CCSP SECUR FAQ : Authentication Proxy and the Cisco IOS Firewall
Q1. Authentication proxy enables administrators to restrict access to resources .
A. by IP address of the source.
B. by the IP address of the destination.
C. on a per-user basis.
D. by limiting groups to a specific resource.
E. on a cache-limit basis.
Q2. Authentication proxy is not a transparent service because .
A. it only works with HTTP.
B. it requires the user to input a username and password.
C. it can block access to the requested resource.
D. it can only be configured to allow outbound access.
Q3. How is authentication proxy triggered?
A. By an HTTP request to the firewall
B. By an FTP request to the destination
C. By an HTTP request to the AAA server
D. By an HTTP request to the destination
E. By a telnet request to the firewall
Q4. Authentication proxy first became available with what version of the Cisco IOS Software?
Q5. What configuration mode should you be in on the Cisco IOS firewall to configure AAA?
A. EXEC mode
B. Interface configuration mode
C. AAA configuration mode
D. Global configuration mode
E. Remote configuration mode
Q6. What command enables AAA on the Cisco IOS firewall?
A. aaa new-model
D. aaa authentication
E. config aaa
Q7. What command shows the Cisco IOS firewall host name on the login page?
A. aaa banner
B. ip auth-proxy auth-proxy-banner
C. show hostname
D. ip auth-proxy login banner
E. None of the above
Q8. What are the two authentication protocols supported by the CSACS and used for authentication proxy? (Choose two.)
Q9. Where do you add the authentication proxy as a new service on the CSACS? (Choose two.)
A. Network configuration window
B. Administration Control window
C. Protocol configuration window
D. Interface configuration window
E. TACACS Services window
Q10. What happens if the user has previously authenticated and that authentication has not timed out?
Q11. If you are using NAT with authentication proxy, what other feature must you also use?
Q12. What are the three steps for configuring authentication proxy on the Cisco IOS firewall?
Q13. True or False: The host name is required on the HTTP login page to ensure that users log in to the correct firewall?
Q14. What are the three steps for configuring TACACS+ on the CSACS?
Q15. Where is the Cisco IOS firewall configured on the CSACS?
Q16. Where are dynamic ACLs configured on the CSACS for RADIUS?
Q17. What must be running on the client browser to ensure secure login?
Q18. What happens if you attempt authentication proxy using SSL?
Q19. How many AAA servers can you match with a single Cisco IOS firewall for authentication proxy?