Chapter 08: Identity and Access Management

Question 1

Name of an authentication framework that is commonly used for wireless networks.

Answer 1

EAP (Extensible Authentication Protocol)

Question 2

______ is an authentication protocol designed to provide more security than protocols like PAP.

Answer 2

CHAP

Question 3

Name microsoft’s version of CHAP.

Answer 3

MS-CHAP

Question 4

_______ is a password-centric authentication protocol that was commonly used with the Point-to-Point protocol to authenticate users.

Answer 4

Password Authentication Protocol (PAP)

Question 5

RADIUS servers often rely upon backend directory using ________ or _______ as a source of identity information.

Answer 5

LDAP or Active Directory

Question 6

Name the four pieces of equipment in an authentication architecture with EAP, RADIUS, and LDAP.

Answer 6

Supplicant -> Authenticator -> Authentication Server -> Directory Services

Question 7

Under an authentication architecture with EAP, RADIUS, and LDAP, what protocol goes from Supplicant to Authenticator?

Answer 7

EAP

Question 8

Under an authentication architecture with EAP, RADIUS, and LDAP, what protocol goes from Authenticator to Authentication Server?

Answer 8

RADIUS

Question 9

AAA

Answer 9

Authentication, Authorization, and Accounting

Question 10

Which authentication extension is cisco designed?
a. Kerberos
b. RADIUS
c. TACACS+
d. LEAP

Answer 10

c. TACACS+

Question 11

Which protocol is designed to operate on untrusted networks and uses authentication to shield its authentication traffic?

Answer 11

Kerberos

Question 12

in kerberos, the client’s first request for a _______.

Answer 12

Ticket-Granting Ticket (TGT)

Question 13

______ is an xml based open standard for exchanging authentication and authorization information. It is often used between identity providers and service providers for web-based applications.

Answer 13

SAML (Security Assertion Markup Language)

Question 14

_____ is an open standard for decentralized authentication. Its identity providers can be leveraged for third-party sites using established identities.

Answer 14

OpenID.

Question 15

“Log in with Google” functionality is an example of _________.

Answer 15

OpenID

Question 16

________ is an open standard for authorization used by many websites. It provides a method for users to determine what information to provide to third-party apps without sharing credentials.

Answer 16

OAuth

Question 17

An example of Google Drive plug-ins requesting access to your files or folders is an example of _______.

Answer 17

OAuth

Question 18

________ systems allow user to log in with a single identity and then use multiple systems or services without reauthenticating.

Answer 18

SSO

Question 19

Which two protocols are SSO typically implemented in Windows Domains.

Answer 19

LDAP and Kerberos

Question 20

Identity information is handled by an ______. They manage the life cycle of digital identities from creation through maintenance to eventual retirement of the identity in the systems and services it supports.

Answer 20

Identity Provider (IdP)

Question 21

In __________ deployments, the identity providers are paired with relying parties, which trust the identity provider to handle authentication and then rely on that authentication to grant access to services.

Answer 21

federated identity deployments

Question 22

Who is the principal under a federated environment?

Answer 22

The user

Question 23

_____ - who provide identity and authentication services via an attestation process in which the IdP validates that the user is who they claim to be.

Answer 23

Identity Providers (IdPs)

Question 24

_______ - who provide services to users whose identities have been attested to by an identity provider.

Answer 24

SPs