CompTIA CASP+ (CAS-003) — Question 328

A company provides guest WiFi access to the Internet and physically separates the guest network from the company's internal WiFi. Due to a recent incident in which an attacker gained access to the company's internal WiFi, the company plans to configure WPA2 Enterprise in an EAP-TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

Answer options

• A. Active Directory GPOs
• B. PKI certificates
• C. Host-based firewall
• D. NAC persistent agent

Correct answer: A

Explanation

The correct answer is A, as Active Directory Group Policy Objects (GPOs) are necessary to manage the deployment and configuration of the EAP-TLS settings on authorized hosts. Options B, C, and D, while related to security or network management, do not specifically address the requirements for EAP-TLS functionality in this context.