CCNP Security FAQ: Fundamentals of AAA
Figure: Device administration.
Q1. Which of the following best describes the difference between authentication and authorization?
a. There is no difference between authentication and authorization.
b. Authorization determines what a user may do, whereas an authentication determines what devices the user can interact with.
c. Authentication is used with both network access and device administration, whereas authorization applies only to device administration.
d. Authentication validates the user’s identity, whereas authorization determines what that user is permitted to do.
Q2. Which of the following are types of AAA as related to the topics of this exam? (Select two.)
a. Device administration
b. Device access
c. A division of minor league baseball
d. Network access
e. Network administration
Q3. Which of the following protocols is best suited for granular command-level control with device administration AAA?
a. DIAMETER
b. TACACS+
c. RADIUS
d. RADIUS+
Q4. Which of the following protocols is best suited for authenticating and authorizing a user for network access AAA?
a. TACACS+
b. CHAP
c. RADIUS
d. MS-CHAPv2
Q5. True or False? RADIUS can be used for device administration AAA.
a. True
b. False
Q6. Which of the following Cisco products should be used for device administration with TACACS+?
a. Cisco Secure Access Control Server (ACS)
b. Cisco Identity Services Engine
c. Cisco TACACS+ Control Server (TCS)
d. Cisco Centri
Q7. Why is RADIUS or TACACS+ needed? Why can’t the end user authenticate directly to the authentication server?
a. The added level of complexity helps Cisco and other vendors to sell more products.
b. Because the names sound so cool.
c. RADIUS and TACACS+ are used between the end user and the authentication server.
d. Both RADIUS and TACACS+ extend the Layer-2 authentication protocols, allowing the end user to communicate with an authentication server that is not Layer-2 adjacent.
Q8. Which of the following are TACACS+ messages sent from the AAA client to the AAA server? (Select all that apply.)
a. START
b. REPLY
c. CHALLENGE
d. REQUEST
Q9. When using RADIUS, what tells the AAA server which type of action is being authenticated?
a. The TACACS+ service.
b. The Service-Type field.
c. RADIUS does not distinguish between different services.
d. The action AV-pair.
Q10. Which of the following best describes an AV-pair?
a. When communicating with an AAA protocol, the AV-pair stipulates a common attribute or object and its assigned value.
b. Cisco likes to throw in terms to confuse the reader.
c. The AV-pair is used to choose either TACACS+ or RADIUS.
d. The AV-pair is used to specify the quality of service (QoS) for audio and video traffic.