport Layer Security (TLS), also called EAP-TLS.

Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), also called PEAP-MS-CHAP v2.

PEAP with EAP-TLS, also called PEAP-TLS.

Reply

MJG

MJG

Disregard.. the kicker in the question is “supports certificate-based mutual authentication” which is ONLY present in EAP-TLS.

Therefore all other questions are wrong.

Reply

Gilbert

Gilbert

So why not B?

Reply

MJG

MJG

the kicker in the question is “supports certificate-based mutual authentication” which is ONLY present in EAP-TLS.

Therefore all other questions are wrong.

Reply

MJG

MJG

Answer is correct, C.

EAP-TLS is an EAP type of authentication that is used in certificate-based security environments.

None of the other answers support certificates or are solely certificate-based. Therefore they are wrong and C is correct.

Reply