Which of the following two statements apply to EAP-FAST? (Choose two.)
Click on the arrows to vote for the correct answerA. B. C. D.
EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) is an EAP authentication protocol used in wireless networks. It is designed to provide secure wireless access to devices that do not support digital certificates, such as barcode scanners or printers. EAP-FAST has several features that make it useful in certain environments.
The correct answers to the question are A and C. Here is a detailed explanation of why:
A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.
One of the advantages of EAP-FAST is that it does not require digital certificates to be deployed on client devices. This makes it a good option for environments where it may be difficult or impractical to deploy certificates, such as in retail or healthcare settings. Instead, EAP-FAST uses a shared secret to establish a secure tunnel between the client and the authentication server. This shared secret can be a username and password or a token generated by a third-party authentication server.
In addition, EAP-FAST supports several password-based authentication methods, such as PEAPv0/EAP-MSCHAPv2, that do not require digital certificates. This makes it a flexible option for organizations that need to support a variety of devices and authentication methods.
C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack).
EAP-FAST provides protection against several types of attacks, including authentication forging and packet forgery (replay attack). Authentication forging occurs when an attacker attempts to impersonate a legitimate client by sending false authentication requests to the authentication server. EAP-FAST uses a shared secret to establish a secure tunnel between the client and the authentication server, which prevents authentication forging.
Packet forgery, or replay attack, occurs when an attacker intercepts and retransmits packets sent between the client and the authentication server. EAP-FAST uses a nonce (a random number) in each authentication request and response to prevent packet forgery. The nonce ensures that each authentication session is unique and cannot be replayed by an attacker.
B. EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.
This statement is not correct. While EAP-FAST was initially developed by Cisco, it is now an open standard and is supported by many other vendors. In fact, EAP-FAST is included in the IEEE 802.11i standard for wireless security, which specifies the use of EAP-FAST for wireless authentication. EAP-FAST is also compatible with the 802.1X standard for port-based network access control.