Final answer:
To securely integrate new devices into an 802.1X EAP-PEAP network, the security administrator should install a self-signed SSL certificate on the RADIUS server and distribute its public key to the client devices to enable server identity verification.
Step-by-step explanation:
When integrating new employees' devices into an 802.1X EAP-PEAP authenticated network, the security administrator should focus on securing the authentication process while making sure that the client devices have the necessary credentials and configurations. The process generally involves installing a RADIUS server to handle the authentication requests and distributing necessary credentials to client devices. Since EAP-PEAP uses a certificate on the server side, the correct answer among the options provided would be:To integrate the new employees' devices into the network securely using 802.1X EAP-PEAP, the security administrator should distribute the device connection policy and a unique public/private key pair to each new employee's device. This will ensure that each device is authenticated and authorized to connect to the network. The device connection policy will specify the requirements for connecting to the network, while the unique key pair will be used for secure communication between the device and the network.
This approach allows the client devices to verify the server's identity as part of the PEAP process. The distribution of the server's public key enables clients to recognize and trust the certificate presented by the RADIUS server during the authentication phase. It is important to note that although self-signed certificates can be used, it is generally recommended to use certificates issued by a trusted Certificate Authority (CA) for better security and trust management across various devices and platforms.