Chapter 5 ■ dentity and Access Management (Domain 5)I 119
- Brian’s large organization has used RADIUS for AAA services for its network devices for
years and has recently become aware of security issues with the unencrypted information
transferred during authentication. How should Brian implement encryption for RADIUS?
A. Use the built-in encryption in RADIUS.
B. Implement RADIUS over its native UDP using TLS for protection.
C. Implement RADIUS over TCP using TLS for protection.
D. Use an AES256 pre-shared cipher between devices. - Jim wants to allow cloud-based applications to act on his behalf to access information
from other sites. Which of the following tools can allow that?
A. Kerberos
B. OAuth
C. OpenID
D. LDAP - Ben’s organization has had an issue with unauthorized access to applications and worksta-
tions during the lunch hour when employees aren’t at their desk. What are the best types
of session management solutions for Ben to recommend to help prevent this type of access?
A. Use session IDs for all access and verify system IP addresses of all workstations.
B. Set session time-outs for applications and use password-protected screensavers with
inactivity time-outs on workstations.
C. Use session IDs for all applications, and use password protected screensavers with
inactivity time-outs on workstations.
D. Set session time-outs for applications and verify system IP addresses of all
workstations. - Match each of the numbered security controls listed with exactly one of the lettered cat-
egories shown. Choose the category that best describes each control. You may use each
control category once, more than once, or not at all.
Controls- Password
- Account reviews
- Badge readers
- MFA
- IDP
CategoriesA. Administrative
B. Tech n ica l
C. Physical