Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 163

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

Answer options

• A. EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.
• B. EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.
• C. EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.
• D. EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.

Correct answer: C

Explanation

The correct answer is C because EAP-TLS enhances security by requiring a device certificate for authentication, which is a stronger method compared to just using a username and password. Options A and B are incorrect because EAP-TLS does not rely on a username and password, and both protocols utilize a single authentication method in their own ways. Option D is misleading as EAP-MS-CHAPv2 does provide some level of credential protection, but it is not as robust as the security offered by EAP-TLS.