nerdexam
(ISC)2

CISSP · Question #507

What is the BEST way to establish identity over the internet?

The correct answer is C. Remote Authentication Dial-In User Service (RADIUS) server with hardware tokens. Establishing identity over the internet requires strong, multi-factor authentication mechanisms. RADIUS with hardware tokens provides centralized authentication combined with a physical second factor.

Submitted by ahmad_uae· Mar 5, 2026Identity and Access Management

Question

What is the BEST way to establish identity over the internet?

Options

  • AChallenge Handshake Authentication Protocol (CHAP) and strong passwords
  • BInternet Mail Access Protocol (IMAP) with Triple Data Encryption Standard (3DES)
  • CRemote Authentication Dial-In User Service (RADIUS) server with hardware tokens
  • DRemote user authentication via Simple Object Access Protocol (SOAP)

How the community answered

(49 responses)
  • A
    16% (8)
  • B
    10% (5)
  • C
    69% (34)
  • D
    4% (2)

Why each option

Establishing identity over the internet requires strong, multi-factor authentication mechanisms. RADIUS with hardware tokens provides centralized authentication combined with a physical second factor.

AChallenge Handshake Authentication Protocol (CHAP) and strong passwords

CHAP provides challenge-response authentication but is primarily designed for point-to-point connections and does not scale well for internet-based identity; it also lacks a second authentication factor, making it weaker than MFA solutions.

BInternet Mail Access Protocol (IMAP) with Triple Data Encryption Standard (3DES)

IMAP is a mail retrieval protocol, not an authentication or identity framework, and pairing it with 3DES addresses email encryption rather than establishing user identity over the internet.

CRemote Authentication Dial-In User Service (RADIUS) server with hardware tokensCorrect

RADIUS is a proven, widely-supported AAA (Authentication, Authorization, and Accounting) protocol designed specifically for network access authentication. Combining it with hardware tokens introduces multi-factor authentication (MFA), requiring both something the user knows and something the user physically possesses, making credential theft or replay attacks significantly harder over the internet.

DRemote user authentication via Simple Object Access Protocol (SOAP)

SOAP is an XML-based messaging protocol used for web services communication and is not designed or recommended as an authentication mechanism for establishing user identity.

Concept tested: Multi-factor authentication and AAA for internet identity

Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

Topics

#Remote authentication#hardware tokens#RADIUS#strong authentication

Community Discussion

No community discussion yet for this question.

Full CISSP Practice