ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A midsize enterprise wants to replace local credentials on 50 Layer-2/3 switches and several SSL VPN gateways with a centralized authentication solution. The chosen protocol must (1) provide both user authentication and detailed session accounting records, (2) integrate with the company's existing Microsoft Active Directory via an external database or LDAP, (3) operate over UDP to reduce overhead, and (4) be directly supported by 802.1X-capable Wi-Fi access points. Which protocol should the security team deploy on the new authentication servers to satisfy all of these requirements?
Remote Authentication Dial-In User Service (RADIUS) was designed for centralized Authentication, Authorization, and Accounting (AAA). It supports detailed accounting records, integrates with directory services such as Microsoft Active Directory by using LDAP or other back-end queries, and by default uses UDP ports (1812 for authentication/authorization and 1813 for accounting), which keeps protocol overhead low. RADIUS is also the de facto back-end for 802.1X network access control used by Wi-Fi access points and wired switches.
By contrast, TACACS+ also supports AAA but uses TCP (typically port 49) rather than UDP, so it does not meet the low-overhead transport requirement. Kerberos focuses on ticket-based authentication without built-in session accounting and is not natively supported by most network devices for 802.1X. SAML 2.0 is a web-centric federation protocol unsuitable for switch or VPN AAA use cases. Therefore, RADIUS is the only option that satisfies all of the stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is RADIUS and how does it function?
Open an interactive chat with Bash
How does RADIUS integrate with Microsoft Active Directory?
Open an interactive chat with Bash
Why is UDP preferred in RADIUS over TCP for authentication?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .