View all questions & answers for the FCP - FortiAuthenticator 6.5 Administrator Exam Materials exam
Question 9 Discussion
Comments
Selected Answers: A
This table summarizes the five EAP options that FortiAuthenticator supports.
• PEAP forms a potentially encrypted and authenticated TLS tunnel between the client and server using a
digital certificate on the server. It is known as the outer authentication method because it creates only the
TLS tunnel, to protect authentication transactions. Once the outer tunnel is formed, FortiAuthenticator uses
an EAP-type tunnel as an inner authentication method, such as MSCHAPv2.
• EAP-TTLS (or tunneled transport layer security) extends the TLS protocol. It uses digital certificates on the
server side only. After the server is securely authenticated to the client, it uses the tunnel (the secure
connection) to authenticate the client.
• EAP-GTC is a type of inner authentication method for PEAP, which provides user or device information. It
carries a text challenge from the authentication server and a reply that a security token generates. It allows
generic authentications to virtually any identity store, including OTP token servers, LDAP, Novell
eDirectory, and more. It uses digital certificates on the server side only.
• EAP-MSCHAPv2 is a means for a client and server to mutually authenticate each other, using MSCHAPv2
packets encapsulated in EAP messages, without the need for a client-side certificate.
• EAP-TLS also uses the TLS protocol and is considered one of the most secure EAP standards available
because it supports certificate-based authentication with public keys on both the server and client sides. It
is also the most commonly used method when supporting bring your own device (BYOD) in the enterprise.
Which EAP method is known as the outer authentication method? (Choose one answer)
Brave-Dump Clients Votes