Explanation
The authentication method that is referenced in the 802.11-2016 and 802.11-2020 specifications and is recommended for robust WLAN client security is 802.1X/EAP. 802.1X/EAP stands for IEEE 802.1X Port-Based Network Access Control with Extensible Authentication Protocol and is a framework that provides strong authentication and dynamic encryption key generation for WLAN clients. 802.1X/EAP involves three parties: the supplicant (the client), the authenticator (the AP or the controller), and the authentication server (usually a RADIUS server). The supplicant sends its credentials (such as username and password, certificate, or token) to the authenticator, which forwards them to the authentication server. The authentication server verifies the credentials and sends a response to the authenticator, which grants or denies access to the supplicant. The authentication server also generates a master key that is used to derive encryption keys for the data frames between the supplicant and the authenticator. 802.1X/EAP supports various EAP methods that offer different levels of security and flexibility, such as EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, and EAP-SIM. SSL, IPSec, and WEP are not authentication methods, but rather encryption or security protocols that are not specific to WLANs or referenced in the 802.11 specifications. References: [CWNP Certified Wireless Network Administrator Official Study Guide: Exam CWNA-107], page 299; [CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-106], page 289.