Exam CISSP topic 1 question 239 discussion

B EAP TLS at the transport layer is more secure than tunneled, PEAP it is used in tunnel

Answer C for the most secure, adding tunneled adds Encryption which add more confidentiality. Explanation. Now, it's common to see EAP methods being tunneled within TLS for additional security. This is often referred to as "EAP-TLS" or "EAP over TLS." In the context of your question, it's possible that you are referring to a scenario where EAP methods are used within a TLS-secured tunnel, providing an additional layer of security for the authentication process. This can be a robust method for securing authentication in various network environments, including wireless networks. In summary, while "EAP-Tunneled TLS" might not be a standardized term, "EAP-TLS" or "EAP over TLS" is a common practice where the EAP authentication process is carried out within a TLS-secured tunnel for enhanced security.

B. EAP-Transport Layer Security (TLS) EAP-TLS (Extensible Authentication Protocol with Transport Layer Security) is considered one of the most secure EAP methods. It uses strong mutual authentication through digital certificates, providing a high level of security.

EAP-Transport Layer Security (TLS) is considered the most secure authentication type when configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network according to cissp. This is because EAP-TLS provides mutual authentication between the client and the server using digital certificates, which ensures that the user and the network being accessed are legitimate. EAP-TLS also provides for the encryption of communications between the client and the server to protect against eavesdropping. It is a strong and secure way to authenticate devices and users in the VoIP environment.

What's the difference between EAP-TTLS and EAP-TLS? The primary difference is that EAP-TLS requires both the client and the server to identify themselves with a certificate whereas with EAP-TTLS the client does not have to be authenticated via a CA-signed PKI certificate. EAP-TLS, with its certificate-based authentication, is a notch above the others with its superior cryptographic protection. You just need a capable PKI and a reliable RADIUS solution to ease the entire EAP-TLS onboarding process. https://www.securew2.com/blog/eap-tls-vs-eap-ttls-pap#:~:text=WHAT%27S%20THE%20DIFFERENCE%20BETWEEN%20EAP,that%20guarantees%20the%20client%27s%20authenticity.

Extensible authentication protocol EAP-TLS – client and server mutually authenticate & use certs EAP-TTLS – less secure than EAP-TLS EAP-PEAP – encrypted tunnel but less secure than EAP-TLS