EAP-FAST: Understanding the Authentication Protocol


Prev Question Next Question


Which statement is true about EAP-FAST?



Click on the arrows to vote for the correct answer

A. B. C. D.


EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) is an IEEE 802.1X-compatible EAP method that provides mutual authentication between a supplicant and an authentication server. The supplicant can be any device, such as a laptop or mobile phone, that is trying to gain access to a secure network.

Now, let's examine each of the given statements and determine whether they are true or false:

A. EAP-FAST supports Windows single sign-on: This statement is false. Although EAP-FAST provides secure authentication, it does not support Windows single sign-on. Single sign-on is a feature that enables a user to log in to a computer once and gain access to all authorized resources without being prompted to log in again. It is a different technology than EAP-FAST.

B. EAP-FAST is a proprietary protocol: This statement is true. EAP-FAST is a Cisco proprietary protocol that was designed to address the weaknesses of EAP-TLS (Transport Layer Security) and EAP-MD5 (Message-Digest Algorithm 5) authentication methods. It is not an open standard, although it is widely used in Cisco wireless networks.

C. EAP-FAST requires a certificate only on the server side: This statement is false. EAP-FAST uses a server-side certificate and a client-side PAC (Protected Access Credential), which is derived from a password or other shared secret. Both the server and the client must have certificates to perform mutual authentication.

D. EAP-FAST does not support an LDAP database: This statement is false. EAP-FAST can use an LDAP (Lightweight Directory Access Protocol) server to authenticate users. LDAP is a standard protocol that is widely used to manage user accounts and passwords in enterprise networks.

In conclusion, the correct answer is B. EAP-FAST is a proprietary protocol.