CompTIA Security Plus Mock Test Q991

Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?

A. Kerberos
B. LDAP
C. SAML
D. RADIUS


Correct Answer: D
Section: Access Control and Identity Management

Explanation:
EAP-TLS, defined in RFC 2716, is an IETF open standard, and is well-supported among wireless vendors. It offers a good deal of security, since TLS is considered the successor of
the SSL standard. It uses PKI to secure communication to the RADIUS authentication server.
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users
who connect and use a network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to
the Internet or internal networks, wireless networks, and integrated e-mail services.

Incorrect Answers:
A: Kerberos makes use of encryption keys as tickets with time stamps to prove identity and grant access to resources. It is not used to authenticate and log connections from wireless
users connecting with EAP-TLS. Therefore, this answer is incorrect.
B: The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information
services over an Internet Protocol (IP) network. It is not used to authenticate and log connections from wireless users connecting with EAP-TLS. Therefore, this answer is incorrect.
C: Security Assertion Markup Language (SAML) is an open-standard data format centered on XML. It is used for supporting the exchange of authentication and authorization details
between systems, services, and devices. It is not used to authenticate and log connections from wireless users connecting with EAP-TLS. Therefore, this answer is incorrect.

References:
http://en.wikipedia.org/wiki/RADIUS
http://wiki.freeradius.org/protocol/EAP