CompTIA Security+ (SY0-501) — Question 811

A technician wants to implement PKI-based authentication on an enterprise wireless network. Which of the following should the technician configure to enforce the use of client-side certificates?

Answer options

• A. 802.1X with PEAP
• B. WPA2-PSK
• C. EAP-TLS
• D. RADIUS Federation

Correct answer: C

Explanation

EAP-TLS is the correct answer because it specifically requires the use of client-side certificates for authentication, making it a strong choice for PKI-based setups. In contrast, 802.1X with PEAP does not mandate client certificates, WPA2-PSK relies on a pre-shared key instead of certificates, and RADIUS Federation is not directly related to client certificate enforcement.