Which of the following was based on a previous X.500 specification and allows either unencrypted authentication or encrypted authentication through the use of
TLS?

A.
Kerberos

B.
TACACS+

C.
RADIUS

D.
LDAP

Explanation:
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory
information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the
sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any
organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an
address and a phone number.
A common usage of LDAP is to provide a “single sign on” where one password for a user is shared between many services, such as applying a company login
code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).
LDAP is based on a simpler subset of the standards contained within the X.500 standard. Because of this relationship, LDAP is sometimes called X.500-lite.

A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP and UDP port 389, or on port 636 for
LDAPS. Global Catalog is available by default on ports 3268, and 3269 for LDAPS. The client then sends an operation request to the server, and the server sends
responses in return.
The client may request the following operations:
StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
Incorrect Answers:
A: Kerberos is a computer network authentication protocol which works on the basis of ‘tickets’ to allow nodes communicating over a non-secure network to prove
their identity to one another in a secure manner. Its designers aimed it primarily at a clientserver model and it provides mutual authentication–both the user and the
server verify each other’s identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric key
cryptography and requires a trusted third party, and optionally may use public- key cryptography during certain phases of authentication. Kerberos uses UDP port
88 by default. Kerberos is not based on a previous X.500 specification as is LDAP.
B: Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols handling remote authentication and related services for
networked access control through a centralized server. The original TACACS protocol, which dates back to 1984, was used for communicating with an
authentication server, common in older UNIX networks. TACACS+ and RADIUS have generally replaced TACACS and XTACACS in more recently built or updated
networks. TACACS+ is an entirely new protocol and is not compatible with its predecessors, TACACS and XTACACS. TACACS+ uses TCP (while RADIUS
operates over UDP). Since TACACS+ uses the authentication, authorization, and accounting (AAA) architecture, these separate components of the protocol can be
segregated and handled on separate servers. TACACS+ is not based on a previous X.500 specification as is LDAP.
C: Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA)
management for users who connect and use a network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by
ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. Because of the broad support and
the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks,
and integrated e-mail services. RADIUS is not based on a previous X.500 specification as is LDAP.

http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
http://en.wikipedia.org/wiki/TACACS
http://en.wikipedia.org/wiki/RADIUS