124 Chapter 5 ■ dentity and Access Management (Domain 5)I
- What open protocol was designed to replace RADIUS—including support for additional
commands and protocols, replacing UDP traffic with TCP, and providing for extensible
commands—but does not preserve backward compatibility with RADIUS?
A. TACACS
B. RADIUS-NG
C. Kerberos
D. Diameter - LDAP distinguished names (DNs) are made up of comma-separated components called rel-
ative distinguished names (RDNs) that have an attribute name and a value. DNs become
less specific as they progress from left to right. Which of the following LDAP DNs best fits
this rule?
A. uid=ben,ou=sales,dc=example,dc=com
B. uid=ben,dc=com,dc=example
C. dc=com,dc=example,ou=sales,uid=ben
D. ou=sales,dc=com,dc=example - Susan is troubleshooting Kerberos authentication problems with symptoms including
TGTs that are not accepted as valid and an inability to receive new tickets. If the system
she is troubleshooting is properly configured for Kerberos authentication, her username
and password are correct, and her network connection is functioning, what is the most
likely issue?
A. The Kerberos server is offline.
B. There is a protocol mismatch.
C. The client’s TGTs have been marked as compromised and de-authorized.
D. The Kerberos server and the local client’s time clocks are not synchronized. - Kerberos, KryptoKnight, and SESAME are all examples of what type of system?
A. SSO
B. PKI
C. CMS
D. Directory - Which of the following access control categories would not include a door lock?
A. Physical
B. Directive
C. Preventative
D. Deterrent