Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol,
which can utilize EAP. Which of the following would BEST fit her objective?
A.
CHAP
B.
SAML
C.
Kerberos
D.
Diameter
Explanation:
Diameter is an authentication, authorization, and accounting protocol that replaces the RADIUS protocol.
Diameter Applications extend the base protocol by including new commands and/or attributes, such as
those for use of the Extensible Authentication Protocol (EAP).Incorrect Answers:
A: CHAP is a non-EAP authentication mechanism.
B: Security Assertion Markup Language (SAML) is an open-standard data format based on XML, it is not an
authentication protocol.
C: Kerberos makes use of encryption keys as tickets with time stamps to prove identity and grant access
to resources. Kerberos does not make use of EAP.http://en.wikipedia.org/wiki/Diameter_(protocol)
http://tools.ietf.org/html/rfc3748
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 275
A- CHAP is a very old, un-secure protocol…therefore it is not “more secure”
B- Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. This has nothing to do with RADIUS.
C-KERBEROS is not a transmission protocol. Kerberos is a computer network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner
So the answer is D- Diameter (even thou it is the very first time I hear about this)
0
0