Question 76 of 240 from exam 400-351: CCIE Wireless Written Exam

ABD.

When using an LDAP backend database that does not return a cleartext password, the following three EAP types are supported:

A. EAP-FAST-GTC: EAP-FAST (Flexible Authentication via Secure Tunneling) is a protocol that enables secure, anonymous authentication of a wireless client to an authentication server. GTC (Generic Token Card) is a password-based EAP method that uses a challenge-response mechanism to authenticate the client.

C. PEAPv0-MS-CHAPv2: PEAP (Protected Extensible Authentication Protocol) is a protocol that encapsulates EAP within an encrypted and authenticated tunnel. MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2) is a password-based EAP method that uses a challenge-response mechanism to authenticate the client.

D. PEAPv1-GTC: This is similar to PEAPv0-MS-CHAPv2, but it uses GTC instead of MS-CHAPv2 as the EAP method.

The other options are not compatible with an LDAP backend database that does not return a cleartext password:

B. EAP-TLS: EAP-TLS (Transport Layer Security) is a certificate-based EAP method that requires both the client and server to have a digital certificate.

E. EAP-FAST-MS-CHAPv2: This is similar to EAP-FAST-GTC, but it uses MS-CHAPv2 instead of GTC as the EAP method.

F. LEAP: LEAP (Lightweight Extensible Authentication Protocol) is an obsolete EAP method that is no longer considered secure and should not be used.