CISSP PRACTICE QUESTIONS – 20200803

Effective CISSP Questions

You’re implementing a VPN solution to connect a branch office to the headquarters through gateways with a T1 connection to the internet and ISDN BRI service as redundancy. Which of the following is least likely employed to authenticate VPN connections? (Source: Wentz QOTD)
A. PAP
B. EAP-MD5
C. 802.1X
D. RADIUS


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. 802.1X.

VPN and EAP

ISDN (Integrated Services Digital Network) comes from the telephony industry. ISDN PRI is typically used to connect the private branch exchange (PBX) to the central office (CO), while ISDN BRI (Basic Rate Interface) provides dial-up services. It “was” a popular configuration that ISDN BRI serves as a backup line for business’s inter-office and internet connectivity. However, ISDN is almost phased out nowadays.

PPP

Gateways with ISDN BRI interface as a dial-up backup line typically run over PPP (point-to-point protocol). A peer can authenticate to the authenticator through the layer 2 data link established by PPP through the following authentication protocols:

  • PAP (Password Authentication Protocol)
  • CHAP (Challenge-Handshake Authentication Protocol)
  • EAP (Extensible Authentication Protocol)

EAP-MD5

EAP is an authentication framework which supports multiple authentications
methods. In other words, it’s open for vendors to expand EAP methods. EAP-MD5 is a native/mandatory requirement in EAP as defined in RFC 3478.

RADIUS

Even though EAP supports peer-to-peer operation, it’s more common for EAP authenticators to pass through EAP traffic to the backend authentication server, the RADIUS or AAA (Authentication, Authorization, and Accounting) server.

802.1X

802.1X is also known as EAPOL or EAP Over LANs. As the name implies, it works on LANs, both wired and wireless networks. Switch Hubs or Access Points (AP) that support 801.X can serve as the authenticator and request hosts (peers) to authenticate through EAP. However, 802.1X is not applicable to the VPN.

Reference


您正在實施VPN解決方案,以將分公司連接到總部。使用的閘道器使用T1連接到Internet並以ISDN BRI服務作為備援。 以下哪項最不可能用於驗證VPN連接?
A. PAP
B. EAP-MD5
C. 802.1X
D. RADIUS


A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

Buy Your Copy

 

 

 

Leave a Reply