CompTIA CASP+ (CAS-003) — Question 158

After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely?

Answer options

• A. Distribute a NAC client and use the client to push the company's private key to all the new devices.
• B. Distribute the device connection policy and a unique public/private key pair to each new employee's device.
• C. Install a self-signed SSL certificate on the company's RADIUS server and distribute the certificate's public key to all new client devices.
• D. Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.

Correct answer: C

Explanation

The correct answer is C because installing a self-signed SSL certificate on the RADIUS server and distributing its public key allows secure communication for authentication via EAP-PEAP. Option A is incorrect as distributing a private key compromises security. Option B does not adequately address the authentication method needed, and option D, while valid in some contexts, does not provide the necessary infrastructure for secure authentication in this scenario.