User-Authentication Methods

Question 1

What authentication method uses a certificate authority and asymmetric cryptography to establish confidentiality and integrity without knowing anything about the other party prior to the conversation?

Answer 1

PKI

Question 2

List the 5 step Kerberos user-authentication method

Answer 2

1) REQUEST for TICKET granting ticket (TGT)
2) TGT RETURNED by authentication service
3) REQUEST for APPLICATION ticket (authenticated with TGT)
4) Application ticket returned
5) User then can Request for service with authenticated application ticket

Question 3

What’s the name given to the conceptual model for managing network security through one central location?

Answer 3

AAA

Question 4

what authentication server allows for domain-level authentication on both wired and wireless networks?

Answer 4

RADIUS

Question 5

What are the two differences between RADIUS and TACACS+?

Answer 5

1) RADIUS combines authentication and authorization into one profile but TACACS separates the two
2) TACACS uses TCP whereas RADIUS uses UDP

Question 6

Which of the following only encrypt the served page data and the submitted data like POST fields? HTTPS or S-HTTP?

Answer 6

S-HTTP

Question 7

What are the two goals of Network Admission Control do?

Answer 7

1) Authenticates
2) ensures systems are safe and secure before they’re allowed to access the network (by checking for malware, os version etc)

Question 8

Name a common example of Network Access Control used in wireless networks? (is also used in wired but less so)

Answer 8

802.1x (port-access)

Question 9

Which client authentication method involves the requesting client using a nonce and an ID value and sequencing them with the shared text-phrase secret to generate a one-way hash value using the MD5 encryption algorithm?

Answer 9

CHAP

Question 10

what framework provides a standardised way of authenticating onto a LAN?

Answer 10

Extensible Authentication Protocol

Question 11

What cryptographic process provides data integrity and origin authentication?

Answer 11

Hashes

Question 12

Which cryptographic algorithm is published by NIST?

Answer 12

SHA

Question 13

Name two implementations of Network Access Control

Answer 13

1) Cisco’s Network Admission Control

2) Microsoft’s Network Policy and Access Services (NPAS)

Question 14

In Network Access Control, Posture Assessment examines the devices when they connect to the network. What 3 items are commonly checked?

Answer 14

1) Anti-malware updates
2) Operating system updates
3) Windows reg settings

Question 15

What is a guest network used for?

Answer 15

It is where a device is held during Posture Assessment during Network Access Control

Question 16

In Network Access Control, what can help support the assessment of endpoints (devices) not owned by the organization and help make BYOD policy possible?

Answer 16

Nonpersistent agents

Question 17

List two reasons why Access Control applied at the resource can be better than controlling access at the Edge/firewall?

Answer 17

1) controls are more granular and more easily controlled by the owner
2) A mistake made on the ACL can cause widespread access issues

Question 18

What network access security method uses EAP and typically authenticates devices with a RADIUS server?

Answer 18

802.1x

Question 19

In NAC, a persistent agent is one that…

Answer 19

is installed on a NAC client and starts when the OS loads.

It provides system wide notifications and alerts

Question 20

In NAC, a nonpersistent or dissolvable agent is one that…

Answer 20

is used to access the device only during log-in, usually through a web portal. It is removed when authentication has taken place.

Question 21

What is the key difference between MS-CHAP and MS-CHAPv2?

Answer 21

v2 can do mutual authentication of both client and server

Question 22

What authentication method is used to overcome the limitations of RADIUS? How?

Answer 22

Diameter

It can encrypt the authentication process using EAP

Question 23

What is one of the limitations of RADIUS authentication?

Answer 23

It only encrypts the password, but not the entire authentication conversation.

Question 24

Which authentication method developed by Cisco allows for interaction with Kerberos?

Answer 24

TACACS+ (Terminal Access Controller, Access-Control System)