Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would
BEST fit her objective?
A.
CHAP
B.
SAML
C.
Kerberos
D.
Diameter
Explanation:
Diameter is an authentication, authorization, and accounting protocol that replaces the RADIUS protocol. Diameter Applications extend the base protocol by
including new commands and/or attributes, such as those for use of the Extensible Authentication Protocol (EAP).
Incorrect Answers:
A: CHAP is a non-EAP authentication mechanism.
B: Security Assertion Markup Language (SAML) is an open-standard data format based on XML, it is not an authentication protocol.
C: Kerberos makes use of encryption keys as tickets with time stamps to prove identity and grant access to resources. Kerberos does not make use of EAP.http://en.wikipedia.org/wiki/Diameter_(protocol)
http://tools.ietf.org/html/rfc3748
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 275.