Chapter 21: Access Control and Authentication
In preparation for taking the CompTIA Security+ certification exam, you and one of your buddies are asking each other questions. Your buddy asks, "What are the six steps to establish a RADIUS connection?" How would you answer?
1) A user initiates PPP authentication to the NAS; 2) The NAS prompts for either a username and password (if PAP) or a challenge (if CHAP); 3) The user replies with credentials; 4) The RADIUS client sends the username and encrypted password to the RADIUS server; 5) The RADIUS server responds with Access-Accept, Access-Reject, or Access Challenge; 6) The RADIUS client acts upon services requested by the user.
Your study partner next asks, "What are the seven steps to establish a TACACS+ connection?" How would you answer?
1) A user initiates PPP connection to the NAS; 2) The NAS prompts for either a username and password (if PAP) or a challenge (if CHAP); 3) The user replies with credentials; 4) The TACACS+ client sends a START request to the TACACS+ server; 5) The TACACS+ server responds with either authentication complete or the client sends CONTINUE until complete; 6) The TACACS+ client and server exchange authorization requests; 7) The TACACS+ client acts upon services requested by the user.
As a computer security professional, it is very important that you are able to describe to your superiors how Kerberos authentication works. List the six steps in Kerberos authentication.
1) User presents his credentials and requests a ticket from the key distribution center (KDC); 2) The KDC verifies credentials and issues a ticket-granting ticket (TGT); 3) The user presents a TGT and request for service to the KDC; 4) The KDC verifies authorization and issues a client-to-server ticket (or service ticket); 5) The user presents a request and a client-to-server ticket to the desired service; 6) If the client-to-server ticket is valid, service is granted to the client.
Match the port and the service: 1. FTP A. 139 2. DNS B. 80 3. POP3 C. 21 4. NetBIOS D. 3389 5. HTTP E. 110 6. RDP F. 53
1. FTP C. 21 2. DNS F. 53 3. POP3 E. 110 4. NetBIOS A. 139 5. HTTP B. 80 6. RDP D. 3389
List five different factors that can be used to establish identity, and give an example of each.
1.Something you know (password) 2.Something you have (token) 3.Something you are (biometric) 4.Something you do (walk/gait or typing pattern) 5.Somewhere you are (current location)
Which of the following UDP ports does RADIUS use?
1812 and 1813
Which of the following TCP ports does TACACS+ use?
49 and 65
Which of the following is not a function supported by Point-to-Point Protocol (PPP)?
Password Authentication Protocol (PAP)
Which of the following correctly describes communications between a TACACS+ client and server?
Communication between a TACACS+ client (typically a NAS) and a TACACS+ server is secure, but the communication between a user (typically a PC) and the TACACS+ client is subject to compromise.
Which of the following correctly describes "authentication" in the authentication, authorization, and accounting (AAA) protocols?
Connects access to a previously approved user ID
Which protocol is designed to replace RADIUS?
Diameter
In multifactor authentication, which of the following is not a possession factor (something the user has)?
PIN
A fingerprint is an example of:
Something you are
Which port does Telnet use?
TCP port 23
What is another way of describing Challenge-Handshake Authentication Protocol (CHAP)?
Three-way handshake