



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A comprehensive guide to watchguard authpoint, a multi-factor authentication solution. It covers various authentication factors, methods, and security practices, including something you know, something you have, something you are, and location-based authentication. The document also includes troubleshooting tips for common authpoint issues, such as authentication failures, gateway problems, and ldap synchronization errors. It is a valuable resource for it professionals and security administrators who are responsible for implementing and managing watchguard authpoint.
Typology: Exams
1 / 5
This page cannot be seen from the preview
Don't miss anything!




Identity Security Essentials โ WatchGuard study guide solution Authentication Factor: Something you know - username, password, PIN, secret question Authentication Factor: Something you have - phone, hardware token, keys, RFID card, certificate private key Authentication Factor: Something you are - fingerprint, facial scan, voice recognition Authentication Factor: Location - geofencing, geokinetics, network locations (T/F) You do not need the Authpoint mobile app for OTP authentication when you have a hardware token. - True What is Authpoint Gateway? - A lightweight software application installed on a network to securely communicate with RADIUS clients and LDAP databases. What role does Authpoint Gateway play in the network? - It operates as a RADIUS server, and imports LDAP users and validates their passwords. What is the Logon app used for? - to require authentication when users log on to a computer or server AuthPoint resources include: - IdP Portal, Logon App, RD Web, Firebox, RADIUS Client, SAML, ADFS, RESTful API Client Authentication methods available depend on... - the authentication policies that include the end user's groups. From most secure to least secure, the authentication methods are: - push/QR code, OTP, password RADIUS client resources cannot use which authentication method? - QR codes
For RADIUS authentication using OTP: - Append the OTP to the end of your password without a space (T/F) Users can Migrate All Tokens at once and receive an activation email for each token on a new device. - True How many software and hardware tokens can an AuthPoint user have? - 20 total Third-party hardware token requirements include: - 6-digit time based OPT, 30 or 60 second intervals, Seed File, Key Unlike third-party hardware tokens, WatchGuard hardware tokens do not need a... - Seed File You must add at least one AuthPoint group before adding or importing users because... - Users have to belong to at least one group. What do you need to do before syncing LDAP users? - Link the LDAP external identity to an AuthPoint Gateway, install the Gateway in a location that has Internet access and that can connect to your LDAP server. In order to be synchronised, LDAP users must each have... - a username, first name, and email address What do the colours mean in the User Name column? (Green, Yellow, Red, Grey) - Activated, Quarantined, Blocked, Overallocated What do the colours mean in the Token column? (Grey, Green, Red, Grey) - Assigned, Activated, Blocked, Pending token assignment You should block a user when... - they leave the company or their account/credentials are compromised. You should block a token when... - a user loses their phone.
What does a Primary Gateway do? - Synchronises your LDAP users and enables RADIUS authentication and LDAP user authentication. What does a Secondary Gateway do? - LDAP user authentication when primary is not available. Backup RADIUS server. RADIUS client authentication requests. (T/F) You can link more than one RADIUS client resource to a single AuthPoint Gateway. - True You do not have to enable MS-CHAPv2 if... - the IKEv2 VPN client is only used by local AuthPoint users. What is SAML? - a method used to exchange information between a service provider and an identity provider (e.g. Salesforce or Microsoft) To configure SAML, authentication service providers require... - the metadata file or the metadata URL Best places to start troubleshooting AuthPoint issues: - AuthPoint reports, alerts, audit logs, & gateway log files Troubleshooting the AuthPoint Gateway: - Verify that all four services are running (ADFS, Gateway, LDAP, RADIUS), check Windows Event Viewer Troubleshooting RADIUS Authentication: - WatchCloud audit logs, RADIUS logs on the gateway, firebox log messages, client error messages, check RADIUS port is open. Troubleshooting LDAP Authentication: - WatchCloud audit logs, LDAP logs on the gateway, pcap between gateway & LDAP Troubleshooting RD Web: - IIS server files, Event Viewer for RD Services, AuthPoint audit logs To set up the Logon app, you must: - configure a Logon app resource, configure an authentication policy for the app, download installed & configuration file in same directory.
What are the default RADIUS ports? - 1812 & 1645 (T/F) Hardware tokens already imported are automatically assign to new users. - False (T/F) Blocked users cannot log in using their password even when MFA isn't needed. - True Do you need to share location for geofence & geokinetics to work? - No, if you choose to not share your location your IP address will be used instead. A network policy server (NPS) is also known as a - radius server (T/F) If you share a password with a group, then add a user to the group, that user can see the shared password. - True, they get a notification when they join the group to add it