Wentz is a co-founder of Amicliens, a company from Taiwan delivering business solutions. He enjoys applying IT technologies to solve business problems and has been working in the IT industry for over 20 years.
Your company implemented Federated Identity Management (FIM) based on SAML to support Single Sign-On (SSO). Which of the following is not true? (Source: Wentz QOTD)
A. A user may have an identity in each domain and multiple identities across domains.
B. A federated identity is a pseudonym shared between domains to hide a user’s identity.
C. A relying party authorizes access requests based on assertions expressed in XACML.
D. SSO relies on the service provider’s (SP) trust in the Identity Provider (IdP).
In the Kerberos network authentication system, a client initiates authentication requests to the authentication service (AS) to obtain authentication credentials for a given server. Which of the following is not true? (Source: Wentz QOTD)
A. The AS is subject to the chosen-ciphertext attack.
B. The client sends its own identity to the AS in cleartext when logging in.
C. The AS doesn’t know whether the client sends a genuine identity or not.
D. The client doesn’t send its password or secret key to the AS when logging in.
In the Kerberos network authentication system, clients, the KDC, and application servers are the well-known three-headed architectural components. Which of the following best describes the operations of Kerberos? (Source: Wentz QOTD)
A. The KDC manages all the keys and is resistant to denial-of-service attacks.
B. Clients on the network interact with the KDC and servers asynchronously.
C. Realms must be organized hierarchically to support cross-realm authentication.
D. Initial ticket requests from clients are handled by the authentication service (AS).
You’re implementing a VPN solution to connect a branch office to the headquarters through gateways with a T1 connection to the internet and ISDN BRI service as redundancy. Which of the following is least likely employed to authenticate VPN connections? (Source: Wentz QOTD)
You’re implementing IPsec to protect data in transit. Which of the following is the least feasible through IPsec? (Source: Wentz QOTD)
A. Build a virtual data link over frame relay to connect two remote offices
B. Secure TFTP traffic that updates the firmware of network devices
C. Protect traffic between browsers and the enterprise information portal over LAN
D. Authenticate security gateways that establish the tunnel between two remote offices
You’re implementing an L2TP/IPsec VPN solution to support remote employees. Which of the following is not true? (Source: Wentz QOTD)
A. AH may not be available in IPsec
B. AH ensures integrity only, but not confidentiality through encryption
C. Implementation of ESP is a mandatory requirement of IPsec
D. ESP ensures both confidentiality and the same level of integrity as AH does