Identity and Access Services Flashcards
You are working with a development group on a new web application that will be hosted in the cloud. They need single sign-on capability to exchange authentication and authorization data between multiple security domains and they prefer working with XML. What would you suggest they use?
PAP
RADIUS
SAML
SAML
Security Assertion Markup Language (SAML) is a single sign-on capability used for web applications to ensure user identities can be shared and are protected. It defines standards for exchanging authentication and authorization data between security domains. It is becoming increasingly important with cloud-based solutions and with Software-as-a-Service (SaaS) applications as it ensures interoperability across identity providers
A colleague has been tasked to update the authentication protocols for a very old Windows-based application running on a stand-alone system—it’s still using LANMAN and running on Windows XP. The colleague would prefer to keep using something from Microsoft, but she can’t upgrade the OS past Windows 7 during this effort. Which of the following would you suggest she use?
TACACS+
NTLM
RADIUS
NTLM
NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users and would be the most likely choice from the list of choices. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN)
Which of the following protocols uses a key distribution center and can securely pass a symmetric key over an insecure network?
PAP
LDAP
Kerberos
Kerberos
Kerberos securely passes a symmetric key over an insecure network using the Needham-Schroeder symmetric key protocol. Kerberos is built around the idea of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts: an authentication server (AS) and a ticket-granting server (TGS). Kerberos communicates via “tickets” that serve to prove the identity of users
Your colleague is preparing a talk about TACACS+ authentication and the exchange sequence. He is having trouble remembering the three different packet types used in the authentication process. Which of the following is not one of the three packet types used in TACACS+ authentication?
START
CONTINUE
INITIATE
INITIATE
The TACACS+ authentication process is performed using three different packet types: START, CONTINUE, and REPLY. START and CONTINUE packets originate from the client and are directed to the TACACS+ server. The REPLY packet is used to communicate from the TACACS+ server to the client
While helping to catalog older servers in your data center, you come across a RADIUS accounting server. Your supervisor asks you what RADIUS accounting was typically used for. You tell him it was used mainly for which of the following?
Source and destination IP addresses of network traffic
Applications used by users
Time billing and security logging
Time billing and security logging
The primary functionality of RADIUS accounting was established to support ISPs in their user accounting, and it supports typical accounting functions for time billing and security logging
Your development team needs an authentication solution that supports authentication across stateless platforms. They want you to explain how other applications use Facebook or Goggle logins for authentication. In your explanation, which of the following concepts would you definitely need to mention?
Secure tokens
Secure tickets
XML requests
Secure tokens
Secure tokens provide for authentication across stateless platforms and can be used to identify the holder of the token to any services that adhere to the WS-Trust standard. Secure tokens are transportable, which is what allows users to log in to Twitter or other applications via Facebook
You are establishing a point-to-point link and need to provide authentication using PPP. Which of the following protocols would you consider?
CHAP
RADIUS
SAML
CHAP
Challenge Handshake Authentication Protocol (CHAP) is used to provide authentication across a point-to-point link using PPP
What does the “A” in RADIUS stand for?
Application
Authorization
Authentication
Authentication
The “A” stands for Authentication—Remote Authentication Dial-In User Service (RADIUS)
Which of the following statements regarding TACACS+ is true?
Communications between a TACACS+ client (typically a NAS) and a TACACS+ server are not secure.
Communications between a user (typically a PC) and the TACACS+ client are subject to compromise as communications are usually not encrypted.
TACACS+ is an extension of TACACS and is backward compatible.
Communications between a user (typically a PC) and the TACACS+ client are subject to compromise as communications are usually not encrypted.
Communications between a user (typically a PC) and the TACACS+ client are subject to compromise as they are usually not encrypted
Which of the following protocols involves a two-way handshake and sends the username and password in clear text?
SAML
LDAP
PAP
PAP
Password Authentication Protocol (PAP) authentication involves a two-way handshake in which the username and password are sent across the link in clear text. PAP authentication does not provide any protection against playback and line sniffing
OpenID Connect allows for which of the following?
A third party can authenticate your users for you using accounts the users already have.
Symmetric keys can be shared across unsecured networks.
Identity can be confirmed with a single UDP packet.
A third party can authenticate your users for you using accounts the users already have.
OpenID was created for federated authentication that lets a third party authenticate your users for you, by using accounts the users already have
Your IT group is reworking their user authentication and authorization capabilities. They need something that can be used to control access to objects as well as handle user authentication and authorization. Which of the following protocols would you suggest they use?
TACACS
PPP
LDAP
LDAP
LDAP is a protocol that is commonly used to handle user authentication/authorization as well as control access to Active Directory objects
Which of the following is a service designed to enable single sign-on and federated identity-based authentication and authorization across networks?
PAP
Shibboleth
XAML
Shibboleth
Shibboleth is a service designed to enable single sign-on and federated identity-based authentication and authorization across networks. Shibboleth is a web-based technology that is built using SAML technologies
Which of the following is a true statement about the NTLM protocol?
It uses an encrypted challenge/response protocol to authenticate a user.
It passes user credentials in clear text only.
It is commonly used to integrate UNIX services into a network.
It uses an encrypted challenge/response protocol to authenticate a user.
NTLM uses an encrypted challenge/response protocol to authenticate a user without sending the user’s password over the wire, but the cryptography is considered to be weak and ineffective by today’s standards
Which of the following is an open protocol that allows secure, token-based authentication and authorization from web, desktop, and mobile applications and is used by companies such as Google and Microsoft to permit users to share information about their accounts with third-party applications?
TKIP
OAuth
SAML
OAuth
OAuth (Open Authorization) is an open protocol that allows secure, token-based authorization on the Internet from web, mobile, and desktop applications via a simple and standard method. OAuth is used by companies such as Google, Facebook, Microsoft, and Twitter to permit the users to share information about their accounts with third-party applications or websites
