Q & A
The Q & A questions are designed to help you assess your readiness for the topics covered on the CCIE Security written exam and those topics presented in this chapter. This format should help you assess your retention of the material. A strong understanding of the answers to these questions will help you on the CCIE Security written exam. You can also look over the questions at the beginning of the chapter again for further review. As an additional study aid, use the CD-ROM provided with this book to take simulated exams, which draw from a database of over 500 multiple-choice questions.
Answers to these questions can be found in Appendix A, "Answers to Quiz Questions."
- Define the AAA model and a typical application on a Cisco IOS router.
- Can you allow a remote user authorization before the user is authenticated with AAA?
- What IOS command is required when enabling AAA for the first time?
- What is the privilege level of the following user? Assume AAA is not configured.
- Define four possible RADIUS responses when authenticating the user through a RADIUS server.
- What are RADIUS attributes? Supply five common examples.
- What protocols does RADIUS use when sending messages between the server and client?
- What predefined destination UDP port number is RADIUS accounting information sent to?
- What does the following Cisco IOS software command accomplish on a Cisco IOS router?
- What is the RADIUS server IP address and key for the following configuration?
radius-server host 220.127.116.11 radius-server key GuitarsrocKthisplaneT
- TACACS+ is transported over what TCP server port number?
- What information is encrypted between a Cisco router and a TACACS+ server?
- What are the four possible packet types from a TACACS+ server when a user attempts to authenticate a Telnet session to a Cisco router configured for AAA, for example?
- What is the significance of the sequence number in the TACACS+ frame format?
- What does the following IOS command accomplish?
aaa authentication ppp default if-needed group tacacs+ local
- What IOS command defines the remote TACACS+ server?
- What are the major difference between TACACS+ and RADIUS?
Encrypts only the password in the access-request packet from the client to the server.
Encrypts the entire body of the packet but leaves a standard TCP header.
Combines authentication and authorization. Accounting is handled differently.
Uses the AAA architecture, separating authentication, authorization, and accounting.
Supports other protocols, such as AppleTalk, NetBIOS, and IPX.
Does allow users to control which commands can be executed on a router. Can pass a privilege level down to the router, which can then be used locally for command authorization.
Enables network administrators to control which commands can be executed on a router.
- What are the three most common threats from intruders that network administrators face?
- What is a hash in encryption terminology?
- Name the two modes of operation in IPSec and their characteristics.
- What does IKE accomplish?
- Certificate Enrollment Protocol is transported over what TCP port?
aaa authentication ppp user-radius if-needed group radius