nerdexam
EC-Council

312-50V10 · Question #124

An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Fram

The correct answer is B. RADIUS. RADIUS was purpose-built for ISP network access authentication across heterogeneous access technologies including dial-up, DSL, wireless, and VPN.

Information Security and Ethical Hacking Fundamentals

Question

An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol is the most likely able to handle this requirement?

Options

  • ADIAMETER
  • BRADIUS
  • CTACACS+
  • DKerberos

How the community answered

(22 responses)
  • B
    91% (20)
  • C
    5% (1)
  • D
    5% (1)

Why each option

RADIUS was purpose-built for ISP network access authentication across heterogeneous access technologies including dial-up, DSL, wireless, and VPN.

ADIAMETER

DIAMETER is the next-generation AAA protocol adopted primarily for mobile carrier (3G/4G/5G) and IMS networks, and is not the conventional solution for the legacy dial-up and DSL ISP access scenario described.

BRADIUSCorrect

RADIUS (Remote Authentication Dial-In User Service) was originally designed specifically for authenticating dial-up modem users and has since been extended to cover DSL, wireless data services, and VPN access - exactly the technology mix described in the scenario. It operates over UDP with a NAS-client to RADIUS-server model that scales efficiently for the large subscriber bases ISPs manage. Its wide compatibility with legacy and modern access technologies makes it the standard AAA solution in ISP environments.

CTACACS+

TACACS+ is designed for device administration and privileged access control on network equipment such as routers and switches, not for authenticating end-user network access connections across diverse ISP access technologies.

DKerberos

Kerberos is a ticket-granting authentication protocol built for enterprise LAN and Active Directory environments, and lacks the NAS integration and network access accounting capabilities required for ISP subscriber authentication.

Concept tested: RADIUS protocol for ISP multi-technology AAA

Source: https://www.rfc-editor.org/rfc/rfc2865

Topics

#RADIUS#AAA protocol#network authentication#ISP security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice