CompTIA Security Plus Mock Test Q1708

During an application design, the development team specifics a LDAP module for single sign-on communication with the company’s access control database. This is an example of which of the following?

A. Application control
B. Data in-transit
C. Identification
D. Authentication

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1446

An application developer needs to allow employees to use their network credentials to access a new application being developed. Which of the following should be configured in the new application to enable this functionality?

A.
LDAP
B. ACLs
C. SNMP
D. IPSec

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1156

A system administrator is configuring shared secrets on servers and clients. Which of the following authentication services is being deployed by the administrator? (Select two.)

A. Kerberos
B. RADIUS
C. TACACS+
D. LDAP
E. Secure LDAP


Correct Answer: B,D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q995

The security manager wants to unify the storage of credential, phone numbers, office numbers, and address information into one system. Which of the following is a system that will support the requirement on its own?

A. LDAP
B. SAML
C. TACACS
D. RADIUS


Correct Answer: A
Section: Access Control and Identity Management

Explanation:
A ‘directory’ contains information about users.
The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and
modify Internet directories.
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information
services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about
users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical
structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

Incorrect Answers:
B: Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular,
between an identity provider and a service provider. SAML is not used for the storage of credential, phone numbers, office numbers, and address information into one system.
C: Terminal Access Controller Access-Control System (TACACS) is a client/server-oriented environment, and operates in a manner similar to RADIUS. TACACS is not used for the
storage of credential, phone numbers, office numbers, and address information into one system.
D: Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users
who connect and use a network service. RADIUS is not used for the storage of credential, phone numbers, office numbers, and address information into one system.

References:
https://msdn.microsoft.com/en-us/library/aa367008(v=vs.85).aspx
https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

CompTIA Security Plus Mock Test Q994

Which of the following protocols is MOST likely to be leveraged by users who need additional information about another user?

A. LDAP
B. RADIUS
C. Kerberos
D. TACACS+


Correct Answer: A
Section: Access Control and Identity Management

Explanation:
A ‘directory’ contains information about users.
The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and
modify Internet directories.
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information
services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about
users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical
structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

Incorrect Answers:
B: Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users
who connect and use a network service. It is not used by users who need additional information about another user. Therefore, this answer is incorrect.
C: Kerberos is an authentication protocol. It is not used by users who need additional information about another user. Therefore, this answer is incorrect.
D: Terminal Access Controller Access-Control System (TACACS +) is a client/server-oriented environment, and operates in a manner similar to RADIUS. It is not used by users who
need additional information about another user. Therefore, this answer is incorrect.

References:
https://msdn.microsoft.com/en-us/library/aa367008(v=vs.85).aspx
https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

CompTIA Security Plus Mock Test Q923

LDAP and Kerberos are commonly used for which of the following?

A. To perform queries on a directory service
B. To store usernames and passwords for Federated Identity
C. To sign SSL wildcard certificates for subdomains
D. To utilize single sign-on capabilities


Correct Answer: D
Section: Access Control and Identity Management

Explanation:
Single sign-on is usually achieved via the Lightweight Directory Access Protocol (LDAP), although Kerberos can also be used.

Incorrect Answers:
A: This refers to LDAP only.
B: Federated Identity links a subject’s accounts from several sites, services, or entities in a single account. It does not make use of LDAP and Kerberos.
C: SSL wildcard certificates are public key certificates, which can be used with multiple subdomains of a domain, for securing web sites with HTTPS.

References:
http://en.wikipedia.org/wiki/Single_sign-on
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
http://en.wikipedia.org/wiki/Federated_identity
http://en.wikipedia.org/wiki/Wildcard_certificate

CompTIA Security Plus Mock Test Q887

Which of the following is an authentication method that can be secured by using SSL?

A. RADIUS
B. LDAP
C. TACACS+
D. Kerberos


Correct Answer: B
Section: Access Control and Identity Management

Explanation:
With secure LDAP (LDAPS), all LDAP communications are encrypted with SSL/TLS

Incorrect Answers:
A, C, D: None of these options have a version that is SSL encrypted.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 147
http://en.wikipedia.org/wiki/Radius
http://en.wikipedia.org/wiki/TACACS
http://en.wikipedia.org/wiki/Kerberos_(protocol)

CompTIA Security Plus Mock Test Q885

A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used?

A. RADIUS
B. SAML
C. TACACS+
D. LDAP


Correct Answer: D
Section: Access Control and Identity Management

Explanation:
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services
over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users,
systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure,
such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol):
dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232
mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
“dn” is the distinguished name of the entry; it is neither an attribute nor a part of the entry. “cn=John Doe” is the entry’s RDN (Relative Distinguished Name), and “dc=example,dc=com”
is the DN of the parent entry, where “dc” denotes ‘Domain Component’. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like “cn” for
common name, “dc” for domain component, “mail” for e-mail address, and “sn” for surname.

Incorrect Answers:
A: A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access. The authentication
method described in this question is not using a RADIUS server.
B: Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular,
between an identity provider and a service provider. The authentication method described in this question is not SAML.
C: Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols handling remote authentication and related services for networked access
control through a centralized server. The authentication method described in this question is not TACACS+.

References:
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#Directory_structure