A security administrator must implement a network authentication solution which will ensure
encryption of user credentials when users enter their username and password to authenticate to
the network.
Which of the following should the administrator implement?
A.
WPA2 over EAP-TTLS
B.
WPA-PSK
C.
WPA2 with WPS
D.
WEP over EAP-PEAP
Irritating. Everywhere you check, it is do not use wep, it is insecure.
Still don’t understand why ‘A’ is not the right answer. It is contradicting to what has been said over and over again saying do not use WEB.
D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired
network. WEP has vulnerabilities and isn’t considered highly secure. Extensible Authentication
Protocol (EAP) provides a framework for authentication that is often used with wireless networks.
Among the five EAP types adopted by the WPA/ WPA2 standard are EAP-TLS, EAP-PSK, EAPMD5,
as well as LEAP and PEAP.
Saw this explanation that threw more light to why ‘D’
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a
secure TLS tunnel to protect user authentication, and uses server-side public key certificates to
authenticate the server. It then creates an encrypted TLS tunnel between the client and the
authentication server. In most configurations, the keys for this encryption are transported using the
server’s public key. The ensuing exchange of authentication information inside the tunnel to
authenticate the client is then encrypted and user credentials are safe from eavesdropping.
I do not get this. Why is ‘D’ better than ‘A’?