An engineer is configuring RADIUS-Based Authentication with EAP MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type?
D.
If you use EAP-MSCHAPv2, it means that your clients doesn't need to have a certificate, but your authentication server (NPS) has a certificate. Passwords from the clients are send using hashes to the authentication server. To protect these password hashes being send over the network, you can use PEAP which act as a TLS/SSL tunnel to protect the authentication traffic.
EAP Methods That Use Cisco ISE Server Certificate for Authentication
-PEAP/EAP-MS-CHAPv2
-PEAP/EAP-GTC
-EAP-FAST/EAP-MS-CHAPv2
-EAP-FAST/EAP-GTC
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_0100000.html
i think because it asks for an "outer" method so would be EAP or PEAP. i think EAP-FAST may count as inner method (based on EAP). Theory only, and ready to be corrected, but makes sense to me.
For RADIUS-based authentication with EAP MS-CHAPv2, the appropriate outer method protocol to be configured on the Identity Services Engine (ISE) is PEAP (Protected Extensible Authentication Protocol). PEAP is often used as an outer method to encapsulate the inner EAP (Extensible Authentication Protocol) methods, such as MS-CHAPv2.
Not EAP-TLS definitely.
PEAP uses a digital certificate to authenticate the authentication server, but clients need to authenticate themselves through MSCHAPv2 or 2GTC.
EAP-TLS goes one step further and requires a certificate on the authentication server and a certificate on every client. The authentication server and supplicant authenticate each other using these certificates.
Once authentication is successful, encryption key material is exchanged through the TLS tunnel.
EAP-TLS is the most secure method for wireless authentication but can be challenging to implement:
You need a Public Key Infrastructure (PKI) to generate certificates.
You need to enroll certificates to your clients.
When an attacker steals a client device, you need to revoke the certificate.
This section is not available anymore. Please use the main Exam Page.350-401 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kebkim
Highly Voted 2 years, 9 months agoaaabattery
2 years, 2 months agoQuesocat
Highly Voted 2 years, 6 months agoJoeyT
2 years, 3 months agoDan_T_P
1 year, 6 months agoagabeen
Most Recent 9 months ago[Removed]
1 year ago[Removed]
1 year agoteems5uk
1 year, 5 months agoroonly
1 year, 10 months agobob_135
1 year, 11 months agoaaabattery
2 years, 2 months agoEdwinmolinab
2 years, 7 months agotckoon
2 years, 8 months agojj970us
2 years, 9 months ago