When using a tunneled EAP type, such as PEAP, what component is protected inside the TLS tunnel so that it is not sent in clear text across the wireless medium?
Correct Answer: B
In tunneled EAP types (e.g., PEAP, EAP-TTLS):
A secure TLS tunnel is first established using the server's certificate.
Then, user credentials (e.g., username/password) are sent through the encrypted tunnel to ensure confidentiality.
Incorrect:
A). Certificates are exchanged during tunnel establishment, not protected within it.
C). Server credentials are used to establish the tunnel, not protected inside it.
D). The RADIUS shared secret secures communication between AP/controller and RADIUS server-not sent via the tunnel.
References:
CWSP-208 Study Guide, Chapter 4 (Tunneled EAP Methods)
IEEE 802.1X and EAP Specifications