CompTIA Security Plus Mock Test Q191

An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution?

A. Require IPSec with AH between the servers
B. Require the message-authenticator attribute for each message
C. Use MSCHAPv2 with MPPE instead of PAP
D. Require a long and complex shared secret for the servers

Correct Answer: A
Section: Network Security

Explanation:
IPsec is used for a secure point-to-point connection traversing an insecure network such as the Internet. Authentication Header (AH) is a primary IPsec protocol that provides authentication of the sender’s data.

Incorrect Answers:
B: This option allows for the entire RADIUS message to be encrypted. The question asks for the BEST method to secure RADIUS traffic between two servers. In this instance, IPSec
with AH is a better option.
C: MSCHAPv2 with MPPE allows for Two-way authentication that verifies the identity of both sides of the connection, and data security for the PPTP connection that is between the
VPN client and the VPN server. It is not, however, the BEST method to secure RADIUS traffic
between two servers.
D: The shared secret will only come into play if the message-authenticator attribute is enabled.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 41
https://technet.microsoft.com/en-us/library/cc727945(v=ws.10).aspx\
https://technet.microsoft.com/en-us/library/cc957983.aspx
https://en.wikipedia.org/wiki/Microsoft_Point-to-Point_Encryption