Exam 220-1102 topic 1 question 202 discussion

There was not said a word in the question about domain or Active directory so not sure why we should go with Kerberos. Nothing was mentioned about any authentication servers as well. The only thing they specified is corporate SSID. As for me it is D WPA2/AES as it has stronger encryption than PSK.

I think D is the answer

Kerberos is not really a "wireless security feature" so I have no clue why so many people think its B. If we're talking about specifically wireless security features I would assume WPA2 which has a setting that allows 802.1x authentication.

I vote B

Explanation: WPA2 with AES encryption is a security protocol for wireless networks. It provides strong encryption and is commonly used in both personal and enterprise wireless networks. WPA2-Enterprise specifically allows for the use of login credentials via 802.1X authentication. Why it's correct: WPA2-Enterprise, which uses 802.1X authentication, allows users to log in to the wireless network using their unique credentials. This setup can integrate with RADIUS servers and directory services such as Active Directory, allowing individual user credentials for access to the corporate SSIDs.

Kerberos is a network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. In the context of wireless networks, Kerberos can be integrated with authentication mechanisms such as 802.1X (EAP) to provide secure authentication and authorization for users connecting to corporate SSIDs. With Kerberos authentication enabled, users can use their login credentials (such as username and password) to authenticate and securely attach to available corporate SSIDs, ensuring that only authorized users can access the network resources. The other options are not directly related to wireless authentication:

TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server

TACACS+ is often used for network device management and administration, but it's not used for user authentication on end-user devices or wireless access. Kerberos is not typically used for user authentication on network devices (e.g., routers, switches) or for wireless access. It's commonly used for authenticating users and services in a domain or network, especially in Windows-based networks. That leaves D. It just says WPA2/AES. But this could be personal or enterprise. Enterprise version would allow use of a username and passwd. But got the info from chatGPT so not 100% sure if accurate. I did some research on the options and i think chatGPT may be right about Kerberos and TACACS+.

B. Kerberos Kerberos is a network authentication protocol that can be used to provide secure authentication for users connecting to corporate SSIDs (Service Set Identifiers) via wireless networks. It allows users to use login credentials to authenticate themselves securely on the network.

WPA2/AES - While WPA2 (with AES for encryption) is a popular and secure choice for wireless security, simply enabling WPA2/AES doesn't inherently allow for individual user login credentials. However, WPA2-Enterprise leverages 802.1X to utilize an authentication server (like RADIUS) where users can input individual login credentials. Out of the options given, none directly provides the mechanism to use individual login credentials for wireless access. However, the closest match is WPA2/AES when used in its "Enterprise" mode (often referred to as WPA2-Enterprise), which works in conjunction with protocols like 802.1X and back-end systems like RADIUS or EAP for individual user authentication.

It's B guys, google kerberos, verify what it is with chatgpt and comptia's book

Kerberos is a computer network authentication protocol that uses symmetric key cryptography and a key distribution center (KDC) to authenticate and verify user identities. While it is a widely used protocol for secure authentication, it is not specifically designed for wireless security. On the other hand, WPA2/AES is an enterprise-level security protocol that uses EAP for authentication and is specifically designed for wireless security. This is why WPA2/AES would be the better choice for allowing a user to use login credentials to attach to available corporate SSIDs.

CONTINUATION FROM MY PREVIOS POST, With enterprise, you have to have an account on a back end RADIUS server. This means that you have to have a username and password to gain access to the Wireless network. Thus you need credentials to access the cooperate SSID as required by this question. see my previous discussion on this question.

D- WPA2-AES COMES IN TWO FLAVORS =Enterprise and home. Because this question does not specify which one, this implies Enterprice as the question makes reference to SSID which is a naming scheme for wireless network and makes reference to corporate network which is same as an enterprise . Read further- WPA2-Enterprise has been around since 2004 and is still considered the gold standard for wireless network security, delivering over-the-air encryption and a high level of security. In conjunction with the effective authentication protocol known as 802.1X, users have been successfully authorized and authenticated for secure network access for many years. WAP2 ALSO USES AES. therefore same as saying WAP2-AES. THUS ANSWER IS D

The correct answer is B. Kerberos. Kerberos is a network authentication protocol that provides a secure method for users to authenticate themselves when connecting to a network. It uses tickets to validate the identity of users and allows them to securely attach to available corporate SSIDs by using their login credentials. TACACS+ (A) is a different authentication protocol commonly used for remote network access and device administration. Preshared key (C) is a method of authentication where a pre-shared key or password is configured on both the client and the access point/router. However, it does not involve login credentials specific to individual users. WPA2/AES (D) is a wireless security standard that provides encryption and authentication for Wi-Fi networks but does not directly involve login credentials for individual users. Therefore, the most appropriate option for enabling users to use login credentials to attach to available corporate SSIDs is B. Kerberos. -CHatgpt

This should be TACACS+ (or RADIUS if it were an option). Kerberos is used to authenticate to a Windows domain, not a WiFi network.

I think correct answer is A