Certified Information Systems Security Professional (CISSP) Practice Exam

The method designed specifically to handle scenarios where user certificates are not feasible is EAP-TTLS. This is an extension of the Tunneled Transport Layer Security, which allows the use of a server-side certificate while permitting various authentication methods within the secure tunnel, such as usernames and passwords.

In situations where user certificates may not be appropriate due to limitations like administrative overhead, cost, or user mobility, EAP-TTLS effectively provides a way to authenticate users without requiring client-side certificates. It creates a secure tunnel using the server’s certificate, ensuring a high level of security while accommodating simpler authentication mechanisms inside that tunnel.

EAP-FAST, on the other hand, also addresses security issues but is more focused on providing fast authentication, often using Protected Access Credentials, and does not specifically target the absence of user certificates. EAPOL pertains to the point-to-point transmission of EAP messages over a wired or wireless medium but is not an authentication method. EAP-TLS relies heavily on a mutual authentication process that necessitates both the client and server to present certificates, making it unsuitable for scenarios without user certificates.