WatchGuard AuthPoint: Authentication, Security, and Troubleshooting, Exams of Advanced Education

A comprehensive guide to watchguard authpoint, a multi-factor authentication solution. It covers various authentication factors, methods, and security practices, including something you know, something you have, something you are, and location-based authentication. The document also includes troubleshooting tips for common authpoint issues, such as authentication failures, gateway problems, and ldap synchronization errors. It is a valuable resource for it professionals and security administrators who are responsible for implementing and managing watchguard authpoint.

Typology: Exams

2024/2025

Available from 02/18/2025

solution-master
solution-master ๐Ÿ‡บ๐Ÿ‡ธ

3.3

(28)

11K documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Identity Security Essentials โ€“ WatchGuard study guide solution
Authentication Factor: Something you know - username, password, PIN, secret question
Authentication Factor: Something you have - phone, hardware token, keys, RFID card, certificate private
key
Authentication Factor: Something you are - fingerprint, facial scan, voice recognition
Authentication Factor: Location - geofencing, geokinetics, network locations
(T/F) You do not need the Authpoint mobile app for OTP authentication when you have a hardware
token. - True
What is Authpoint Gateway? - A lightweight software application installed on a network to securely
communicate with RADIUS clients and LDAP databases.
What role does Authpoint Gateway play in the network? - It operates as a RADIUS server, and imports
LDAP users and validates their passwords.
What is the Logon app used for? - to require authentication when users log on to a computer or server
AuthPoint resources include: - IdP Portal, Logon App, RD Web, Firebox, RADIUS Client, SAML, ADFS,
RESTful API Client
Authentication methods available depend on... - the authentication policies that include the end user's
groups.
From most secure to least secure, the authentication methods are: - push/QR code, OTP, password
RADIUS client resources cannot use which authentication method? - QR codes
pf3
pf4
pf5

Partial preview of the text

Download WatchGuard AuthPoint: Authentication, Security, and Troubleshooting and more Exams Advanced Education in PDF only on Docsity!

Identity Security Essentials โ€“ WatchGuard study guide solution Authentication Factor: Something you know - username, password, PIN, secret question Authentication Factor: Something you have - phone, hardware token, keys, RFID card, certificate private key Authentication Factor: Something you are - fingerprint, facial scan, voice recognition Authentication Factor: Location - geofencing, geokinetics, network locations (T/F) You do not need the Authpoint mobile app for OTP authentication when you have a hardware token. - True What is Authpoint Gateway? - A lightweight software application installed on a network to securely communicate with RADIUS clients and LDAP databases. What role does Authpoint Gateway play in the network? - It operates as a RADIUS server, and imports LDAP users and validates their passwords. What is the Logon app used for? - to require authentication when users log on to a computer or server AuthPoint resources include: - IdP Portal, Logon App, RD Web, Firebox, RADIUS Client, SAML, ADFS, RESTful API Client Authentication methods available depend on... - the authentication policies that include the end user's groups. From most secure to least secure, the authentication methods are: - push/QR code, OTP, password RADIUS client resources cannot use which authentication method? - QR codes

For RADIUS authentication using OTP: - Append the OTP to the end of your password without a space (T/F) Users can Migrate All Tokens at once and receive an activation email for each token on a new device. - True How many software and hardware tokens can an AuthPoint user have? - 20 total Third-party hardware token requirements include: - 6-digit time based OPT, 30 or 60 second intervals, Seed File, Key Unlike third-party hardware tokens, WatchGuard hardware tokens do not need a... - Seed File You must add at least one AuthPoint group before adding or importing users because... - Users have to belong to at least one group. What do you need to do before syncing LDAP users? - Link the LDAP external identity to an AuthPoint Gateway, install the Gateway in a location that has Internet access and that can connect to your LDAP server. In order to be synchronised, LDAP users must each have... - a username, first name, and email address What do the colours mean in the User Name column? (Green, Yellow, Red, Grey) - Activated, Quarantined, Blocked, Overallocated What do the colours mean in the Token column? (Grey, Green, Red, Grey) - Assigned, Activated, Blocked, Pending token assignment You should block a user when... - they leave the company or their account/credentials are compromised. You should block a token when... - a user loses their phone.

What does a Primary Gateway do? - Synchronises your LDAP users and enables RADIUS authentication and LDAP user authentication. What does a Secondary Gateway do? - LDAP user authentication when primary is not available. Backup RADIUS server. RADIUS client authentication requests. (T/F) You can link more than one RADIUS client resource to a single AuthPoint Gateway. - True You do not have to enable MS-CHAPv2 if... - the IKEv2 VPN client is only used by local AuthPoint users. What is SAML? - a method used to exchange information between a service provider and an identity provider (e.g. Salesforce or Microsoft) To configure SAML, authentication service providers require... - the metadata file or the metadata URL Best places to start troubleshooting AuthPoint issues: - AuthPoint reports, alerts, audit logs, & gateway log files Troubleshooting the AuthPoint Gateway: - Verify that all four services are running (ADFS, Gateway, LDAP, RADIUS), check Windows Event Viewer Troubleshooting RADIUS Authentication: - WatchCloud audit logs, RADIUS logs on the gateway, firebox log messages, client error messages, check RADIUS port is open. Troubleshooting LDAP Authentication: - WatchCloud audit logs, LDAP logs on the gateway, pcap between gateway & LDAP Troubleshooting RD Web: - IIS server files, Event Viewer for RD Services, AuthPoint audit logs To set up the Logon app, you must: - configure a Logon app resource, configure an authentication policy for the app, download installed & configuration file in same directory.

What are the default RADIUS ports? - 1812 & 1645 (T/F) Hardware tokens already imported are automatically assign to new users. - False (T/F) Blocked users cannot log in using their password even when MFA isn't needed. - True Do you need to share location for geofence & geokinetics to work? - No, if you choose to not share your location your IP address will be used instead. A network policy server (NPS) is also known as a - radius server (T/F) If you share a password with a group, then add a user to the group, that user can see the shared password. - True, they get a notification when they join the group to add it