Name two common EAP methods and a brief description.

• A. EAP-MD5 uses certificate-based mutual authentication.
• B. EAP-TTLS uses a protected tunnel using TLS with a username and password.
• C. EAP-TLS uses certificates for mutual authentication; EAP-PEAP creates a protected tunnel using TLS with username/password.
• D. EAP-FAST uses pre-shared keys.

Answer: (C)

In this topic, you’re looking at how EAP methods handle authentication in wireless networks. Two common methods are EAP-TLS and EAP-PEAP. EAP-TLS uses certificates on both the client and the server, so they can authenticate each other and a secure channel is established. EAP-PEAP, on the other hand, builds a protected TLS tunnel using the server’s certificate; inside that tunnel, the client provides credentials (typically a username and password) to the authentication server, often using an inner method.

This pairing is widely used because it combines strong security with practical deployment: the server’s certificate protects the initial channel, and inside the tunnel credentials are protected from eavesdropping. Other options aren’t as accurate: EAP-MD5 does not use certificates and offers very weak security; EAP-TTLS also creates a TLS tunnel but the description in that choice is less precise about how credentials are handled inside the tunnel; EAP-FAST relies on PACs and isn’t correctly described as simply using a pre-shared key.