Exam SY0-601 topic 1 question 26 discussion

EAP has to be incorrect. EAP is an AUTHENTICATION protocol, and authentication does not provide confidentiality. Authentication encompasses processes that allows systems and networks to determine if a user is who they say they are. That provides integrity, not confidentiality. Confidentiality ensures that secret information is protected from UNAUTHORIZED disclosure. The question also ends with "unauthorized users". HTTPS is just HTTP that uses TLS to encrypt network traffic that is in-transit. A stated above, TLS encrypts in-transit data. This question specifically states preventing exposed data to unauthorized users. TLS and HTTPS only encrypt in-transit data. Data-at-rest in a network is insecure, though. Only AES meets the criteria of providing confidentiality to both data-at-rest and data-in-transit, preventing unauthorized users from seeing either.

EAP- Extensible Authentication Protocol (EAP), an authentication framework that provides general guidance for authentication methods. IEEE 802.1x servers typically use one of these methods to increase the level of security during the authentication process TLS- Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are encryption protocols that have been commonly used to encrypt data-in- transit. For example, it is common to encrypt HTTPS with either SSL or TLS to ensure confidentiality of data transmitted over the Internet. They can also be used to encrypt other transmissions such as File Transfer Protocol Secure (FTPS). However, TLS is now a replacement for SSL as SSL is deprecated and shouldn't be used. AES- Advanced Encryption Standard. A strong symmetric block cipher that encrypts data in 128-bit blocks. AES can use key sizes of 128 bits, 192 bits, or 256 bits. HTTPS- Hypertext Transfer Protocol Secure. A protocol used to encrypt HTTP traffic. HTTPS encrypts traffic with TLS using TCP port 443. Definitions are from Gibson Darril's Study. Guide

EAP is a framework that supports multiple authentication methods, such as EAP-TLS, PEAP, and EAP-TTLS, which can provide strong security for wireless networks. Using EAP, especially with a secure method like EAP-TLS, ensures that only authorized users can connect to the network and that data transmitted over the wireless network is encrypted and protected.

The common answer is AES against other Test Frameworks that I have been a part of in regards to security of WIFI networks.

Wireless network is the keyword here

Extensible Authentication Protocol (EAP) is used to pass the authentication information between the supplicant (the Wi-Fi workstation) and the authentication server (Microsoft IAS or other). The Advanced Encryption Standard (AES) is an algorithm that uses the same key to encrypt and decrypt protected data. Instead of a single round of encryption, data is put through several rounds of substitution, transposition, and mixing to make it harder to compromise.

WPA2 and WPA3 are built on AES. Answer is D

A. EAP (Extensible Authentication Protocol) EAP provides a framework for authenticating users onto a network, allowing for secure authentication methods such as username/password, digital certificates, or other mechanisms. By implementing EAP, the network can verify the identity of users before granting access, thus helping to prevent unauthorized access to confidential data. While TLS (Transport Layer Security), HTTPS (Hypertext Transfer Protocol Secure), and AES (Advanced Encryption Standard) are important for securing data in transit and encrypting communications, they do not directly address authentication and access control, which are crucial for preventing unauthorized access to the network and confidential data. Therefore, while these technologies may be part of an overall security strategy, EAP specifically addresses the authentication aspect needed in this scenario.

are you sure? the essence of "unauthorized users" is based on authorization. EAS does not do authorization. Authorization is the primary function of EAP = making sure only the authorization users receive their data.

I've checked multiple sources an EAP is the answer. It provided secure authentication. Also, this is an office building that is not described as being on the level of NASA or any government agency.

To ensure that confidential data is not exposed to unauthorized users in a wireless network shared with multiple tenants, the security engineer should configure: A. EAP (Extensible Authentication Protocol)

AES Have verified this with cybersecurity professionals. The keyword is encryption. Other companies will still authenticate onto the same network with EPA, AES adds another layer of protection for data on this same network.

WPA2 and WPA3 use AES for encrypting the wireless communications. EAP is just an authentication protocol.

A. EAP is the correct answer To ensure that confidential data is not exposed to unauthorized users, the security engineer should configure EAP (Extensible Authentication Protocol) on the wireless network. EAP is a wireless authentication framework that is commonly utilized in wireless networks.

A. EAP is the correct Answer. To ensure that confidential data is not exposed to unauthorized users, the security engineer should configure EAP (Extensible Authentication Protocol) on the wireless network. EAP is a wireless authentication framework that is commonly utilized in wireless networks.

To ensure that confidential data is not exposed to unauthorized users on a wireless network in a shared office space, the security engineer should configure: A. EAP (Extensible Authentication Protocol) EAP is commonly used in wireless networks to provide secure authentication. It is often used in conjunction with other protocols, such as EAP-TLS (EAP-Transport Layer Security) or EAP-PEAP (Protected EAP), to ensure that only authorized users can access the network. While the other options (B. TLS, C. HTTPS, and D. AES) are also important for security, they are not specifically related to wireless network authentication

AES - Advanced Encryption Standard short formed as AES falls under the symmetric encryption category. Thus, in AES the sender and the recipient of the data uses the same key to encrypt and decrypt the data. AES is a FIPS-approved symmetric algorithm that can be used for protecting the data and maintaining confidentiality and integrity of the data.