CompTIA Security Plus Mock Test Q862

Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective?

C. Kerberos
D. Diameter

Correct Answer: D
Section: Access Control and Identity Management

Diameter is an authentication, authorization, and accounting protocol that replaces the RADIUS protocol. Diameter Applications extend the base protocol by including new commands
and/or attributes, such as those for use of the Extensible Authentication Protocol (EAP).

Incorrect Answers:
A: CHAP is a non-EAP authentication mechanism.
B: Security Assertion Markup Language (SAML) is an open-standard data format based on XML, it is not an authentication protocol.
C: Kerberos makes use of encryption keys as tickets with time stamps to prove identity and grant access to resources. Kerberos does not make use of EAP.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 275