Chapter Review

Chapter Review

Remote dial-up connections to the corporate network are made up of several dial-in technologies, including modem and ISDN connections, as well as virtual connections via the Internet. Access control is the process of controlling who can access the network and what resources they’re allowed to use. Cisco’s Authentication, Authorization, and Accounting (AAA) network security services configured on a router or network server implement this access control.

The three security components of AAA are designed to let you define and configure the type of authentication, authorization, and accounting in a detailed and consistent manner through the use of method lists, and then apply those method lists to specific services or interfaces according to your security plan. Method lists define a sequence of implementation processes that allow backup methods in case the initial method fails.

Authentication is the process of identifying users through user name and password verification methods that allow only approved individuals to access the network.

Authorization is the process of matching authenticated users with the permissions or privileges to use network resources

Accounting is the process of tracking or logging the different types of resources or services the remote users are accessing. This data can then be analyzed for auditing, troubleshooting, network management, and network planning client billing. The AAA databases can be remotely stored on one or more TACACS+ or RADIUS servers. Authentication and authorization databases can be stored locally on the access server.

AAA benefits include

  • Scalability

  • Flexibility and granularity

  • Multiple implementation methods, which provide redundancy

  • Support of standard authentication methods, such as RADIUS, TACACS+, and Kerberos

Questions

1.?

Which of the following is not one of the three components of AAA?

  1. Accounting

  2. Acknowledgement

  3. Authorization

  4. Authentication

 B. Acknowledgement

2.?

Which one of the following is the process of determining what devices, features, or services a specific remote user has permission to access in the network, such as network resources or services?

  1. Accounting

  2. Acknowledgement

  3. Authorization

  4. Authentication

 C. Authorization

3.?

Which of the following is a term for the router with interfaces designed to service the remote users of the company?

  1. Remote server

  2. NAS

  3. Access point

  4. Authentication server

 B. NAS

4.?

Which one of the following is not one of the three security protocols to control dial-up access into networks supported by AAA?

  1. TACACS+

  2. Kerberos

  3. RADIUS

  4. ASICS

 D. ASICS

5.?

Which of the following security protocols is considered legacy and is supported for those organizations already implementing it?

  1. TACACS+

  2. Kerberos

  3. RADIUS

  4. ASICS

 B. Kerberos

6.?

Which of the following is a security protocol developed by Livingston Enterprises, Inc., now a division of Lucent Technologies?

  1. TACACS+

  2. Kerberos

  3. RADIUS

  4. ASICS

 C. RADIUS

7.?

Which of the following is a security protocol developed by MIT?

  1. TACACS+

  2. Kerberos

  3. RADIUS

  4. ASICS

 B. Kerberos

8.?

Which of the following is a security protocol developed by Cisco and submitted to IETF as a proposed standard?

  1. TACACS+

  2. Kerberos

  3. RADIUS

  4. ASICS

 A. TACACS+

9.?

Which of the following is not an advantage of TACACS+ over RADIUS?

  1. Uses TCP for connections

  2. Supports multiple protocols, including ARAP, NASI, and X.25 PAD

  3. Fully supports the AAA architecture by separating the components

  4. Supports server-based security databases

 D. Supports server-based security databases (They both support this feature.)

10.?

Which command enables the AAA access control model on the router?

  1. tacacs-server host

  2. radius-server host

  3. aaa new-model

  4. tacacs-server key key

 C.  aaa new-model

11.?

Which command identifies the TACACS+ server host to be used for authentication?

  1. Rtr1(config)#tacacs-server key seattle19

  2. Rtr1(config-if)#tacacs-server key seattle19

  3. Rtr1(config)#tacacs-server host Seattle

  4. Rtr1(config-if)#tacacs-server host Seattle

 C.  Rtr1(config)#tacacs-server host Seattle

12.?

In the following command, what is the first authentication method? aaa authentication login XYZ-access group tacacs+ enable none

  1. Group servers

  2. TACACS+

  3. enable password

  4. None

 B. TACACS+

13.?

Which of the following combines the authentication and authorization into a single database?

  1. TACACS+

  2. Kerberos

  3. RADIUS

  4. None of the above

 C. RADIUS

14.?

Which command verifies network connectivity between the NAS and the AAA server?

  1. show running-config

  2. show tacacs

  3. debug tacacs

  4. debug aaa authentication

 B.  show tacacs

15.?

Which of the following is not an AAA benefit?

  1. Scalability.

  2. Automatic installation and configuration.

  3. Flexibility and granularity.

  4. Multiple implementation methods provide redundancy.

 B. Automatic installation and configuration.

Answers

1.?

B. Acknowledgement

2.?

C. Authorization

3.?

B. NAS

4.?

D. ASICS

5.?

B. Kerberos

6.?

C. RADIUS

7.?

B. Kerberos

8.?

A. TACACS+

9.?

D. Supports server-based security databases (They both support this feature.)

10.?

C. aaa new-model

11.?

C. Rtr1(config)#tacacs-server host Seattle

12.?

B. TACACS+

13.?

C. RADIUS

14.?

B. show tacacs

15.?

B. Automatic installation and configuration.




Part III: Virtual Private Networks (VPNs)