CSPFA Exam Cram™ 2 (Exam 642-521) > AAA Configuration > Exam Prep Questions

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

CSPFA Exam Cram™ 2 (Exam 642-521)

Search

The CSPFA Cram Sheet

A Note from Series Editor Ed Tittel

About the Author

About the Technical Editors

Acknowledgments

We Want to Hear from You!

Introduction

Self-Assessment

Ch. 1. Introduction to Cisco Certification

Ch. 2. Introduction to Network Security Threats

Ch. 3. Basics of the PIX Firewall

Ch. 4. Setting Up a PIX Firewall

Ch. 5. Translations and Connections

Ch. 6. Access Control Lists and Traffic Control

Ch. 7. System Management

Ch. 8. Advanced Protocol Handling and PIX Firewall Features

Ch. 9. Attack Guards and Intrusion Detection

Ch. 10. AAA Configuration

Introduction to AAA Services

AAA Server Protocols

Cisco Secure Access Control Server

Configuring AAA Services

Downloadable Access Control Lists

Authentication of Other Services and Authentication Issues

Ch. 12. IPSec and Virtual Private Networks

Ch. 13. PIX Device Manager

Ch. 14. Advance Management

Ch. 15. Sample Test 1

Ch. 16. Answer Key 1

Ch. 17. Sample Test 2

Ch. 18. Answer Key 2

Appendix A: Resources

Appx. B. What's on the CD-ROM

Appx. C. Using the PrepLogic Practice Exams, Preview Edition Software

Glossary

Index

Exam Prep Questions

Question 1	What does AAA stand for? A. Authentication, authorization, accounting B. Authentication, authentication, accounting C. Authentication, authorization, application D. Authentication, accounting, access control
A1:	Answer A is correct. AAA stands for authentication, authorization, and accounting. Therefore, answers B, C, and D are incorrect.
Question 2	When using AAA commands what does the local parameter mean? A. AAA local requests are sent to a server. B. Only local logins are performed on the remote database. C. Authenticate using a remote local server. D. Authenticate using the local database.
A2:	Answer D is correct. The `local` parameter is used to define that the local database of usernames and passwords should be used, rather than a remote database. Answer A is incorrect because requests are not sent to a server. Answers B and C are incorrect because a local database is used and not a remote server.
Question 3	By default, the PIX supports providing logon credentials for which basic protocols? (Select three.) A. SSL B. Telnet C. HTTP D. IPX E. TFTP F. FTP
A3:	Answers B, C, and F are correct. The PIX supports three basic protocols with cut-through proxy authentication: HTTP, FTP, and Telnet. Therefore, answers A, D, and E are incorrect.
Question 4	When talking about AAA services, what does the acronym ACS stand for? A. Access control server B. Authentication control server C. Accounting Cisco Server D. Authorization Cisco server
A4:	Answer A is correct. ACS stands for Access control server, and it can be used for RADIUS and TACACS+ AAA services. Therefore, answers B, C, and D are incorrect.
Question 5	Which command is used to direct authentication and accounting? A. aaa-server B. aaa authentication C. aaa remote-server D. aaa authorization
A5:	Answer A is correct. The `aaa-server` command, combined with the `group tag`, is used to define where to direct AAA services. Answers B and D are incorrect because the `aaa authentication` and `aaa authorization` commands are used to define which features need checking against the AAA services. Answer C is incorrect because this is an invalid command.
Question 6	If a user fails to authenticate on the PIX with an AAA server, what happens? A. The user gains access. B. The connection is dropped. C. The user is forwarded to the Cisco Web site. D. The user account is disabled.
A6:	Answer B is correct. If a user authentication has failed, the connection is dropped. Answer A is incorrect because the user does not gain access. Answer C incorrect, the user connection is dropped, not forwarded to Cisco's Web site. Answer D is incorrect because the user account is not disabled, only prevented from connecting.
Question 7	Which AAA part denies a person the ability to Telnet? A. Accounting B. Authentication C. Access control D. Authorization
A7:	Answer D is correct. The authorization denies the ability to Telnet. Answer A is incorrect because accounting only tracks what a user does. Answer B is incorrect because authentication prevents a user from logging in—it does not just restrict Telnet. Answer C is not part of the AAA services, so it is incorrect.
Question 8	What is virtual HTTP used for? A. It's a replacement for Linux Web servers. B. It enables Web browsers to work correctly with HTTP authentication. C. It provides authentication for Telnet users. D. It provides a Web interface to configure the PIX firewall.
A8:	Answer B is correct. Virtual HTTP is used to help overcome problematic issues with browsers and internal Web server issues. Answer A is incorrect because it is not a Web server replacement feature. Answer C is incorrect because Virtual HTTP is for HTTP connections. Answer D is incorrect because the PDM is the Web interface for the PIX firewall.
Question 9	What do RADIUS and TACACS+ use for a transport layer protocol? A. TACACS+ uses TCP, and RADIUS uses TCP. B. TACACS+ uses UDP, and RADIUS uses TCP. C. TACACS+ uses TCP, and RADIUS uses UDP. D. TACACS+ uses UDP, and RADIUS uses UDP.
A9:	Answer C is correct. The RADIUS protocol uses UDP, and the TACACS+ protocol uses TCP. The TACACS+ is considered to be more secure than RADIUS because all the payload is encrypted. Therefore, answers A, B, and D are incorrect.
Question 10	Which statement is true about the PIX firewall? A. The PIX supports only local AAA services. B. The PIX supports local, RADIUS, and TACACS+. C. The PIX supports only local and RADIUS. D. The PIX supports only TACACS+ and RADIUS.
A10:	Answer B is correct. The PIX firewall supports local, RADIUS, and TACACS+. Separate groups can be created for different types of traffic, and each group can point to a different RADIUS or TACACS+ server. Therefore, answers A, C, and D are incorrect because the PIX supports local, RADIUS, and TACACS+.
Question 11	Which statement is true about downloadable ACLs? A. They're supported on RADIUS and not TACACS+. B. They're supported on TACACS+ and not RADIUS. C. They're supported on both RADIUS and TACACS+. D. They're not supported on RADIUS or TACACS+.
A11:	Answer A is correct. Cisco supports downloadable ACLs on RADIUS and not TACACS+. Therefore, answers B, C, and D are incorrect.
Question 12	Which statements are true about named downloadable ACLs? (Select two.) A. They are supported on TACACS+. B. They are shared among PIX firewalls and users. C. They are shared among PIX firewalls but not users. D. They are supported on RADIUS.
A12:	Answers B and D are correct. Named ACLs are shared between users and PIX firewalls, and Cisco supports downloadable ACLs on RADIUS and not TACACS+. Answer A is incorrect because downloadable ACLs are only supported on RADIUS not TACACS+. Answer C is incorrect because named access lists can be shared among users. Unnamed access lists are not shared among users.

You are currently reading a PREVIEW of this book.

Get instant access to over
$1 million worth of books and videos.

Start a Free Trial

Download Safari Books Online apps: Apple iOS | Android

This Book

Search

Contents

Chapter 10. AAA Configuration > Exam Prep Questions

Exam Prep Questions