ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 152 discussion

Actual exam question from CompTIA's CAS-003
Question #: 152
Topic #: 1
[All CAS-003 Questions]

After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely?

  • A. Distribute a NAC client and use the client to push the company's private key to all the new devices.
  • B. Distribute the device connection policy and a unique public/private key pair to each new employee's device.
  • C. Install a self-signed SSL certificate on the company's RADIUS server and distribute the certificate's public key to all new client devices.
  • D. Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Trap_D0_r at Feb. 12, 2021, 5:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cvMikazuki
3 years, 8 months ago
"Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely?" New employee device need to integrate with 802.1X EAP-PEAP so need the supplicant for it. D would be the answer
upvoted 1 times
...
alexkrycek
4 years, 3 months ago
C. "PEAP—Protected EAP (PEAP) is an 802.1x authentication method that uses server-side public key certificates to authenticate clients with server. The PEAP authentication creates an encrypted SSL / TLS tunnel between the client and the authentication server. The exchange of information is encrypted and stored in the tunnel ensuring the user credentials are kept secure." (https://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/802.1x.php#:~:text=PEAP%E2%80%94Protected%20EAP%20(PEAP),client%20and%20the%20authentication%20server.) Self-signed certificates are not an issue since companies with PKI will often have the CA self-sign its own certificate.
upvoted 2 times
D1960
4 years ago
I think PEAP now uses TLS, not SSL. Also, I think EAP-PEAP, only pertain to wireless networking.
upvoted 1 times
...
...
infosec208
4 years, 3 months ago
Disagree with B. Given answer is correct. Doing a "unique public/private key pair to each new employee's device" would be a nightmare. For use inside their own network a self signed cert is fine.
upvoted 3 times
...
Trap_D0_r
4 years, 5 months ago
What? Lol self-signed certs are not how you securely connect to anything. The only answer that makes sense is B, use unique public/private key pairs...
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel