CISSP · Question #507
What is the BEST way to establish identity over the internet?
The correct answer is C. Remote Authentication Dial-In User Service (RADIUS) server with hardware tokens. Establishing identity over the internet requires strong, multi-factor authentication mechanisms. RADIUS with hardware tokens provides centralized authentication combined with a physical second factor.
Question
Options
- AChallenge Handshake Authentication Protocol (CHAP) and strong passwords
- BInternet Mail Access Protocol (IMAP) with Triple Data Encryption Standard (3DES)
- CRemote Authentication Dial-In User Service (RADIUS) server with hardware tokens
- DRemote user authentication via Simple Object Access Protocol (SOAP)
How the community answered
(49 responses)- A16% (8)
- B10% (5)
- C69% (34)
- D4% (2)
Why each option
Establishing identity over the internet requires strong, multi-factor authentication mechanisms. RADIUS with hardware tokens provides centralized authentication combined with a physical second factor.
CHAP provides challenge-response authentication but is primarily designed for point-to-point connections and does not scale well for internet-based identity; it also lacks a second authentication factor, making it weaker than MFA solutions.
IMAP is a mail retrieval protocol, not an authentication or identity framework, and pairing it with 3DES addresses email encryption rather than establishing user identity over the internet.
RADIUS is a proven, widely-supported AAA (Authentication, Authorization, and Accounting) protocol designed specifically for network access authentication. Combining it with hardware tokens introduces multi-factor authentication (MFA), requiring both something the user knows and something the user physically possesses, making credential theft or replay attacks significantly harder over the internet.
SOAP is an XML-based messaging protocol used for web services communication and is not designed or recommended as an authentication mechanism for establishing user identity.
Concept tested: Multi-factor authentication and AAA for internet identity
Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
Topics
Community Discussion
No community discussion yet for this question.