CCNP Security FAQ : Configuration of AAA on the Cisco Security Appliance
Q1. What is the best way to authenticate an H.323 connection?
A. Authenticate to the H.323 server
B. Telnet to the H.323 server
C. Virtual Telnet to the PIX Firewall for authentication
D. Virtual HTTP to the Cisco Secure ACS for authentication
Q2. What three services are used to authenticate by default in the Cisco Security Appliance?
A. FTP, HTTP, HTTPS
B. FTP, Telnet, SSH
C. Auth-proxy, Local-auth, console
D. FTP, HTTPS, Telnet
E. None of these answers are correct
Q3. Which options are mandatory in every aaa authentication command on the PIX Firewall? (Select all that apply.)
Q4. How do you configure client IP address assignment on the Cisco Secure ACS when using the Security Appliance as the AAA client?
A. Edit the AAA-client IP address in the System Configuration window.
B. Edit the AAA-client information in the Network Configuration window.
C. Edit the AAA Server information in the Interface Configuration window.
D. Edit the Security Appliance information in the Network Configuration window.
E. None of these answers are correct.
Q5. Why is it a good idea to rename your groups in Cisco Secure ACS?
A. To get the groups into a hierarchical format.
B. To increase the performance of the Cisco Secure ACS.
C. To simplify administration of users and groups.
D. You cannot rename groups after they have been created.
E. None of these answers are correct.
Q6. You are trying to create downloadable IP ACLs in Cisco Secure ACS, but the option is not available. What are two possible reasons?
A. You are running an older version of Cisco Secure ACS that does not support downloadable ACLs.
B. The Security Appliance cannot connect to the Cisco Secure ACS.
C. Your authentication protocol is not RADIUS.
D. You do not have User-Level or Group-Level Downloadable ACLs selected in the Interface Configuration window, Advanced Options pane.
Q7. Where do you see the logs on the Cisco Secure ACS?
A. Interface Configuration window
B. Reports and Activity window
C. Network Configuration window
D. System Configuration window
Q8. You are installing Cisco Secure ACS on your new Windows 2000 Professional, but you cannot get it to load correctly. What is most likely the problem?
A. Cisco Secure ACS requires server software.
B. Your patch level is not up to date.
C. You are running a personal firewall or host-based IDS that is blocking the installation.
D. You do not have administrative privileges on that system.
E. All of these answers are correct.
Q9. Cisco Secure ACS comes with its own online documentation.
Q10. The show aaa command shows you everything that has to do with your AAA server in its configuration.
Q11. What happens to virtual HTTP if you disable timeout uauth absolute?
A. The user cannot authenticate.
B. The user authenticates and never has to reauthenticate because the connection stays open.
C. The user can authenticate but cannot connect to the server.
D. None of these answers are correct
Q12. Both your Cisco Security Appliance and your Cisco Secure ACS are configured for TACACS+, but you cannot configure the downloadable Security Appliance ACLs. What is the problem?
Q13. What is the command to get authorization to work with access lists?
Q14. What Cisco Secure ACS window is used to configure the Security Appliance, and what is the firewall considered?
Q15. How do you put text messages into the logon prompt for a Telnet session?
Q16. What three messages can you change with the auth-prompt command?
Q17. If your timeout uauth is set to 0:58:00, when is the user prompted to reauthenticate after the session times out?
Q18. What two formats can logs be written to using the Cisco Secure ACS?
Q19. You have added a new RSA SecurID Token Server to the network. In which two places do you configure the Cisco Secure ACS to use it?
Q20. What commands are most commonly used to check your AAA configuration on the Security Appliance?
Q21. What is the total number of AAA servers to which the Security Appliance can connect?
Q22. How do you disable caching of user authentication?