CompTIA Security Plus Mock Test Q862

Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective?

A. CHAP
B. SAML
C. Kerberos
D. Diameter

Correct Answer: D
Section: Access Control and Identity Management

Explanation:
Diameter is an authentication, authorization, and accounting protocol that replaces the RADIUS protocol. Diameter Applications extend the base protocol by including new commands
and/or attributes, such as those for use of the Extensible Authentication Protocol (EAP).

Incorrect Answers:
A: CHAP is a non-EAP authentication mechanism.
B: Security Assertion Markup Language (SAML) is an open-standard data format based on XML, it is not an authentication protocol.
C: Kerberos makes use of encryption keys as tickets with time stamps to prove identity and grant access to resources. Kerberos does not make use of EAP.

References:
http://en.wikipedia.org/wiki/Diameter_(protocol)
http://tools.ietf.org/html/rfc3748
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 275