Certified Information Systems Security Professional (CISSP) Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Information Systems Security Professional Exam. Utilize flashcards and multiple-choice questions, complete with hints and explanations. Ace your exam!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which EAP method is specifically designed to handle scenarios where user certificates are not feasible?

EAP-FAST
EAP-TTLS
EAPOL
EAP-TLS

The correct answer is: EAP-TTLS

The method designed specifically to handle scenarios where user certificates are not feasible is EAP-TTLS. This is an extension of the Tunneled Transport Layer Security, which allows the use of a server-side certificate while permitting various authentication methods within the secure tunnel, such as usernames and passwords. In situations where user certificates may not be appropriate due to limitations like administrative overhead, cost, or user mobility, EAP-TTLS effectively provides a way to authenticate users without requiring client-side certificates. It creates a secure tunnel using the server’s certificate, ensuring a high level of security while accommodating simpler authentication mechanisms inside that tunnel. EAP-FAST, on the other hand, also addresses security issues but is more focused on providing fast authentication, often using Protected Access Credentials, and does not specifically target the absence of user certificates. EAPOL pertains to the point-to-point transmission of EAP messages over a wired or wireless medium but is not an authentication method. EAP-TLS relies heavily on a mutual authentication process that necessitates both the client and server to present certificates, making it unsuitable for scenarios without user certificates.