Module 13 - Authentication Methods & Services - Q&A Flashcards
Which of the following allows a user to use one set of credentials throughout an enterprise? A. TACACS B. RADIUS C. Single Sign-on D. TACACS +
C. Single sign-on allows a user to use one set of credentials throughout an enterprise to access various resources without having to reauthenticate with a different set of credentials.
Which of the following would use a SHA-2 algorithm to generate a password that is used for only one session? A. Kerberos Authentication Service B. HOTP C. TOTP D. Kerberos Ticket-Granting Service
B. The HMAC-based One-Time Password (HOTP) algorithm uses hashing algorithms, such as SHA, to generate one-time passwords.
Which of the following authentication protocols sends user and password information in clear text? A. PAP B. CHAP C. MS-CHAP v2 D. MS-CHAP
A. The Password Authentication Protocol (PAP) sends user and password information in clear text and should not be used.
Which of the following authentication protocols was the first of its kind to offer challenge-response mechanisms for protecting user credentials sent over a network? A. PPP B. Kerberos C. PAP D. CHAP
D. The Challenge Handshake Authentication Protocol (CHAP) was the first authentication protocol designed to offer challenge-response mechanisms for protecting user credentials sent over a network.
Under which of the following circumstances would a Windows host use Kerberos instead of NTLM v2 to authenticate users?
A. Authenticating to a server using only an IP address
B. Authenticating to a modern Windows Active Directory domain
C. Authenticating to a different Active Directory forest with legacy trusts enabled
D. Authenticating to a server in a Windows workgroup
B. When authenticating to a modern Windows Active Directory domain, Windows uses Kerberos as its authentication protocol by default.
Which of the following issues a service ticket to a user in a Kerberos realm? A. Authentication Service B. Server Service C. Ticket-Granting Service D. Key Distribution Center
C. The Ticket-Granting Service issues a service ticket to a user in a Kerberos realm.
Which of the following remote authentication protocols uses UDP ports 1812 and 1813? A. L2TP B. TACACS + C. TACACS D. RADIUS
D. RADIUS uses UDP ports 1812 and 1813.
All of the following are characteristics of the RADIUS authentication protocol, except:
A. It encrypts data between the RADIUS client and the remote host.
B. It uses UDP port 1812 for authentication and authorization.
C. It supports both PAP and CHAP.
D. The RADIUS client is the network access server that requests authentication information from the RADIUS server.
A. RADIUS does not encrypt data between the RADIUS client and the remote host.
Which of the following remote authentication protocols can use both Kerberos and EAP, as well as multifactor authentication? A. RADIUS B. TACACS + C. TACACS D. PPTP
B. TACACS + supports both Kerberos and EAP, as well as multifactor authentication.
Which of the following are characteristics of the Point-to-Point Tunneling Protocol (PPTP)? (Choose two.)
A. Uses TCP port 1723
B. Uses TCP port 1701
C. Uses MPPE as its encryption protocol
D. Uses IPsec as its encryption protocol Answers
A, C. PPTP uses TCP port 1723 as well as MPPE for its security protocol and encryption mechanism.
