CCNP Security FAQ : Overview of AAA and the Cisco Security Appliance

CCNP Security FAQ : Overview of AAA and the Cisco Security Appliance

Q1. Which platform does Cisco Secure ACS for Windows version 3.3 currently support?
A. Windows XP Professional
B. Windows 2000 Server
C. Windows NT Workstation
D. Windows 2000 Professional

Answer: B

Q2. What is a new feature of Cisco Secure ACS for Windows version 3.3?
A. A password generator
B. A password database
C. Additional configuration steps for your Cisco IOS Network Access Server
D. New graphics and tables

Answer: C

Q3. If you are installing Cisco Secure ACS 3.2 for Windows and do not understand a configuration option, what should you do?
A. Check the explanation page.
B. Push F7 for help.
C. Select the About Cisco Secure ACS drop-down option.
D. Open a case with Cisco TAC.

Answer: A

Q4. Which of the following are not connection types for authenticating to a Security Appliance? (Select all that apply.)
A. Telnet
B. SSH
C. FTP
D. HTTPS

Answer: B, D

Q5. When installing Cisco Secure ACS version 3.3 for Windows, you have the option to authenticate users against an existing user database. Which database can you check?
A. A currently configured Cisco Secure ACS
B. Any RADIUS server on the network
C. The primary domain controller (PDC)
D. The Windows user database

Answer: D

Q6. What access does cut-through proxy allow a user after they have successfully authenticated?
A. Access to anything on the network
B. Access only to web servers
C. Access based on the user profile (authorization)
D. Access only to the Cisco Secure ACS

Answer: C

Q7. What options are available to authenticate users on a Security Appliance?
A. Local user database
B. Remote RADIUS server
C. Remote TACACS+ server
D. All of the above
E. None of these answers are correct

Answer: D

Q8. What technologies does the Cisco Secure ACS use to communicate with the NAS? (Choose two.)
A. TACACS
B. RADIUS
C. TACACS+
D. RADIUS+
E. Virtual Telnet

Answer: B, C

Q9. What does the Cisco Secure ACS consider the Security Appliance to be (i.e., what is it referred to as during configuration of the Cisco Secure ACS)?
A. A perimeter security device.
B. A Network Access Server.
C. Cisco Secure ACS does not work with the Security Appliance.
D. None of these answers are correct

Answer: B

Q10. What is the relationship between the Cisco Security Appliance and the AAA server?

Answer: The Cisco Security Appliance acts as the AAA client to the Cisco Secure ACS (AAA Server). Although the Security Appliance acts as the AAA client, it is referred to as the network access server (NAS) when configuring the Cisco Secure ACS.

Q11. Name three methods used to authenticate to the Cisco Security Appliance.

Answer: HTTP, Telnet, and FTP are the three methods used to authenticate to the Cisco Security Appliance.

Q12. How does the Cisco Security Appliance process cut-through proxy?

Answer: The user connects to the Security Appliance using HTTP, FTP, or Telnet, and the Security Appliance either authenticates to a local database or forwards the authentication request to the AAA server. After the authentication is completed, the Security Appliance allows whatever connection is authorized by the rulebase for that user.

Q13. What are the main differences between RADIUS and TACACS+?

Answer: RADIUS is connectionless and combines the authentication components. TACACS+ is connection-oriented and sends the authentication and authorization separately.

Q14. What patch level must you have Windows 2000 Professional configured to before you install Cisco Secure ACS?

Answer: Trick question . . . Cisco Secure ACS must be installed on Windows 2000 Server.

Q15. Why is it important to authenticate a user before you complete authorization?

Answer: Permissions can be assigned only after the user account has been authenticated.

Q16. What are the three layers of authentication?

Answer: The three layers of authentication are something you know (password), something you have (token), and something you are (biometrics).

Q17. What is the purpose of the Explain button during the Cisco Secure ACS installation?

Answer: Clicking the Explain button opens a window that explains the possible configuration options for the window in which the button appears.

Q18. What do you need to verify before installing Cisco Secure ACS?

Answer: You need to verify that the systems are up to date, meet the minimum hardware/ browser requirements, and have connectivity with the Cisco Security Appliance (NAS).

Q19. Why is it important to have Internet Explorer up to date on your Cisco Secure ACS?

Answer: Cisco Secure ACS is managed via a browser-based web interface and has specific minimum browser requirements.

Q20. True or false: With authorization configured, cut-through proxy authenticates users and then allows them to connect to anything.

Answer: False. Cut-through proxy allows users to access only resources to which they have been authorized access.

Q21. True or false: The Cisco Secure ACS installation on Windows Server is a relatively simple, wizard-based installation.

Answer: True. The Cisco Secure ACS installation uses an installation wizard.

More Resources

About the author

Scott

Leave a Comment