A company needs to implement stronger authentication by addi - CompTIA-N10-009
Question
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA (Wi-Fi Protected Access) with pre-shared keys, but the backend authentication system supports EAP (Extensible Authentication Protocol) and TTLS (Tunneled Transport Layer Security).
What should the network administrator implement?
Answers
-
-
-
-
correct
Explanation
Correct Answer: D. 802.1x using EAP (Extensible Authentication Protocol) with MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2)
- 802.1x with EAP and MSCHAPv2 enables enterprise-grade wireless authentication by requiring users to authenticate using credentials (e.g., username and password) instead of relying solely on a pre-shared key (PSK).
- EAP (Extensible Authentication Protocol) provides flexibility for various authentication methods, and MSCHAPv2 is commonly used for secure password-based authentication within EAP.
- This solution integrates with the backend authentication system that supports EAP and TTLS, allowing for stronger authentication mechanisms than the existing WPA with PSK setup.
Why the other options are incorrect:
-
WPA2 with a complex shared key:
- While WPA2 improves upon WPA by adding AES encryption, using a complex shared key does not introduce an additional authentication factor. It still relies on a single pre-shared key (PSK), which does not meet the requirement for stronger, user-based authentication.
-
MAC address filtering with IP filter:
- MAC address filtering adds a layer of control but does not provide strong authentication because MAC addresses can easily be spoofed. IP filtering is unrelated to user authentication and only restricts traffic by IP addresses.
-
PKI (Pre-Shared Key) with user authentication:
- The term PKI refers to a Public Key Infrastructure, which is unrelated to pre-shared keys. This option is ambiguous and does not directly relate to the scenario's need for EAP or TTLS-based user authentication.
No Payment Cards Needed
