Security+ Section 6.9.5 Quiz
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP? Certificate-based authentication Mutual authentication Hashed shared secret Three-way handshake
Mutual authentication - MS-CHAP v2 allows mutual authentication, in which the server authenticates to the client.
Which of the following ports are used with TACACS? 22 49 50 and 51 1812 and 1813 3389
49 - Terminal Access Controller Access Control System (TACACS) uses port 49 for TCP and UDP
Which of the following are characteristics of TACACS+? (Select two.) Uses UDP Allows three different servers (one each for authentication, authorization, and accounting) Allows two different servers (one for authentication and authorization and another for accounting) Can be vulnerable to buffer overflow attacks Uses TCP
Allows three different servers (one each for authentication, authorization, and accounting) Uses TCP - ACACS+ was originally developed by Cisco for centralized remote access administration. TACACS+: Provides three protocols (one each for authentication, authorization, and accounting). This allows each service to be provided by a different server. Uses TCP. Encrypts the entire packet contents. Supports more protocol suites than RADIUS.
RADIUS is primarily used for what purpose?
Authenticating remote clients before access to the network is granted - Remote Authentication Dial-In User Service (RADIUS) is primarily used for authenticating remote clients before access to a network is granted. RADIUS is based on RFC 2865 and maintains client profiles in a centralized database. RADIUS offloads the authentication burden for dial-in users from the normal authentication of local network clients. For environments with a large number of dial-in clients, RADIUS provides improved security, easier administration, improved logging, and alleviated performance impact on LAN security systems.
Which of the following is a characteristic of TACACS+? Uses UDP ports 1812 and 1813 Encrypts the entire packet, not just authentication packets Supports only TCP/IP Requires that authentication and authorization are combined in a single server
Encrypts the entire packet, not just authentication packets - TACACS+ was originally developed by Cisco for centralized remote access administration. TACACS+: Provides three protocols (one each for authentication, authorization, and accounting). This allows each service to be provided by a different server. Uses TCP port 49. Encrypts the entire packet contents, not just authentication packets. Supports more protocol suites than RADIUS.
Which of the following authentication protocols transmits passwords in cleartext and, therefore, is considered too unsecure for modern networks? EAP CHAP PAP RADIUS
PAP - Password Authentication Protocol (PAP) is considered unsecure because it transmits password information in cleartext. Anyone who sniffs PAP traffic from a network can view the password information from a PAP packet with a simple traffic analyzer.
Which of the following are differences between RADIUS and TACACS+? RADIUS uses TCP; TACACS+ uses UDP. RADIUS encrypts the entire packet contents; TACACS+ only encrypts the password. RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers. RADIUS supports more protocols than TACACS+.
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers. - TACACS+ provides three protocols (one each for authentication, authorization, and accounting). This allows each service to be provided by a different server. In addition, TACACS+:
You often travel away from the office. While traveling, you would like to use your laptop computer to connect directly to a server in your office and access files. You want the connection to be as secure as possible. Which type of connection do you need?
Remote access - Use a remote access connection to connect directly to a server at a remote location.
What does a remote access server use for authorization?
Remote access policies -Authorization is the process of identifying the resources that a user can access over a remote access connection. Authorization is controlled through the use of network policies (remote access policies) and access control lists (ACLs). Authorization can restrict access based on: Time of day Type of connection (PPP or PPPoE, wired or wireless) Location of the resource (restrict access to specific servers)
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.) TACACS+ EAP AAA PKI RADIUS
TACACS+ RADIUS - Both RADIUS and TACACS+ are protocols used for centralized authentication, authorization, and accounting with remote access. Remote access clients send authentication credentials to remote access servers. Remote access servers are configured as clients to the RADIUS or TACACS+ servers and forward the authentication credentials to the servers. The servers maintain a database of users and policies that control access for multiple remote access servers.