Exam 220-1102 topic 1 question 142 discussion

Note that the question is asking what BEST describes the security benefits; it also mentions that a "client certificate" is being deployed. C and D could be prevented with other measures, they also would not label the BEST benfits. Regarding B, the client certificate would not encrypt ALL data, only the authentication mechanism or "digital handshake" for the session. Therefore A best describes the method and best security benefit gained, a multfactor authentication method. Best choice: A

The answer is A. A. Multifactor authentication will be forced for Wi-Fi. Think about what multifactor authentication is. MFA is something you know (your password) and something you have (your client certificate). Once this is verified, a server certificate will be issued to the hostname at which point traffic will be encrypted. So technically, it will lead to encryption from the server certificate, the user will first have to input their password (something you know) then the client certificate will be shared (something you have). Multifactor authorization since it states "Client certificate".

A. is the answer Simple explanation : Certificate (Something you have) and Username and Password (Something you know) = Multifactor Authentication

what multifactor authentication is. MFA is something you know (your password) and something you have (your client certificate). Once this is verified, a server certificate will be issued to the hostname at which point traffic will be encrypted. So technically, it will lead to encryption from the server certificate, the user will first have to client certificate" is being deployed. C and D could be prevented with other measures, they also would not label the BEST benfits.

Certificates used to authenticate to WiFi have absolutely nothing to do with encryption of the traffic. This is "something you have" and "something you know" which is multifactor authentication.

encryption in transit is always a VPN and it said nothing about that

Advantages of Certificate Authentication Using certificate authentication has many benefits that all involve making the network safer and improving the user experience. Strong Encryption Certificates use encryption keys to secure data between devices and the network. This level of security makes it much less likely that someone with malicious intent will be able to read the message.

First, the client performs a "client hello", wherein it introduces itself to the server and provides a set of security-related information.

I believe A is correct. In the official CompTIA book, it states: "Another advantage of EAP is support for more advanced authentication methods than simple usernames and passwords. Strong EAP methods use a digital certificate on the server and/or client machines. These certificates allow the machines to establish a trust relationship and create a secure tunnel to transmit the user credential or to perform smart card authentication without a user password. This means the system is using strong multifactor authentication."

I came across this in CompTIA's CertMaster in regards to WAP's 802.1X and EAP(Extensible Authentication Protocol). For example, EAP with Transport Layer Security (EAP-TLS) is one of the strongest types of multifactor authentication: 1.Both the server and the wireless supplicant are issued with an encryption key pair and digital certificate. 2.On the wireless device, the private key is stored securely in a trusted platform module (TPM) or USB key. The user must authenticate with the device using a PIN, password, or bio gesture to allow use of the key. This is the first factor. 3.When the device associates with the network and starts an EAP session, the server sends a digital signature handshake and its certificate. 4.The supplicant validates the signature and certificate and if trusted, sends its own handshake and certificate. This is the second factor. 5.The server checks the supplicant’s handshake and certificate and authenticates it if trusted.

The answer is B. Multifactor authentication will not be forced for Wi-Fi because the client certificate is being used in conjunction with the user’s existing username and password

The use of a cert alongside username and pass is related to EAP and WPA3, which encrypts the traffic. While certs might be considered multifactor, ive never seen it referenced as a multifcator option. Unclear on this one

Forgot to vote "A".

I am fairly certain this is A. Even in the imagined scenario where there's no encryption on the wifi, having a client-side certificate won't magically make the connection between the client and the router encrypted. The client-side certificate is something installed by the admin to ensure the device itself is trusted. Without the cert, even if someone had a valid user/pass, they wouldn't be able to connect. In other words, connecting with only the certificate or only the user/pass is insufficient: therefore answer is A, mutli-factor.

B. All Wi-Fi traffic will be encrypted in transit. A client certificate can be used in conjunction with the user's existing username and password to establish a secure Wi-Fi connection. This method of authentication is known as mutual authentication and provides additional security by ensuring that both the client and server authenticate each other's identities. Once authenticated, all Wi-Fi traffic will be encrypted in transit, which provides additional security against eavesdropping attempts.

A client certificate is what the user has, and the username and password are what the user knows, so it could be A. Multifactor authentication will be forced for Wi-Fi, right?

Client certificates do not encrypt or decrypt any data, unlike server certificates that encode and decode the information shared between a user and a web server. So Client Certificate+Username+Password would be MFA. IS it not?