CompTIA Security Plus Mock Test Q861

Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. Which of the following is an authentication method Jane should use?

A. WPA2-PSK
B. WEP-PSK
C. CCMP
D. LEAP


Correct Answer: D
Section: Access Control and Identity Management

Explanation:
A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access.
The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic
WEP keys and mutual authentication (between a wireless client and a RADIUS server). LEAP allows for clients to reauthenticate frequently; upon each successful authentication, the
clients acquire a new WEP key (with the hope that the WEP keys don’t live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP.

Incorrect Answers:
A: WPA2-PSK (Wireless Protected Access 2 – Pre-shared Key) uses a pre-shared key for authentication. The pre-shared key is a ‘password’ sometimes called the ‘network security
key’ that you enter when you connect to the wireless access point. It does not use a RADIUS server for authentication.
B: WEP-PSK (Wireless Equivalent Privacy – Pre-shared Key) uses a pre-shared key for authentication in the same way that WPA2-PSK does. The pre-shared key is a ‘password’
sometimes called the ‘network security key’ that you enter when you connect to the wireless access point. It does not use a RADIUS server for authentication.
C: Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol.
CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. It
was created to address the vulnerabilities presented by WEP, a dated, insecure protocol. However, it does not use a RADIUS server for authentication.

References:
http://en.wikipedia.org/wiki/Lightweight_Extensible_Authentication_Protocol