Home > Articles > Cisco Certification > CCIE > CCIE Self-Study: Security Protocols

CCIE Self-Study: Security Protocols

Chapter Description

This chapter covers some of today's most widely used technologies that enable network administrators to ensure that sensitive data is secure from unauthorized sources. Standards such as IP Security (IPSec) and encryption standards are covered, as are all the fundamental foundation topics you need to understand to master the topics covered in the CCIE Security written exam.

Q & A

The Q & A questions are designed to help you assess your readiness for the topics covered on the CCIE Security written exam and those topics presented in this chapter. This format should help you assess your retention of the material. A strong understanding of the answers to these questions will help you on the CCIE Security written exam. You can also look over the questions at the beginning of the chapter again for further review. As an additional study aid, use the CD-ROM provided with this book to take simulated exams, which draw from a database of over 500 multiple-choice questions.

Answers to these questions can be found in Appendix A, "Answers to Quiz Questions."

  1. Define the AAA model and a typical application on a Cisco IOS router.
  2. Can you allow a remote user authorization before the user is authenticated with AAA?
  3. What IOS command is required when enabling AAA for the first time?
  4. What is the privilege level of the following user? Assume AAA is not configured.
  5. Define four possible RADIUS responses when authenticating the user through a RADIUS server.
  6. What are RADIUS attributes? Supply five common examples.
  7. What protocols does RADIUS use when sending messages between the server and client?
  8. What predefined destination UDP port number is RADIUS accounting information sent to?
  9. What does the following Cisco IOS software command accomplish on a Cisco IOS router?
  10. aaa authentication ppp user-radius if-needed group radius
  11. What is the RADIUS server IP address and key for the following configuration?
    radius-server host
    radius-server key GuitarsrocKthisplaneT
  12. TACACS+ is transported over what TCP server port number?
  13. What information is encrypted between a Cisco router and a TACACS+ server?
  14. What are the four possible packet types from a TACACS+ server when a user attempts to authenticate a Telnet session to a Cisco router configured for AAA, for example?
  15. What is the significance of the sequence number in the TACACS+ frame format?
  16. What does the following IOS command accomplish?
    aaa authentication ppp default if-needed group tacacs+ local
  17. What IOS command defines the remote TACACS+ server?
  18. What are the major difference between TACACS+ and RADIUS?



    Packet delivery



    Packet encryption

    Encrypts only the password in the access-request packet from the client to the server.

    Encrypts the entire body of the packet but leaves a standard TCP header.

    AAA support

    Combines authentication and authorization. Accounting is handled differently.

    Uses the AAA architecture, separating authentication, authorization, and accounting.

    Multiprotocol support


    Supports other protocols, such as AppleTalk, NetBIOS, and IPX.

    Router management

    Does allow users to control which commands can be executed on a router. Can pass a privilege level down to the router, which can then be used locally for command authorization.

    Enables network administrators to control which commands can be executed on a router.

  19. What are the three most common threats from intruders that network administrators face?
  20. What is a hash in encryption terminology?
  21. Name the two modes of operation in IPSec and their characteristics.
  22. What does IKE accomplish?
  23. Certificate Enrollment Protocol is transported over what TCP port?
11. Scenario: Configuring Cisco Routers for IPSec | Next Section Previous Section