CompTIA Security+ Question L-73

A system administrator is configuring shared secrets on servers and clients. Which of the following authentication services is being deployed by the administrator? (Select two.)

A. Kerberos
B. RADIUS
C. TACACS+
D. LDAP
E. Secure LDAP

Answer: B,D

CompTIA Security+ Question I-13

Which of the following protocols provides for mutual authentication of the client and server?

A. Two-factor authentication
B. Radius
C. Secure LDAP
D. Biometrics

Answer: C

Explanation:
C: The LDAP directory service is based on a client-server model. The function of LDAP is to enable access to an existing directory. Because it is a client-server model it makes provision for mutual authentication between the two parties.

CompTIA Security+ Question G-99

An active directory setting restricts querying to only secure connections. Which of the following ports should be selected to establish a successful connection?

A. 389
B. 440
C. 636
D. 3286

Answer: C

Explanation:
Port 636 is used for secure LDAP (LDAPS).

Incorrect Options:

A: Port 389 is used for LDAP.

B: Port 440 is not used for secure Active Directory connections.

D: Port 3286 is not used for secure Active Directory connections.

Reference:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 147

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

CompTIA Security+ Question G-36

Which of the following is an authentication method that can be secured by using SSL?

A. RADIUS
B. LDAP
C. TACACS+
D. Kerberos

Answer: B

Explanation:
With secure LDAP (LDAPS), all LDAP communications are encrypted with SSL/TLS

CompTIA Security+ Question D-80

Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process?

A. TACACS+
B. Secure LDAP
C. RADIUS
D. Kerberos

Answer: D

Explanation:
The basic process of Kerberos authentication is as follows: The subject provides logon credentials.

The Kerberos client system encrypts the password and transmits the protected credentials to the KDC. The KDC verifies the credentials and then creates a ticket-granting ticket (TGT—a hashed form of the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is encrypted and sent to the client. The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm. The subject requests access to resources on a network server. This causes the client to request a service ticket (ST) from the KDC. The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a time stamp that indicates its valid lifetime. The client receives the ST. The client sends the ST to the network server that hosts the desired resource. The network server verifies the ST. If it’s verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved.